Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira findet erst JS.Expack.EM und dann Spy.Zbot

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.02.2013, 14:06   #1
numbi
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Hallo liebe Menschen,

folgendes ist mir widerfahren:
Als ich neulich ausnahmsweise mal mit dem Internet Explorer (statt FF) unterwegs war, meldete Avira einen JS.Expack.EM. Dieser wurde in Quarantäne verschoben oder gelöscht und dann war erst mal wieder alles OK. Die nächsten Tage war der Rechner dann sehr langsam. Heute dann der Fund von Spy.Zbot. Zunächst habe ich einen Avira-Suchlauf gemacht und danach einen Schnellsuchlauf mit Malwarebytes Anti-Malware. Danach bin ich der Anleitung hier im Forum gefolgt. Folgende Logs sind dabei herausgekommen:

Avira 1:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 25. Februar 2013  22:13

Es wird nach 5079638 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : USER-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 23:54:21
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  11.05.2012 18:38:32
LUKE.DLL       : 12.3.0.15      68304 Bytes  11.05.2012 18:38:32
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  11.05.2012 18:38:33
AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 18:38:33
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 19:37:29
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 19:37:32
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 09:23:44
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 06:51:07
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 21:21:03
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 21:51:57
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 21:51:57
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 21:51:57
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 21:51:57
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 21:51:57
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 15:57:25
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 15:57:25
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 10:34:08
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 11:13:29
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 11:13:30
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 20:21:34
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 20:21:35
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 20:21:35
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 16:21:37
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 16:21:37
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 16:21:22
VBASE024.VDF   : 7.11.62.158     2048 Bytes  25.02.2013 16:21:22
VBASE025.VDF   : 7.11.62.159     2048 Bytes  25.02.2013 16:21:23
VBASE026.VDF   : 7.11.62.160     2048 Bytes  25.02.2013 16:21:23
VBASE027.VDF   : 7.11.62.161     2048 Bytes  25.02.2013 16:21:23
VBASE028.VDF   : 7.11.62.162     2048 Bytes  25.02.2013 16:21:23
VBASE029.VDF   : 7.11.62.163     2048 Bytes  25.02.2013 16:21:23
VBASE030.VDF   : 7.11.62.164     2048 Bytes  25.02.2013 16:21:23
VBASE031.VDF   : 7.11.62.170    29184 Bytes  25.02.2013 16:21:23
Engineversion  : 8.2.12.8  
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 21:10:17
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  23.02.2013 16:21:41
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 21:45:40
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 09:44:10
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 20:45:16
AEPACK.DLL     : 8.3.1.10      815480 Bytes  19.02.2013 20:21:36
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 19:55:33
AEHEUR.DLL     : 8.1.4.218    5792121 Bytes  23.02.2013 16:21:41
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 14:10:44
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.01.2013 19:05:29
AEEXP.DLL      : 8.4.0.4       188789 Bytes  23.02.2013 16:21:41
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 21:10:16
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 20:21:36
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 19:55:23
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  11.05.2012 18:38:32
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 23:54:20
AVREP.DLL      : 12.3.0.15     179208 Bytes  11.05.2012 18:38:33
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 23:54:20
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  11.05.2012 18:38:32
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  11.05.2012 18:38:33
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 14:58:15
NETNT.DLL      : 12.3.0.15      17104 Bytes  11.05.2012 18:38:32
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 14:57:55
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 23:54:19

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_512b4eb4\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Montag, 25. Februar 2013  22:13

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'Detokiyova.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Detokiyova.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Detokiyova.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess '35E3.tmp' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess '420A.tmp' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jp2launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'qiesbyi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jp2launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'simfy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_168.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_168.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pidgin.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueCrypt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeePassX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'polipo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpn-gui-1.0.3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ovpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WG111v3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ANT Agent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vidalia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'capiws.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dirmngr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyncService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIWPZMMN\contract-western_joy_must[1].htm'
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIWPZMMN\contract-western_joy_must[1].htm
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JS.Expack.EM
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55607cd1.qua' verschoben!


Ende des Suchlaufs: Montag, 25. Februar 2013  22:16
Benötigte Zeit: 02:51 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     77 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     76 Dateien ohne Befall
      2 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         
Avira 2
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 28. Februar 2013  11:40

Es wird nach 5100054 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : USER-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 23:54:21
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  11.05.2012 18:38:32
LUKE.DLL       : 12.3.0.15      68304 Bytes  11.05.2012 18:38:32
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  11.05.2012 18:38:33
AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 18:38:33
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 19:37:29
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 19:37:32
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 09:23:44
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 06:51:07
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 21:21:03
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 21:51:57
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 21:51:57
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 21:51:57
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 21:51:57
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 21:51:57
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 15:57:25
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 15:57:25
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 10:34:08
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 11:13:29
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 11:13:30
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 20:21:34
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 20:21:35
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 20:21:35
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 16:21:37
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 16:21:37
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 16:21:22
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 10:31:11
VBASE025.VDF   : 7.11.62.238     2048 Bytes  27.02.2013 10:31:11
VBASE026.VDF   : 7.11.62.239     2048 Bytes  27.02.2013 10:31:11
VBASE027.VDF   : 7.11.62.240     2048 Bytes  27.02.2013 10:31:11
VBASE028.VDF   : 7.11.62.241     2048 Bytes  27.02.2013 10:31:11
VBASE029.VDF   : 7.11.62.242     2048 Bytes  27.02.2013 10:31:11
VBASE030.VDF   : 7.11.62.243     2048 Bytes  27.02.2013 10:31:11
VBASE031.VDF   : 7.11.63.26    109056 Bytes  28.02.2013 10:31:12
Engineversion  : 8.2.12.8  
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 21:10:17
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  23.02.2013 16:21:41
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 21:45:40
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 09:44:10
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 20:45:16
AEPACK.DLL     : 8.3.1.10      815480 Bytes  19.02.2013 20:21:36
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 19:55:33
AEHEUR.DLL     : 8.1.4.218    5792121 Bytes  23.02.2013 16:21:41
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 14:10:44
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.01.2013 19:05:29
AEEXP.DLL      : 8.4.0.4       188789 Bytes  23.02.2013 16:21:41
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 21:10:16
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 20:21:36
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 19:55:23
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  11.05.2012 18:38:32
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 23:54:20
AVREP.DLL      : 12.3.0.15     179208 Bytes  11.05.2012 18:38:33
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 23:54:20
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  11.05.2012 18:38:32
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  11.05.2012 18:38:33
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 14:58:15
NETNT.DLL      : 12.3.0.15      17104 Bytes  11.05.2012 18:38:32
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 14:57:55
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 23:54:19

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_512f30c0\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Donnerstag, 28. Februar 2013  11:40
C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe
  [FUND]      Ist das Trojanische Pferd TR/Spy.ZBot.jhue.1
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Der Systemwiederstellungspunkt wurde erfolgreich angelegt.
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich entfernt.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'polipo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpn-gui-1.0.3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'qiesbyi.exe' - '1' Modul(e) wurden durchsucht
  Modul ist infiziert -> <C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe>
  [FUND]      Ist das Trojanische Pferd TR/Spy.ZBot.jhue.1
  [HINWEIS]   Prozess 'qiesbyi.exe' wurde beendet
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57c1948a.qua' verschoben!
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich repariert.
Durchsuche Prozess 'ovpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WG111v3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'capiws.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ANT Agent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vidalia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dirmngr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyncService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe
  [FUND]      Ist das Trojanische Pferd TR/Spy.ZBot.jhue.1
  [HINWEIS]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [HINWEIS]   Die Datei existiert nicht!

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe'
Der zu durchsuchende Pfad C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.


Ende des Suchlaufs: Donnerstag, 28. Februar 2013  11:44
Benötigte Zeit: 03:35 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   4938 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
   4935 Dateien ohne Befall
     44 Archive wurden durchsucht
      1 Warnungen
      2 Hinweise
         
Avira 3:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 28. Februar 2013  11:42

Es wird nach 5100054 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : USER-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 23:54:21
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  11.05.2012 18:38:32
LUKE.DLL       : 12.3.0.15      68304 Bytes  11.05.2012 18:38:32
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  11.05.2012 18:38:33
AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 18:38:33
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 19:37:29
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 19:37:32
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 09:23:44
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 06:51:07
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 21:21:03
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 21:51:57
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 21:51:57
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 21:51:57
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 21:51:57
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 21:51:57
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 15:57:25
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 15:57:25
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 10:34:08
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 11:13:29
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 11:13:30
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 20:21:34
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 20:21:35
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 20:21:35
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 16:21:37
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 16:21:37
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 16:21:22
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 10:31:11
VBASE025.VDF   : 7.11.62.238     2048 Bytes  27.02.2013 10:31:11
VBASE026.VDF   : 7.11.62.239     2048 Bytes  27.02.2013 10:31:11
VBASE027.VDF   : 7.11.62.240     2048 Bytes  27.02.2013 10:31:11
VBASE028.VDF   : 7.11.62.241     2048 Bytes  27.02.2013 10:31:11
VBASE029.VDF   : 7.11.62.242     2048 Bytes  27.02.2013 10:31:11
VBASE030.VDF   : 7.11.62.243     2048 Bytes  27.02.2013 10:31:11
VBASE031.VDF   : 7.11.63.26    109056 Bytes  28.02.2013 10:31:12
Engineversion  : 8.2.12.8  
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 21:10:17
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  23.02.2013 16:21:41
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 21:45:40
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 09:44:10
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 20:45:16
AEPACK.DLL     : 8.3.1.10      815480 Bytes  19.02.2013 20:21:36
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 19:55:33
AEHEUR.DLL     : 8.1.4.218    5792121 Bytes  23.02.2013 16:21:41
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 14:10:44
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.01.2013 19:05:29
AEEXP.DLL      : 8.4.0.4       188789 Bytes  23.02.2013 16:21:41
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 21:10:16
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 20:21:36
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 19:55:23
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  11.05.2012 18:38:32
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 23:54:20
AVREP.DLL      : 12.3.0.15     179208 Bytes  11.05.2012 18:38:33
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 23:54:20
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  11.05.2012 18:38:32
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  11.05.2012 18:38:33
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 14:58:15
NETNT.DLL      : 12.3.0.15      17104 Bytes  11.05.2012 18:38:32
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 14:57:55
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 23:54:19

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_512f30c0\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Donnerstag, 28. Februar 2013  11:42
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Der Systemwiederstellungspunkt wurde erfolgreich angelegt.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'polipo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpn-gui-1.0.3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'qiesbyi.exe' - '1' Modul(e) wurden durchsucht
  Modul ist infiziert -> <C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe>
  [FUND]      Ist das Trojanische Pferd TR/Spy.ZBot.jhue.1
  [WARNUNG]   Der Prozess <qiesbyi.exe> konnte nicht beendet werden. Mögliche Ursache: Systemfehler [5]: Zugriff verweigert
  [HINWEIS]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [HINWEIS]   Die Datei existiert nicht!
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich repariert.
Durchsuche Prozess 'ovpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WG111v3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'capiws.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ANT Agent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vidalia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dirmngr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyncService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht


Ende des Suchlaufs: Donnerstag, 28. Februar 2013  11:53
Benötigte Zeit: 02:42 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   4936 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
   4934 Dateien ohne Befall
     44 Archive wurden durchsucht
      2 Warnungen
      1 Hinweise
         
Anti-Malware:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [Administrator]

28.02.2013 11:53:31
mbam-log-2013-02-28 (11-53-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 273358
Laufzeit: 6 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\user\Desktop\fvsetup_2_5.exe (PUP.SpyBoss) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:24 on 28/02/2013 (user)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
OTL.Txt (eine Extra.txt wurde nicht ausgegeben)
Code:
ATTFilter
OTL logfile created on: 28.02.2013 12:35:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,19% Memory free
7,99 Gb Paging File | 6,59 Gb Available in Paging File | 82,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 38,96 Gb Total Space | 0,93 Gb Free Space | 2,37% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 12,28 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 0,33 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.28 12:32:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.16 11:17:14 | 000,182,784 | ---- | M] () -- D:\Program Files\Allway Sync\Bin\SyncService.exe
PRC - [2012.08.08 15:58:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.11 19:38:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.11 19:38:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.29 15:19:26 | 000,020,880 | ---- | M] () -- D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.28 14:13:48 | 000,242,176 | ---- | M] () -- D:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2010.06.17 20:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.09.06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 03:09:04 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.10 20:44:01 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013.01.10 20:42:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:42:45 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 02:18:14 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.10 02:18:03 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.10 02:17:57 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.10 02:17:55 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.10 02:17:54 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 02:17:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 02:17:52 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 02:17:51 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 02:17:46 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011.10.08 14:29:34 | 000,115,137 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
MOD - [2011.09.29 15:19:26 | 000,020,880 | ---- | M] () -- D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.19 17:48:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.13 00:49:35 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.16 11:17:14 | 000,182,784 | ---- | M] () [Auto | Running] -- D:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.11 19:38:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.11 19:38:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011.07.01 10:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.08.18 22:10:48 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.07.28 14:13:48 | 000,242,176 | ---- | M] () [Auto | Running] -- D:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010.07.26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- D:\Program Files\Treiber\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.09.06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.20 15:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.08.20 15:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012.08.20 11:48:46 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012.05.11 19:38:33 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.11 19:38:33 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011.07.01 10:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.18 09:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.05.18 09:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.05.18 09:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.05.18 09:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.05.18 09:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.05.18 09:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.05.13 19:35:22 | 000,044,480 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.08.12 05:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.08.06 00:39:02 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.02 15:01:41 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2010.08.02 15:01:41 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2010.07.29 13:22:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.04.06 15:30:20 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.23 10:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.18 16:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.05.14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007.04.27 06:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2006.11.30 11:15:16 | 000,556,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2013.02.28 12:25:57 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.08.02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
DRV - [2003.07.29 09:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB DA 64 3B 80 60 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5EBA3B38-9834-4418-BC1C-C0BE03A47579}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..CT2801948.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "hxxp://www.google.de"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "NCH EN Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: googlesharing%40extension.thoughtcrime.org:0.22
FF - prefs.js..extensions.enabledAddons: nitishthelegendkiller%40yahoo.co.in:1.0
FF - prefs.js..extensions.enabledAddons: rotateimage%40minisystems.de:0.1.3.2
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16
FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE%7D:3.1a6
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.32
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: rotateimage@minisystems.de:0.1.3.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.3.3.2
FF - prefs.js..extensions.enabledItems: nitishthelegendkiller@yahoo.co.in:1.0
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:3.7.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=. "
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.07 15:45:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.02.19 17:48:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.02.19 17:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2013.02.20 02:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.13 12:40:36 | 000,000,000 | ---D | M]
 
[2010.08.01 18:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010.08.01 18:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.28 12:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions
[2011.02.12 23:18:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2013.02.19 17:08:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.12.02 13:58:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013.02.23 12:18:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.29 22:58:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.02.28 12:07:32 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\firefox@ghostery.com
[2011.09.09 21:57:32 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org
[2013.01.21 00:32:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\https-everywhere@eff.org
[2012.09.17 09:01:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\ich@maltegoetz.de
[2011.04.22 11:14:20 | 000,000,000 | ---D | M] (ImgClub.org Image Uploader) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\nitishthelegendkiller@yahoo.co.in
[2010.07.31 19:59:16 | 000,000,000 | ---D | M] (Rotate Image) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\rotateimage@minisystems.de
[2011.09.09 21:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2011.09.09 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2011.09.09 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2010.07.31 19:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions
[2010.07.31 19:17:56 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.07.31 19:17:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.12.02 13:58:49 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\autofillForms@blueimp.net.xpi
[2012.11.19 00:41:08 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\compatibility@addons.mozilla.org.xpi
[2012.08.28 14:31:45 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\exif_viewer@mozilla.doslash.org.xpi
[2012.02.27 23:20:23 | 000,003,958 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\expire-history-by-days@bonardo.net.xpi
[2013.02.23 22:52:06 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\firebug@software.joehewitt.com.xpi
[2012.01.01 15:22:47 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2012.03.29 11:04:02 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2013.02.20 12:23:54 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.09.02 11:35:05 | 000,286,375 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE}.xpi
[2013.02.28 12:07:23 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010.08.01 18:26:39 | 000,002,305 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\searchplugins\znout-de.xml
 
O1 HOSTS File: ([2012.02.28 03:02:17 | 000,001,592 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.94.0.1	client.openvpn.net
O1 - Hosts: 127.94.0.2	openvpn-client.us.shieldexchange.com
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme  Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] D:\Program Files\KeePass\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Vidalia] D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - D:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8 - Extra context menu item: BID: Link in Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: BID: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: BID: Öffne diesen &Link - D:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: BID: Seite in &Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378EFFA4-C0DC-4D97-833C-9BC576364504}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D65EF701-E5A3-4F9D-B7B0-93879E23381D}: DhcpNameServer = 172.27.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{02bb1996-9c7f-11df-9668-6cf049b835b2}\Shell - "" = AutoRun
O33 - MountPoints2\{02bb1996-9c7f-11df-9668-6cf049b835b2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{138f2a61-a0eb-11df-80e2-6cf049b835b2}\Shell - "" = AutoRun
O33 - MountPoints2\{138f2a61-a0eb-11df-80e2-6cf049b835b2}\Shell\AutoRun\command - "" = M:\Setup.exe
O33 - MountPoints2\{6626debd-9aa6-11df-87e3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6626debd-9aa6-11df-87e3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 12:32:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.02.28 11:51:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013.02.28 11:51:13 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.25 22:13:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{EBBDA7E5-AB7B-4114-A5D7-466CA013A61A}
[2013.02.25 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288}
[2013.02.25 22:12:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{C7E6AB03-F5B6-4277-BCC7-9290C2711314}
[2013.02.25 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Orleniu
[2013.02.25 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ilhor
[2013.02.21 12:47:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Sync App Settings
[2013.02.19 23:53:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\tor
[2013.02.19 23:53:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Tor
[2013.02.19 23:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle
[2013.02.19 23:53:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Vidalia
[2013.02.17 01:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.02.17 01:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.28 12:33:25 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 12:33:25 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 12:32:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.02.28 12:25:59 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013.02.28 12:25:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.28 12:25:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.28 12:25:31 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 12:24:12 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable
[2013.02.28 12:23:06 | 000,050,477 | ---- | M] () -- C:\Users\user\Desktop\Defogger.exe
[2013.02.28 12:23:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.28 11:51:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.28 11:51:14 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.26 18:48:34 | 007,010,574 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.26 18:48:34 | 002,475,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 18:48:34 | 002,103,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.26 18:48:34 | 001,879,536 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.26 18:48:34 | 000,005,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.25 02:23:52 | 000,054,784 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.24 12:20:08 | 000,387,597 | ---- | M] () -- C:\Users\user\Desktop\DSC_0602.jpg
[2013.02.19 00:02:17 | 000,003,033 | ---- | M] () -- C:\Users\user\Desktop\axp.axp
[2013.02.14 13:15:48 | 005,037,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.07 19:37:41 | 000,001,010 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.07 19:37:29 | 000,000,976 | ---- | M] () -- C:\Users\user\Desktop\Dropbox.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.28 12:25:59 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013.02.28 12:24:12 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable
[2013.02.28 12:23:04 | 000,050,477 | ---- | C] () -- C:\Users\user\Desktop\Defogger.exe
[2013.02.28 11:51:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.24 12:20:08 | 000,387,597 | ---- | C] () -- C:\Users\user\Desktop\DSC_0602.jpg
[2013.02.19 00:02:17 | 000,003,033 | ---- | C] () -- C:\Users\user\Desktop\axp.axp
[2012.06.20 23:17:39 | 000,000,218 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2012.05.13 22:12:54 | 000,000,032 | ---- | C] () -- C:\Users\user\.simfy
[2012.04.08 22:14:33 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Local\PUTTY.RND
[2012.04.01 21:23:00 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd
[2011.12.21 21:09:41 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.08.05 23:51:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2011.08.02 18:09:24 | 000,233,582 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.05.13 20:55:00 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2011.03.28 10:30:33 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2011.03.28 10:30:31 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2011.03.28 10:30:31 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2010.08.11 16:32:44 | 000,001,789 | ---- | C] () -- C:\Users\user\Default.atp
[2010.08.11 16:32:44 | 000,000,288 | ---- | C] () -- C:\Users\user\user.properties
[2010.08.07 12:10:27 | 000,007,603 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2010.08.05 00:43:05 | 000,054,784 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.27 02:40:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.purple
[2010.08.11 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avid
[2011.04.25 13:22:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BID
[2010.09.13 20:05:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canneverbe Limited
[2012.05.07 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2010.08.18 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.11.13 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.29 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.Rhapsody.Napster5
[2010.08.06 00:45:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2013.02.28 12:27:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2012.08.11 22:05:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\e-academy Inc
[2011.12.12 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ethereal
[2013.01.10 00:00:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EurekaLog
[2012.07.23 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Eye-Fi
[2011.11.16 21:11:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
[2011.11.12 21:35:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FireShot
[2012.12.30 02:43:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GARMIN
[2011.02.18 00:09:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2010.10.02 21:00:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gnupg
[2013.02.19 22:22:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2013.02.28 11:27:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ilhor
[2012.01.24 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView
[2010.08.10 00:39:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\JAM Software
[2012.10.10 15:18:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KeePass
[2012.10.10 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KeePassX
[2012.04.02 21:58:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LEGO Company
[2010.09.04 13:05:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexmark Productivity Studio
[2012.11.28 23:11:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LibreOffice
[2011.08.16 17:49:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Matus Tomlein
[2010.10.09 19:00:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Miranda
[2012.06.27 05:55:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mp3tag
[2011.10.08 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MyPhoneExplorer
[2010.08.28 10:43:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NapsterScrobbler
[2011.10.14 14:44:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
[2011.10.14 14:44:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia Ovi Suite
[2012.07.16 23:02:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2013.02.28 11:44:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Orleniu
[2010.09.08 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PACE Anti-Piracy
[2010.08.07 15:47:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2013.02.24 12:20:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rightload
[2011.10.08 14:24:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2012.05.16 21:50:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Simfy
[2012.01.04 02:06:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sinvise Systems
[2010.08.11 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.02.21 12:47:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sync App Settings
[2012.01.25 17:12:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2012.01.04 02:00:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird1
[2012.05.05 17:14:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Titanium
[2010.07.29 16:29:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TrueCrypt
[2010.08.06 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012.01.13 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems
[2012.08.08 13:13:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2012.04.06 01:22:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VG Solutions
[2012.07.29 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2011.10.09 22:16:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wireshark
[2011.02.12 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\YCanPDF
[2013.02.25 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288}
[2013.02.25 22:12:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\{C7E6AB03-F5B6-4277-BCC7-9290C2711314}
[2013.02.25 22:13:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\{EBBDA7E5-AB7B-4114-A5D7-466CA013A61A}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA
@Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:OJ0YQExu03UDxq7DpcqoFrAcwI
@Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:cu2FmI3Q4fibyVmaHRHJgfe
@Alternate Data Stream - 1237 bytes -> C:\ProgramData\Microsoft:JKDMIATSCiGEmTWezHcJGU2cJ
@Alternate Data Stream - 1221 bytes -> C:\ProgramData\Microsoft:4zlAzNhJQeEHAXksRRsM
@Alternate Data Stream - 1210 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:NbarIRuIfeYYGKXlRqmW8F

< End of report >
         
gmer.log:
Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-02-28 13:38:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID2Port1Path0Target0Lun0 SAMSUNG_ rev.FV01 232,88GB
Running: 4np82roe.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\svchost.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000075331465 2 bytes [33, 75]
.text  C:\Windows\SysWOW64\svchost.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000753314bb 2 bytes [33, 75]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[2348] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69   0000000075331465 2 bytes [33, 75]
.text  C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[2348] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155  00000000753314bb 2 bytes [33, 75]
.text  ...                                                                                                                                        * 2
.text  D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[2796] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                          00000000777af85a 1 byte [C3]
.text  D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[2796] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll!getJit + 32      00000000703e9380 4 bytes [C8, 10, 01, 10]
.text  D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000075331465 2 bytes [33, 75]
.text  D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000753314bb 2 bytes [33, 75]
.text  ...                                                                                                                                        * 2
.text  C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075331465 2 bytes [33, 75]
.text  C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000753314bb 2 bytes [33, 75]
.text  ...                                                                                                                                        * 2
.text  C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075331465 2 bytes [33, 75]
.text  C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000753314bb 2 bytes [33, 75]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69     0000000075331465 2 bytes [33, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    00000000753314bb 2 bytes [33, 75]
.text  ...                                                                                                                                        * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                           5877
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        D:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                     0xF7 0xC5 0x0B 0x81 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                               0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0xFC 0xBE 0x7D 0x6B ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                       0xE4 0x10 0x99 0xC8 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                            D:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                            0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                            0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                         0xF7 0xC5 0x0B 0x81 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                              
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                   0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                0xFC 0xBE 0x7D 0x6B ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                         
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                           0xE4 0x10 0x99 0xC8 ...

---- EOF - GMER 2.1 ----
         
Ich würde mich freuen von euch zu hören, ob da noch was ist und wenn ja, welche weiteren Schritte ich befolgen soll.
Schon einmal vielen Dank fürs Annehmen des Problems.

Viele Grüße
numbi

Alt 28.02.2013, 15:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Hallo und

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?


Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer
__________________

__________________

Alt 01.03.2013, 00:40   #3
numbi
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Zitat:
Zitat von cosinus Beitrag anzeigen
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
Danke für deine schnelle Antwort. Ich kann deinen Verdacht nicht bestätigen. Es handelt sich um einen Privatrechner, allerdings kann ich als Student über Microsoft Dreamspark alle Microsoft-Betriebssysteme und anderes kostenlos beziehen. Da hab ich mich nur mit dem "teuersten" zufriedengegeben. ;-)

Ich hab die Anweisungen befolgt, zu TDSS-Killer stand unten nichts, daher hab ich es auch nicht gemacht.

MBAR:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.28.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

28.02.2013 20:09:58
mbar-log-2013-02-28 (20-09-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 242153
Time elapsed: 2 hour(s), 22 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Bei aswMBR hab ich einen Bluescreen bekommen beim ersten Mal. Es kann aber sein, dass ich vergessen habe es als Admin zu starten. Dazu stand dann beim nächsten Start folgendes:

Code:
ATTFilter
Problemsignatur:
  Problemereignisname:	BlueScreen
  Betriebsystemversion:	6.1.7601.2.1.0.256.48
  Gebietsschema-ID:	1031

Zusatzinformationen zum Problem:
  BCCode:	34
  BCP1:	0000000000050853
  BCP2:	FFFFF8800B1C8718
  BCP3:	FFFFF8800B1C7F70
  BCP4:	FFFFF800034049BC
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	256_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\022813-63609-01.dmp
  C:\Users\user\AppData\Local\Temp\WER-86500-0.sysdata.xml
         
Code:
ATTFilter
<?xml version="1.0" encoding="UNICODE"?>
@namespace html url(hxxp://www.w3.org/1999/xhtml); :root {                       font:small Verdana;        font-weight: bold;         padding: 2em;              padding-left:4em;       }                          * {                           display: block;            padding-left: 2em;      }                          html|style {                  display: none;          }                          html|span, html|a {           display: inline;           padding: 0;                font-weight: normal;       text-decoration: none;  }                          html|span.block {             display: block;         }                          *[html|hidden],            span.block[html|hidden] {     display: none;          }                          .expand {                     display: block;         }                          .expand:before {              content: '+';              color: red;                position: absolute;        left: -1em;             }  .collapse {                   display: block;         }                          .collapse:before {            content: '-';              color: red;                position: absolute;        left:-1em;              }                          <SYSTEMINFO>
 <SYSTEM> <OSNAME>Windows 7 Professional Professional</OSNAME> <OSVER>6.1.7601 
1.0</OSVER> <OSLANGUAGE>1031</OSLANGUAGE> <ARCHITECTURE>9</ARCHITECTURE>
 <PRODUCTTYPE>48</PRODUCTTYPE> </SYSTEM> <MEMORYDIAGNOSTIC> </MEMORYDIAGNOSTIC>
 <DEVICES> <DEVICE> <DESCRIPTION>TAP-Win32 Adapter OAS</DESCRIPTION>
 <HARDWAREID>tapoas</HARDWAREID> <SERVICE>tapoas</SERVICE>
 <DRIVER>tapoas.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Standard PCI-zu-USB 
erweiterter Hostcontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00</HARDWAREID>
 <SERVICE>usbehci</SERVICE> <DRIVER>usbehci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00</HARDWAREID>
 <SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1022&DEV_1200&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
 <DEVICE> <DESCRIPTION>Realtek PCIe GBE Family Controller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03</HARDWAREID>
 <SERVICE>RTL8167</SERVICE> <DRIVER>Rt64win7.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Systemzeitgeber</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0100</HARDWAREID> </DEVICE> <DEVICE> <DESCRIPTION>Remote 
Desktop Device Redirector Bus</DESCRIPTION> <HARDWAREID>ROOT\RDPBUS</HARDWAREID>
 <SERVICE>rdpbus</SERVICE> <DRIVER>rdpbus.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Generic USB Hub</DESCRIPTION>
 <HARDWAREID>USB\VID_05E3&PID_0608&REV_0702</HARDWAREID>
 <SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Terminalserver-Tastaturtreiber</DESCRIPTION>
 <HARDWAREID>ROOT\RDP_KBD</HARDWAREID> <SERVICE>TermDD</SERVICE>
 <DRIVER>termdd.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>NETGEAR WG111v3 
Wireless-G USB Adapter</DESCRIPTION>
 <HARDWAREID>USB\VID_0846&PID_4260&REV_0200</HARDWAREID>
 <SERVICE>RTL8187B</SERVICE> <DRIVER>wg111v3.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>DMA-Controller</DESCRIPTION> <HARDWAREID>ACPI\PNP0200</HARDWAREID>
 </DEVICE> <DEVICE> <DESCRIPTION>Laufwerk</DESCRIPTION>
 <HARDWAREID>SCSI\DiskSAMSUNG_SP2514N_________FV01</HARDWAREID>
 <SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-Adapter für Miniports virtueller WiFis</DESCRIPTION>
 <HARDWAREID>{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp</HARDWAREID>
 <SERVICE>vwifimp</SERVICE> <DRIVER>vwifimp.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Terminalserver-Maustreiber</DESCRIPTION>
 <HARDWAREID>ROOT\RDP_MOU</HARDWAREID> <SERVICE>TermDD</SERVICE>
 <DRIVER>termdd.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standardvolume</DESCRIPTION>
 <HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
 <DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-6zu4-Adapter</DESCRIPTION>
 <HARDWAREID>*6to4mp</HARDWAREID> <SERVICE>tunnel</SERVICE>
 <DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Standard PCI-zu-USB 
erweiterter Hostcontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00</HARDWAREID>
 <SERVICE>usbehci</SERVICE> <DRIVER>usbehci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_43A1&SUBSYS_00001002&REV_00</HARDWAREID>
 <SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standardtastatur (PS/2)</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0303</HARDWAREID> <SERVICE>i8042prt</SERVICE>
 <DRIVER>i8042prt.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>PCI 
Standard-Host-CPU-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1022&DEV_1201&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
 <DEVICE> <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
 <HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
 <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>GIGABYTE GBB36X 
Controller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_197B&DEV_2363&SUBSYS_B0001458&REV_02</HARDWAREID>
 <SERVICE>JRAID</SERVICE> <DRIVER>jraid.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
 <HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
 <DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standardvolume</DESCRIPTION>
 <HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
 <DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Druckeranschluss</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0400</HARDWAREID> <SERVICE>Parport</SERVICE>
 <DRIVER>parport.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap 
Miniport</DESCRIPTION> <HARDWAREID>rs_rrnetcapmp</HARDWAREID>
 <SERVICE>RRNetCapMP</SERVICE> <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
 <HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
 <DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Diskettenlaufwerk</DESCRIPTION>
 <HARDWAREID>FDC\GENERIC_FLOPPY_DRIVE</HARDWAREID> <SERVICE>flpydisk</SERVICE>
 <DRIVER>flpydisk.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>AMD-Prozessor</DESCRIPTION>
 <HARDWAREID>ACPI\AuthenticAMD_-_AMD64_Family_16_Model_5</HARDWAREID>
 <SERVICE>AmdPPM</SERVICE> <DRIVER>amdppm.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
 <HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
 <DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Kommunikationsanschluss</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0501</HARDWAREID> <SERVICE>Serial</SERVICE>
 <DRIVER>serial.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap 
Miniport</DESCRIPTION> <HARDWAREID>rs_rrnetcapmp</HARDWAREID>
 <SERVICE>RRNetCapMP</SERVICE> <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standard OpenHCD USB-Hostcontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00</HARDWAREID>
 <SERVICE>usbohci</SERVICE> <DRIVER>usbohci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_43A2&SUBSYS_00001002&REV_00</HARDWAREID>
 <SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1022&DEV_1202&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
 <DEVICE> <DESCRIPTION>Standard-Diskettenlaufwerkcontroller</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0700</HARDWAREID> <SERVICE>fdc</SERVICE>
 <DRIVER>fdc.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
 <HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
 <DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>GIGABYTE GBB36X 
Controller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_197B&DEV_2363&SUBSYS_B0001458&REV_03</HARDWAREID>
 <SERVICE>JRAID</SERVICE> <DRIVER>jraid.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Realtek High Definition Audio</DESCRIPTION>
 <HARDWAREID>HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_1458A102&REV_1003</HARDWAREID>
 <SERVICE>IntcAzAudAddService</SERVICE> <DRIVER>RTKVHD64.sys</DRIVER> </DEVICE>
 <DEVICE> <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
 <HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
 <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standardvolume</DESCRIPTION>
 <HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
 <DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>NEC Electronics 
USB 3.0 Root Hub</DESCRIPTION> <HARDWAREID>NUSB3\ROOT_HUB30</HARDWAREID>
 <SERVICE>nusb3hub</SERVICE> <DRIVER>nusb3hub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
 <HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
 <DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Systemlautsprecher</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0800</HARDWAREID> </DEVICE> <DEVICE>
 <DESCRIPTION>Laufwerk</DESCRIPTION>
 <HARDWAREID>USBSTOR\DiskGeneric_STORAGE_DEVICE__9602</HARDWAREID>
 <SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
 <HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
 <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-Teredo-Tunneling-Adapter</DESCRIPTION>
 <HARDWAREID>*TEREDO</HARDWAREID> <SERVICE>tunnel</SERVICE>
 <DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Audials Sound 
Capturing</DESCRIPTION> <HARDWAREID>root\tbhsd</HARDWAREID>
 <SERVICE>tbhsd</SERVICE> <DRIVER>tbhsd.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>High Definition Audio-Controller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4383&SUBSYS_A1021458&REV_40</HARDWAREID>
 <SERVICE>HDAudBus</SERVICE> <DRIVER>HDAudBus.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standardvolume</DESCRIPTION>
 <HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
 <DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Standard OpenHCD 
USB-Hostcontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00</HARDWAREID>
 <SERVICE>usbohci</SERVICE> <DRIVER>usbohci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_43A3&SUBSYS_00001002&REV_00</HARDWAREID>
 <SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1022&DEV_1203&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
 <DEVICE> <DESCRIPTION>PCI-Bus</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0A03</HARDWAREID> <SERVICE>pci</SERVICE>
 <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>ACPI x64-based 
PC</DESCRIPTION> <HARDWAREID>acpiapic</HARDWAREID>
 <SERVICE>\Driver\ACPI_HAL</SERVICE> </DEVICE> <DEVICE>
 <DESCRIPTION>AMD-Prozessor</DESCRIPTION>
 <HARDWAREID>ACPI\AuthenticAMD_-_AMD64_Family_16_Model_5</HARDWAREID>
 <SERVICE>AmdPPM</SERVICE> <DRIVER>amdppm.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft-Systemverwaltungs-BIOS-Treiber</DESCRIPTION>
 <HARDWAREID>ROOT\mssmbios</HARDWAREID> <SERVICE>mssmbios</SERVICE>
 <DRIVER>mssmbios.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap 
Miniport</DESCRIPTION> <HARDWAREID>rs_rrnetcapmp</HARDWAREID>
 <SERVICE>RRNetCapMP</SERVICE> <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>IDE-Kanal</DESCRIPTION> <HARDWAREID>1002-4390</HARDWAREID>
 <SERVICE>atapi</SERVICE> <DRIVER>atapi.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Treiber für Datei-als-Volume</DESCRIPTION>
 <HARDWAREID>ROOT\BLBDRIVE</HARDWAREID> <SERVICE>blbdrive</SERVICE>
 <DRIVER>blbdrive.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN Miniport 
(IKEv2)</DESCRIPTION> <HARDWAREID>ms_agilevpnminiport</HARDWAREID>
 <SERVICE>RasAgileVpn</SERVICE> <DRIVER>AgileVpn.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>USB-Root-Hub</DESCRIPTION>
 <HARDWAREID>USB\ROOT_HUB&VID1002&PID4397&REV0000</HARDWAREID>
 <SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
 <HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
 <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>IDE-Kanal</DESCRIPTION> <HARDWAREID>1002-4390</HARDWAREID>
 <SERVICE>atapi</SERVICE> <DRIVER>atapi.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Laufwerk</DESCRIPTION>
 <HARDWAREID>USBSTOR\DiskGeneric_STORAGE_DEVICE__9602</HARDWAREID>
 <SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Busenumerator für Verbundgeräte</DESCRIPTION>
 <HARDWAREID>ROOT\CompositeBus</HARDWAREID> <SERVICE>CompositeBus</SERVICE>
 <DRIVER>CompositeBus.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>System 
CMOS/Echtzeituhr</DESCRIPTION> <HARDWAREID>ACPI\PNP0B00</HARDWAREID> </DEVICE>
 <DEVICE> <DESCRIPTION>ATI 
E/A-Kommunikationsprozessor-PCI-Buscontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_40</HARDWAREID>
 <SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standard OpenHCD USB-Hostcontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00</HARDWAREID>
 <SERVICE>usbohci</SERVICE> <DRIVER>usbohci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
 <HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
 <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport 
(L2TP)</DESCRIPTION> <HARDWAREID>ms_l2tpminiport</HARDWAREID>
 <SERVICE>Rasl2tp</SERVICE> <DRIVER>rasl2tp.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_5957&SUBSYS_59571002&REV_00</HARDWAREID> </DEVICE>
 <DEVICE> <DESCRIPTION>USB-Eingabegerät</DESCRIPTION>
 <HARDWAREID>USB\VID_046D&PID_C043&REV_2720</HARDWAREID>
 <SERVICE>HidUsb</SERVICE> <DRIVER>hidusb.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>USB-Root-Hub</DESCRIPTION>
 <HARDWAREID>USB\ROOT_HUB&VID1002&PID4397&REV0000</HARDWAREID>
 <SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1022&DEV_1204&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
 <DEVICE> <DESCRIPTION>Logische Schnittstelle für Druckeranschluss</DESCRIPTION>
 <HARDWAREID>LPTENUM\MicrosoftRawPort958A</HARDWAREID> </DEVICE> <DEVICE>
 <DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
 <HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
 <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>IDE-Kanal</DESCRIPTION> <HARDWAREID>1002-439c</HARDWAREID>
 <SERVICE>atapi</SERVICE> <DRIVER>atapi.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Systemplatine</DESCRIPTION> <HARDWAREID>ACPI\PNP0C01</HARDWAREID>
 </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
 <HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
 <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport 
(Netzwerkmonitor)</DESCRIPTION> <HARDWAREID>ms_ndiswanbh</HARDWAREID>
 <SERVICE>NdisWan</SERVICE> <DRIVER>ndiswan.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>USB-Root-Hub</DESCRIPTION>
 <HARDWAREID>USB\ROOT_HUB&VID1002&PID4397&REV0000</HARDWAREID>
 <SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>AMD-Prozessor</DESCRIPTION>
 <HARDWAREID>ACPI\AuthenticAMD_-_AMD64_Family_16_Model_5</HARDWAREID>
 <SERVICE>AmdPPM</SERVICE> <DRIVER>amdppm.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
 <HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
 <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>USB-Massenspeichergerät</DESCRIPTION>
 <HARDWAREID>USB\VID_05E3&PID_070E&REV_9602</HARDWAREID>
 <SERVICE>USBSTOR</SERVICE> <DRIVER>USBSTOR.SYS</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Hauptplatinenressourcen</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0C02</HARDWAREID> </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap 
Miniport</DESCRIPTION> <HARDWAREID>rs_rrnetcapmp</HARDWAREID>
 <SERVICE>RRNetCapMP</SERVICE> <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>WAN-Miniport (IP)</DESCRIPTION>
 <HARDWAREID>ms_ndiswanip</HARDWAREID> <SERVICE>NdisWan</SERVICE>
 <DRIVER>ndiswan.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>IDE-Kanal</DESCRIPTION> <HARDWAREID>1002-439c</HARDWAREID>
 <SERVICE>atapi</SERVICE> <DRIVER>atapi.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Laufwerk</DESCRIPTION>
 <HARDWAREID>USBSTOR\DiskGeneric_STORAGE_DEVICE__9602</HARDWAREID>
 <SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>USB-Root-Hub</DESCRIPTION>
 <HARDWAREID>USB\ROOT_HUB&VID1002&PID4399&REV0000</HARDWAREID>
 <SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
 <HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
 <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>ATI 
E/A-Kommunikationsprozessor-SMBus-Controller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4385&SUBSYS_00000000&REV_41</HARDWAREID> </DEVICE>
 <DEVICE> <DESCRIPTION>Standard OpenHCD USB-Hostcontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4399&SUBSYS_50041458&REV_00</HARDWAREID>
 <SERVICE>usbohci</SERVICE> <DRIVER>usbohci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standardvolume</DESCRIPTION>
 <HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
 <DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>PCI 
Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_5978&SUBSYS_59571002&REV_00</HARDWAREID>
 <SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>NEC Electronics USB 3.0 Host Controller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03</HARDWAREID>
 <SERVICE>nusb3xhc</SERVICE> <DRIVER>nusb3xhc.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Hauptplatinenressourcen</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0C02</HARDWAREID> </DEVICE> <DEVICE>
 <DESCRIPTION>PnP-Softwaregeräte-Enumerator</DESCRIPTION>
 <HARDWAREID>root\swenum</HARDWAREID> <SERVICE>swenum</SERVICE>
 <DRIVER>swenum.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport 
(IPv6)</DESCRIPTION> <HARDWAREID>ms_ndiswanipv6</HARDWAREID>
 <SERVICE>NdisWan</SERVICE> <DRIVER>ndiswan.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
 <HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
 <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>USB-Root-Hub</DESCRIPTION>
 <HARDWAREID>USB\ROOT_HUB20&VID1002&PID4396&REV0000</HARDWAREID>
 <SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Hauptplatinenressourcen</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0C02</HARDWAREID> </DEVICE> <DEVICE>
 <DESCRIPTION>HID-konforme Maus</DESCRIPTION>
 <HARDWAREID>HID\VID_046D&PID_C043&REV_2720</HARDWAREID>
 <SERVICE>mouhid</SERVICE> <DRIVER>mouhid.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>UMBus-Stamm-Busenumerator</DESCRIPTION>
 <HARDWAREID>root\umbus</HARDWAREID> <SERVICE>umbus</SERVICE>
 <DRIVER>umbus.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Deterministic 
Network Enhancer Miniport</DESCRIPTION> <HARDWAREID>dni_dnemp</HARDWAREID>
 <SERVICE>DNE</SERVICE> <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Numerischer Coprozessor</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0C04</HARDWAREID> </DEVICE> <DEVICE>
 <DESCRIPTION>WAN-Miniport (PPPOE)</DESCRIPTION>
 <HARDWAREID>ms_pppoeminiport</HARDWAREID> <SERVICE>RasPppoe</SERVICE>
 <DRIVER>raspppoe.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>USB-Root-Hub</DESCRIPTION>
 <HARDWAREID>USB\ROOT_HUB20&VID1002&PID4396&REV0000</HARDWAREID>
 <SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Enumerator-Treiber für Microsoft Virtual Drive</DESCRIPTION>
 <HARDWAREID>ROOT\vdrvroot</HARDWAREID> <SERVICE>vdrvroot</SERVICE>
 <DRIVER>vdrvroot.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>AMD-Prozessor</DESCRIPTION>
 <HARDWAREID>ACPI\AuthenticAMD_-_AMD64_Family_16_Model_5</HARDWAREID>
 <SERVICE>AmdPPM</SERVICE> <DRIVER>amdppm.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
 <HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
 <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standard-Zweikanal-PCI-IDE-Controller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4390&SUBSYS_B0021458&REV_40</HARDWAREID>
 <SERVICE>pciide</SERVICE> <DRIVER>pciide.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standard-Zweikanal-PCI-IDE-Controller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_439C&SUBSYS_50021458&REV_40</HARDWAREID>
 <SERVICE>pciide</SERVICE> <DRIVER>pciide.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_597E&SUBSYS_59571002&REV_00</HARDWAREID>
 <SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Laufwerk</DESCRIPTION>
 <HARDWAREID>USBSTOR\DiskGeneric_STORAGE_DEVICE__9602</HARDWAREID>
 <SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>OHCI-konformer Texas Instruments 1394-Hostcontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_104C&DEV_8024&SUBSYS_10001458&REV_00</HARDWAREID>
 <SERVICE>1394ohci</SERVICE> <DRIVER>1394ohci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>ACPI-Einschaltknopf</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0C0C</HARDWAREID> </DEVICE> <DEVICE> <DESCRIPTION>ANT USB 
Stick 2</DESCRIPTION> <HARDWAREID>USB\VID_0FCF&PID_1008&REV_0100</HARDWAREID>
 <SERVICE>libusb0</SERVICE> <DRIVER>libusb0.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Volume-Verwaltung</DESCRIPTION>
 <HARDWAREID>ROOT\VOLMGR</HARDWAREID> <SERVICE>volmgr</SERVICE>
 <DRIVER>volmgr.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport 
(PPTP)</DESCRIPTION> <HARDWAREID>ms_pptpminiport</HARDWAREID>
 <SERVICE>PptpMiniport</SERVICE> <DRIVER>raspptp.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>USB-Root-Hub</DESCRIPTION>
 <HARDWAREID>USB\ROOT_HUB20&VID1002&PID4396&REV0000</HARDWAREID>
 <SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
 <HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
 <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Microsoft 
Windows-Verwaltungsschnittstelle für ACPI</DESCRIPTION>
 <HARDWAREID>ACPI\PNP0C14</HARDWAREID> <SERVICE>WmiAcpi</SERVICE>
 <DRIVER>wmiacpi.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport 
(SSTP)</DESCRIPTION> <HARDWAREID>ms_sstpminiport</HARDWAREID>
 <SERVICE>RasSstp</SERVICE> <DRIVER>rassstp.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
 <HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
 <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Standard PCI-zu-USB 
erweiterter Hostcontroller</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00</HARDWAREID>
 <SERVICE>usbehci</SERVICE> <DRIVER>usbehci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
 <HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
 <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>PCI 
Standard-ISA-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_40</HARDWAREID>
 <SERVICE>msisadrv</SERVICE> <DRIVER>msisadrv.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
 <HARDWAREID>PCI\VEN_1002&DEV_597F&SUBSYS_59571002&REV_00</HARDWAREID>
 <SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Standardvolume</DESCRIPTION>
 <HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
 <DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Photosmart B110 
series</DESCRIPTION> <HARDWAREID>Photosmart_B110_series&HPSLP</HARDWAREID>
 </DEVICE> <DEVICE> <DESCRIPTION>NVIDIA GeForce GTS 250</DESCRIPTION>
 <HARDWAREID>PCI\VEN_10DE&DEV_0615&SUBSYS_210319DA&REV_A2</HARDWAREID>
 <SERVICE>nvlddmkm</SERVICE> <DRIVER>nvlddmkm.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>ACPI-Schalter</DESCRIPTION>
 <HARDWAREID>ACPI\FixedButton</HARDWAREID> </DEVICE> <DEVICE>
 <DESCRIPTION>Microsoft ACPI-konformes System</DESCRIPTION>
 <HARDWAREID>ACPI_HAL\PNP0C08</HARDWAREID> <SERVICE>ACPI</SERVICE>
 <DRIVER>ACPI.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Photosmart B110 
series</DESCRIPTION> <HARDWAREID>MF\Photosmart_B110&HPSLP&IP_SCAN</HARDWAREID>
 <SERVICE>StillCam</SERVICE> <DRIVER>serscan.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>Cisco Systems VPN Adapter for 64-bit Windows</DESCRIPTION>
 <HARDWAREID>CS_VirtA</HARDWAREID> <SERVICE>CVirtA</SERVICE>
 <DRIVER>CVirtA64.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>UMBusenumerator</DESCRIPTION> <HARDWAREID>UMB\UMBUS</HARDWAREID>
 <SERVICE>umbus</SERVICE> <DRIVER>umbus.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>CD-ROM-Laufwerk</DESCRIPTION>
 <HARDWAREID>SCSI\CdRom_NEC____DVD_RW_ND-3550A_1.05</HARDWAREID>
 <SERVICE>cdrom</SERVICE> <DRIVER>cdrom.sys</DRIVER> </DEVICE> <DEVICE>
 <DESCRIPTION>PnP-Monitor (Standard)</DESCRIPTION>
 <HARDWAREID>MONITOR\GNR0000</HARDWAREID> <SERVICE>monitor</SERVICE>
 <DRIVER>monitor.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Programmierbarer 
Interruptcontroller</DESCRIPTION> <HARDWAREID>ACPI\PNP0000</HARDWAREID>
 </DEVICE> <DEVICE> <DESCRIPTION>TAP-Win32 Adapter V9</DESCRIPTION>
 <HARDWAREID>tap0901</HARDWAREID> <SERVICE>tap0901</SERVICE>
 <DRIVER>tap0901.sys</DRIVER> </DEVICE> </DEVICES> <DRIVERS> <DRIVER>
 <FILENAME>1394ohci.sys</FILENAME> <FILESIZE>229888</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:38</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>ACPI.sys</FILENAME>
 <FILESIZE>334208</FILESIZE> <CREATIONDATE>07-08-2011 10:35:01</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>acpipmi.sys</FILENAME> <FILESIZE>12800</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:30</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>adp94xx.sys</FILENAME>
 <FILESIZE>491088</FILESIZE> <CREATIONDATE>06-10-2009 20:36:24</CREATIONDATE>
 <VERSION>1.6.6.4</VERSION> <MANUFACTURER>Adaptec, Inc.</MANUFACTURER>
 <PRODUCTNAME>Adaptec Windows 7 SAS/SATA Family Storport Driver</PRODUCTNAME>
 <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>adpahci.sys</FILENAME> <FILESIZE>339536</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:32</CREATIONDATE> <VERSION>1.6.6.1</VERSION>
 <MANUFACTURER>Adaptec, Inc.</MANUFACTURER> <PRODUCTNAME>Adaptec Windows Server 
2003 SATA Family Storport Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP>
 </DRIVER> <DRIVER> <FILENAME>adpu320.sys</FILENAME> <FILESIZE>182864</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>7.2.0.0</VERSION>
 <MANUFACTURER>Adaptec, Inc.</MANUFACTURER> <PRODUCTNAME>Adaptec Windows 
Ultra320 Family Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER>
 <DRIVER> <FILENAME>afd.sys</FILENAME> <FILESIZE>498688</FILESIZE>
 <CREATIONDATE>02-16-2012 02:36:14</CREATIONDATE>
 <VERSION>6.1.7601.17752</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
 <FILENAME>agp440.sys</FILENAME> <FILESIZE>61008</FILESIZE>
 <CREATIONDATE>07-13-2009 23:38:44</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>aliide.sys</FILENAME> <FILESIZE>15440</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:47</CREATIONDATE> <VERSION>1.2.0.0</VERSION>
 <MANUFACTURER>Acer Laboratories Inc.</MANUFACTURER> <PRODUCTNAME>ALi mini IDE 
Driver</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>amdide.sys</FILENAME> <FILESIZE>15440</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:49</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>amdk8.sys</FILENAME> <FILESIZE>64512</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>amdppm.sys</FILENAME> <FILESIZE>60928</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>amdsata.sys</FILENAME> <FILESIZE>107904</FILESIZE>
 <CREATIONDATE>04-27-2011 23:00:35</CREATIONDATE> <VERSION>1.1.2.5</VERSION>
 <MANUFACTURER>Advanced Micro Devices</MANUFACTURER> <PRODUCTNAME>AHCI 1.2 
Device Driver</PRODUCTNAME> <GROUP>SCSI miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>amdsbs.sys</FILENAME> <FILESIZE>194128</FILESIZE>
 <CREATIONDATE>06-10-2009 20:37:35</CREATIONDATE>
 <VERSION>3.6.1540.127</VERSION> <MANUFACTURER>AMD Technologies 
Inc.</MANUFACTURER> <PRODUCTNAME>AMD Technology AHCI Compatible 
Controller</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>amdxata.sys</FILENAME> <FILESIZE>27008</FILESIZE>
 <CREATIONDATE>04-27-2011 23:00:34</CREATIONDATE> <VERSION>1.1.2.5</VERSION>
 <MANUFACTURER>Advanced Micro Devices</MANUFACTURER> <PRODUCTNAME>Storage Filter 
Driver</PRODUCTNAME> <GROUP>SCSI miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ssadadb.sys</FILENAME> <FILESIZE>36328</FILESIZE>
 <CREATIONDATE>10-08-2011 13:26:08</CREATIONDATE> <VERSION>1.0.1.1</VERSION>
 <MANUFACTURER>Google Inc</MANUFACTURER> <PRODUCTNAME>Google Android USB 
Driver</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>appid.sys</FILENAME> <FILESIZE>61440</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:27</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>AppleCharger.sys</FILENAME>
 <FILESIZE>21544</FILESIZE> <CREATIONDATE>07-29-2010 11:01:39</CREATIONDATE>
 <VERSION>0.0.0.0</VERSION> <MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
 <FILENAME>arc.sys</FILENAME> <FILESIZE>87632</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>5.2.0.10384</VERSION>
 <MANUFACTURER>Adaptec, Inc.</MANUFACTURER> <PRODUCTNAME>Adaptec RAID 
Controller</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>arcsas.sys</FILENAME> <FILESIZE>97856</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>5.2.0.16119</VERSION>
 <MANUFACTURER>Adaptec, Inc.</MANUFACTURER> <PRODUCTNAME>Adaptec RAID 
Controller</PRODUCTNAME> <GROUP>SCSI miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>asyncmac.sys</FILENAME> <FILESIZE>23040</FILESIZE>
 <CREATIONDATE>07-14-2009 00:10:13</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>atapi.sys</FILENAME>
 <FILESIZE>24128</FILESIZE> <CREATIONDATE>07-13-2009 23:19:47</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>athrxusb.sys</FILENAME> <FILESIZE>556544</FILESIZE>
 <CREATIONDATE>04-02-2011 22:46:57</CREATIONDATE> <VERSION>2.0.0.117</VERSION>
 <MANUFACTURER>Atheros Communications, Inc.</MANUFACTURER> <PRODUCTNAME>Driver 
for Atheros Wireless USB Network Adapter</PRODUCTNAME> <GROUP>NDIS</GROUP>
 </DRIVER> <DRIVER> <FILENAME>avgntflt.sys</FILENAME> <FILESIZE>98848</FILESIZE>
 <CREATIONDATE>04-07-2012 19:35:39</CREATIONDATE> <VERSION>12.0.24.11</VERSION>
 <MANUFACTURER>Avira GmbH</MANUFACTURER> <PRODUCTNAME>AntiVir 
Workstation</PRODUCTNAME> <GROUP>FSFilter Anti-Virus</GROUP>
 <ALTITUDE>320500</ALTITUDE> </DRIVER> <DRIVER> <FILENAME>avipbb.sys</FILENAME>
 <FILESIZE>132832</FILESIZE> <CREATIONDATE>04-07-2012 19:35:39</CREATIONDATE>
 <VERSION>12.0.50.34</VERSION> <MANUFACTURER>Avira GmbH</MANUFACTURER>
 <PRODUCTNAME>AntiVir Desktop</PRODUCTNAME> <GROUP>Avira</GROUP> </DRIVER>
 <DRIVER> <FILENAME>avkmgr.sys</FILENAME> <FILESIZE>27760</FILESIZE>
 <CREATIONDATE>04-07-2012 19:35:39</CREATIONDATE> <VERSION>12.0.20.2</VERSION>
 <MANUFACTURER>Avira GmbH</MANUFACTURER> <PRODUCTNAME>AntiVir 
Desktop</PRODUCTNAME> <GROUP>Avira</GROUP> </DRIVER> <DRIVER>
 <FILENAME>bxvbda.sys</FILENAME> <FILESIZE>468480</FILESIZE>
 <CREATIONDATE>06-10-2009 20:34:28</CREATIONDATE> <VERSION>4.8.2.0</VERSION>
 <MANUFACTURER>Broadcom Corporation</MANUFACTURER> <PRODUCTNAME>Broadcom 
NetXtreme II GigE</PRODUCTNAME> <GROUP>base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>b57nd60a.sys</FILENAME> <FILESIZE>270848</FILESIZE>
 <CREATIONDATE>06-10-2009 20:34:23</CREATIONDATE> <VERSION>10.100.4.0</VERSION>
 <MANUFACTURER>Broadcom Corporation</MANUFACTURER> <PRODUCTNAME>Broadcom 
NetXtreme Gigabit Ethernet Driver</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER>
 <DRIVER> <FILENAME>Beep.sys</FILENAME> <FILESIZE>6656</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:13</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>blbdrive.sys</FILENAME> <FILESIZE>45056</FILESIZE>
 <CREATIONDATE>07-13-2009 23:35:59</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>bowser.sys</FILENAME>
 <FILESIZE>90624</FILESIZE> <CREATIONDATE>04-15-2011 11:39:16</CREATIONDATE>
 <VERSION>6.1.7601.17565</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>BrFiltLo.sys</FILENAME> <FILESIZE>18432</FILESIZE>
 <CREATIONDATE>07-14-2009 01:19:59</CREATIONDATE> <VERSION>1.10.0.2</VERSION>
 <MANUFACTURER>Brother Industries, Ltd.</MANUFACTURER>
 <PRODUCTNAME>RemovableDisk</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER>
 <DRIVER> <FILENAME>BrFiltUp.sys</FILENAME> <FILESIZE>8704</FILESIZE>
 <CREATIONDATE>07-14-2009 01:20:21</CREATIONDATE> <VERSION>1.4.0.1</VERSION>
 <MANUFACTURER>Brother Industries, Ltd.</MANUFACTURER>
 <PRODUCTNAME>RemovableDisk</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER>
 <DRIVER> <FILENAME>Brserid.sys</FILENAME> <FILESIZE>286720</FILESIZE>
 <CREATIONDATE>07-14-2009 01:19:06</CREATIONDATE> <VERSION>1.0.1.6</VERSION>
 <MANUFACTURER>Brother Industries Ltd.</MANUFACTURER>
 <PRODUCTNAME>Betriebssystem Microsoft® Windows®</PRODUCTNAME> </DRIVER>
 <DRIVER> <FILENAME>BrSerWdm.sys</FILENAME> <FILESIZE>47104</FILESIZE>
 <CREATIONDATE>07-14-2009 01:20:11</CREATIONDATE> <VERSION>1.0.0.20</VERSION>
 <MANUFACTURER>Brother Industries Ltd.</MANUFACTURER> <PRODUCTNAME>Brother MFL 
Pro</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>BrUsbMdm.sys</FILENAME>
 <FILESIZE>14976</FILESIZE> <CREATIONDATE>07-14-2009 01:20:26</CREATIONDATE>
 <VERSION>1.0.0.12</VERSION> <MANUFACTURER>Brother Industries 
Ltd.</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>BrUsbSer.sys</FILENAME>
 <FILESIZE>14720</FILESIZE> <CREATIONDATE>07-14-2009 01:20:15</CREATIONDATE>
 <VERSION>1.0.1.3</VERSION> <MANUFACTURER>Brother Industries Ltd.</MANUFACTURER>
 <PRODUCTNAME>Microsoft® Windows® Operating System</PRODUCTNAME> </DRIVER>
 <DRIVER> <FILENAME>bthmodem.sys</FILENAME> <FILESIZE>72192</FILESIZE>
 <CREATIONDATE>07-14-2009 00:06:52</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>cdfs.sys</FILENAME>
 <FILESIZE>92160</FILESIZE> <CREATIONDATE>07-13-2009 23:19:47</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
 <FILENAME>cdrom.sys</FILENAME> <FILESIZE>147456</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:24</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>SCSI CDROM Class</GROUP> </DRIVER> <DRIVER>
 <FILENAME>circlass.sys</FILENAME> <FILESIZE>45568</FILESIZE>
 <CREATIONDATE>07-14-2009 00:06:34</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>CLFS.sys</FILENAME> <FILESIZE>367696</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:59</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>CmBatt.sys</FILENAME> <FILESIZE>17664</FILESIZE>
 <CREATIONDATE>07-13-2009 23:31:03</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>cmdide.sys</FILENAME>
 <FILESIZE>17488</FILESIZE> <CREATIONDATE>07-13-2009 23:19:48</CREATIONDATE>
 <VERSION>2.0.7.0</VERSION> <MANUFACTURER>CMD Technology, Inc.</MANUFACTURER>
 <PRODUCTNAME>Microsoft® Windows® Operating System</PRODUCTNAME> <GROUP>System 
Bus Extender</GROUP> </DRIVER> <DRIVER> <FILENAME>cng.sys</FILENAME>
 <FILESIZE>458704</FILESIZE> <CREATIONDATE>07-10-2012 22:39:25</CREATIONDATE>
 <VERSION>6.1.7601.17856</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>compbatt.sys</FILENAME> <FILESIZE>21584</FILESIZE>
 <CREATIONDATE>07-13-2009 23:31:02</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>CompositeBus.sys</FILENAME> <FILESIZE>38912</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:28</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>crcdisk.sys</FILENAME> <FILESIZE>24144</FILESIZE>
 <CREATIONDATE>07-14-2009 00:01:14</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Pnp Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>csc.sys</FILENAME> <FILESIZE>514560</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:53</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>CVirtA64.sys</FILENAME> <FILESIZE>14992</FILESIZE>
 <CREATIONDATE>02-08-2010 06:32:00</CREATIONDATE> <VERSION>5.0.0.1</VERSION>
 <MANUFACTURER>Cisco Systems, Inc.</MANUFACTURER> <PRODUCTNAME>Cisco Systems VPN 
Client</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>CVPNDRVA.sys</FILENAME> <FILESIZE>304784</FILESIZE>
 <CREATIONDATE>03-23-2010 11:29:46</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
 <MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER> <FILENAME>dfsc.sys</FILENAME>
 <FILESIZE>102400</FILESIZE> <CREATIONDATE>07-08-2011 10:33:37</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>discache.sys</FILENAME> <FILESIZE>40448</FILESIZE>
 <CREATIONDATE>07-13-2009 23:37:18</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>disk.sys</FILENAME>
 <FILESIZE>73280</FILESIZE> <CREATIONDATE>07-13-2009 23:19:57</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>dne64x.sys</FILENAME>
 <FILESIZE>157968</FILESIZE> <CREATIONDATE>11-16-2008 16:39:44</CREATIONDATE>
 <VERSION>3.22.4.17992</VERSION> <MANUFACTURER>Deterministic Networks, 
Inc.</MANUFACTURER> <PRODUCTNAME/> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
 <FILENAME>drmkaud.sys</FILENAME> <FILESIZE>5632</FILESIZE>
 <CREATIONDATE>07-14-2009 00:06:16</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>dxgkrnl.sys</FILENAME>
 <FILESIZE>982912</FILESIZE> <CREATIONDATE>07-08-2011 10:35:50</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Video Init</GROUP> </DRIVER> <DRIVER>
 <FILENAME>evbda.sys</FILENAME> <FILESIZE>3286016</FILESIZE>
 <CREATIONDATE>06-10-2009 20:34:33</CREATIONDATE> <VERSION>4.8.13.0</VERSION>
 <MANUFACTURER>Broadcom Corporation</MANUFACTURER> <PRODUCTNAME>Broadcom 
NetXtreme II 10 GigE</PRODUCTNAME> <GROUP>base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>elxstor.sys</FILENAME> <FILESIZE>530496</FILESIZE>
 <CREATIONDATE>06-10-2009 20:36:49</CREATIONDATE> <VERSION>7.2.10.211</VERSION>
 <MANUFACTURER>Emulex</MANUFACTURER> <PRODUCTNAME>Emulex LightPulse Storport 
Miniport Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>errdev.sys</FILENAME> <FILESIZE>9728</FILESIZE>
 <CREATIONDATE>07-13-2009 23:31:04</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>exfat.sys</FILENAME> <FILESIZE>195072</FILESIZE>
 <CREATIONDATE>07-13-2009 23:23:29</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
 <FILENAME>fastfat.sys</FILENAME> <FILESIZE>204800</FILESIZE>
 <CREATIONDATE>07-13-2009 23:23:29</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
 <FILENAME>fdc.sys</FILENAME> <FILESIZE>29696</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:54</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>fileinfo.sys</FILENAME>
 <FILESIZE>70224</FILESIZE> <CREATIONDATE>07-13-2009 23:34:25</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>FSFilter Bottom</GROUP> <ALTITUDE>45000</ALTITUDE>
 </DRIVER> <DRIVER> <FILENAME>filetrace.sys</FILENAME>
 <FILESIZE>34304</FILESIZE> <CREATIONDATE>07-13-2009 23:25:40</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>FSFilter Activity Monitor</GROUP>
 <ALTITUDE>385000</ALTITUDE> </DRIVER> <DRIVER>
 <FILENAME>flpydisk.sys</FILENAME> <FILESIZE>24576</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:54</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>fltmgr.sys</FILENAME>
 <FILESIZE>289664</FILESIZE> <CREATIONDATE>07-08-2011 10:35:32</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>FSFilter Infrastructure</GROUP> </DRIVER> <DRIVER>
 <FILENAME>FsDepends.sys</FILENAME> <FILESIZE>55376</FILESIZE>
 <CREATIONDATE>07-13-2009 23:26:13</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Filter</GROUP> <ALTITUDE>407000</ALTITUDE> </DRIVER>
 <DRIVER> <FILENAME>Fs_Rec.sys</FILENAME> <FILESIZE>23408</FILESIZE>
 <CREATIONDATE>04-13-2012 22:32:41</CREATIONDATE>
 <VERSION>6.1.7601.17787</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>File System</GROUP> </DRIVER> <DRIVER>
 <FILENAME>fvevol.sys</FILENAME> <FILESIZE>223248</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:16</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>gagp30kx.sys</FILENAME> <FILESIZE>65088</FILESIZE>
 <CREATIONDATE>07-13-2009 23:38:44</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>gdrv.sys</FILENAME> <FILESIZE>25640</FILESIZE>
 <CREATIONDATE>07-29-2010 11:03:23</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
 <MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
 <FILENAME>hcw85cir.sys</FILENAME> <FILESIZE>31232</FILESIZE>
 <CREATIONDATE>07-13-2009 22:53:43</CREATIONDATE>
 <VERSION>1.31.27127.0</VERSION> <MANUFACTURER>Hauppauge Computer Works, 
Inc.</MANUFACTURER> <PRODUCTNAME>hcw85cir.sys</PRODUCTNAME> <GROUP>Extended 
Base</GROUP> </DRIVER> <DRIVER> <FILENAME>HdAudio.sys</FILENAME>
 <FILESIZE>350208</FILESIZE> <CREATIONDATE>07-08-2011 10:33:25</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>HDAudBus.sys</FILENAME>
 <FILESIZE>122368</FILESIZE> <CREATIONDATE>07-08-2011 10:33:24</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>HidBatt.sys</FILENAME> <FILESIZE>26624</FILESIZE>
 <CREATIONDATE>07-13-2009 23:31:06</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>hidbth.sys</FILENAME>
 <FILESIZE>100864</FILESIZE> <CREATIONDATE>07-14-2009 00:06:52</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>hidir.sys</FILENAME> <FILESIZE>46592</FILESIZE>
 <CREATIONDATE>07-14-2009 00:06:23</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>hidusb.sys</FILENAME> <FILESIZE>30208</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:27</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>HpSAMD.sys</FILENAME> <FILESIZE>78720</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:18</CREATIONDATE> <VERSION>6.12.6.64</VERSION>
 <MANUFACTURER>Hewlett-Packard Company</MANUFACTURER> <PRODUCTNAME>Smart Array 
SAS/SATA Controller Media Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP>
 </DRIVER> <DRIVER> <FILENAME>HTTP.sys</FILENAME> <FILESIZE>753664</FILESIZE>
 <CREATIONDATE>07-08-2011 10:36:10</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>hwpolicy.sys</FILENAME>
 <FILESIZE>14720</FILESIZE> <CREATIONDATE>07-08-2011 10:34:33</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>i8042prt.sys</FILENAME>
 <FILESIZE>105472</FILESIZE> <CREATIONDATE>07-13-2009 23:19:58</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Keyboard Port</GROUP> </DRIVER> <DRIVER>
 <FILENAME>iaStorV.sys</FILENAME> <FILESIZE>410496</FILESIZE>
 <CREATIONDATE>04-27-2011 23:00:34</CREATIONDATE> <VERSION>8.6.2.1014</VERSION>
 <MANUFACTURER>Intel Corporation</MANUFACTURER> <PRODUCTNAME>Intel Matrix 
Storage Manager driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER>
 <DRIVER> <FILENAME>iirsp.sys</FILENAME> <FILESIZE>44112</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>5.4.22.0</VERSION>
 <MANUFACTURER>Intel Corp./ICP vortex GmbH</MANUFACTURER> <PRODUCTNAME>Intel/ICP 
Raid Storport Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER>
 <DRIVER> <FILENAME>RTKVHD64.sys</FILENAME> <FILESIZE>2298400</FILESIZE>
 <CREATIONDATE>07-29-2010 10:56:30</CREATIONDATE> <VERSION>6.0.1.6069</VERSION>
 <MANUFACTURER>Realtek Semiconductor Corp.</MANUFACTURER>
 <PRODUCTNAME>Realtek(r) High Definition Audio Function Driver</PRODUCTNAME>
 </DRIVER> <DRIVER> <FILENAME>intelide.sys</FILENAME> <FILESIZE>16960</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:48</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>intelppm.sys</FILENAME> <FILESIZE>62464</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ipfltdrv.sys</FILENAME> <FILESIZE>82944</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:14</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>IPMIDrv.sys</FILENAME>
 <FILESIZE>78848</FILESIZE> <CREATIONDATE>07-08-2011 10:33:25</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>ipnat.sys</FILENAME>
 <FILESIZE>116224</FILESIZE> <CREATIONDATE>07-14-2009 00:10:03</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>irenum.sys</FILENAME>
 <FILESIZE>17920</FILESIZE> <CREATIONDATE>07-14-2009 00:08:59</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>isapnp.sys</FILENAME>
 <FILESIZE>20544</FILESIZE> <CREATIONDATE>07-13-2009 23:31:08</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>msiscsi.sys</FILENAME> <FILESIZE>273792</FILESIZE>
 <CREATIONDATE>07-08-2011 10:36:21</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>jraid.sys</FILENAME>
 <FILESIZE>115312</FILESIZE> <CREATIONDATE>07-29-2010 11:00:23</CREATIONDATE>
 <VERSION>1.17.55.0</VERSION> <MANUFACTURER>JMicron Technology 
Corp.</MANUFACTURER> <PRODUCTNAME>JMicron JMB36X RAID Driver</PRODUCTNAME>
 <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>kbdclass.sys</FILENAME> <FILESIZE>50768</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:50</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Keyboard Class</GROUP> </DRIVER> <DRIVER>
 <FILENAME>kbdhid.sys</FILENAME> <FILESIZE>33280</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:26</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Keyboard Port</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ksecdd.sys</FILENAME> <FILESIZE>95600</FILESIZE>
 <CREATIONDATE>07-10-2012 22:39:25</CREATIONDATE>
 <VERSION>6.1.7601.17856</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ksecpkg.sys</FILENAME> <FILESIZE>151920</FILESIZE>
 <CREATIONDATE>07-10-2012 22:39:25</CREATIONDATE>
 <VERSION>6.1.7601.17856</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Cryptography</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ksthunk.sys</FILENAME> <FILESIZE>20992</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:19</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>PNP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>libusb0.sys</FILENAME> <FILESIZE>44480</FILESIZE>
 <CREATIONDATE>05-13-2011 18:35:22</CREATIONDATE> <VERSION>1.2.4.0</VERSION>
 <MANUFACTURER>hxxp://libusb-win32.sourceforge.net</MANUFACTURER>
 <PRODUCTNAME>LibUSB-Win32 - Kernel Driver</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>lltdio.sys</FILENAME> <FILESIZE>60928</FILESIZE>
 <CREATIONDATE>07-14-2009 00:08:51</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>lsi_fc.sys</FILENAME> <FILESIZE>114752</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:34</CREATIONDATE> <VERSION>1.28.3.52</VERSION>
 <MANUFACTURER>LSI Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® 
Operating System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>lsi_sas.sys</FILENAME> <FILESIZE>106560</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>1.28.3.52</VERSION>
 <MANUFACTURER>LSI Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® 
Operating System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>lsi_sas2.sys</FILENAME> <FILESIZE>65600</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:34</CREATIONDATE> <VERSION>2.0.2.71</VERSION>
 <MANUFACTURER>LSI Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® 
Operating System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>lsi_scsi.sys</FILENAME> <FILESIZE>115776</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>1.28.3.67</VERSION>
 <MANUFACTURER>LSI Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® 
Operating System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>luafv.sys</FILENAME> <FILESIZE>113152</FILESIZE>
 <CREATIONDATE>07-13-2009 23:26:13</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>FSFilter Virtualization</GROUP>
 <ALTITUDE>135000</ALTITUDE> </DRIVER> <DRIVER> <FILENAME>megasas.sys</FILENAME>
 <FILESIZE>35392</FILESIZE> <CREATIONDATE>06-10-2009 20:37:14</CREATIONDATE>
 <VERSION>4.5.1.64</VERSION> <MANUFACTURER>LSI Corporation</MANUFACTURER>
 <PRODUCTNAME>MEGASAS Storport Driver for Windows 7\Server 2008 R2 for 
x64</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>MegaSR.sys</FILENAME> <FILESIZE>284736</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE>
 <VERSION>13.5.409.2009</VERSION> <MANUFACTURER>LSI Corporation, 
Inc.</MANUFACTURER> <PRODUCTNAME>MegaRAID Software RAID</PRODUCTNAME>
 <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER> <FILENAME>modem.sys</FILENAME>
 <FILESIZE>40448</FILESIZE> <CREATIONDATE>07-14-2009 00:10:49</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Extended base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>monitor.sys</FILENAME> <FILESIZE>30208</FILESIZE>
 <CREATIONDATE>07-13-2009 23:38:53</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>mouclass.sys</FILENAME>
 <FILESIZE>49216</FILESIZE> <CREATIONDATE>07-13-2009 23:19:50</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Pointer Class</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mouhid.sys</FILENAME> <FILESIZE>31232</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:20</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Pointer Port</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mountmgr.sys</FILENAME> <FILESIZE>94592</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:33</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mpio.sys</FILENAME> <FILESIZE>155008</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:20</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mpsdrv.sys</FILENAME> <FILESIZE>77312</FILESIZE>
 <CREATIONDATE>07-14-2009 00:08:25</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mrxdav.sys</FILENAME> <FILESIZE>140800</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:24</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>mrxsmb.sys</FILENAME>
 <FILESIZE>158208</FILESIZE> <CREATIONDATE>06-16-2011 12:58:37</CREATIONDATE>
 <VERSION>6.1.7601.17605</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mrxsmb10.sys</FILENAME> <FILESIZE>288768</FILESIZE>
 <CREATIONDATE>08-10-2011 18:18:51</CREATIONDATE>
 <VERSION>6.1.7601.17647</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mrxsmb20.sys</FILENAME> <FILESIZE>128000</FILESIZE>
 <CREATIONDATE>06-16-2011 12:58:37</CREATIONDATE>
 <VERSION>6.1.7601.17605</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>msahci.sys</FILENAME> <FILESIZE>31104</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:03</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>msdsm.sys</FILENAME> <FILESIZE>140672</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:21</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>Msfs.sys</FILENAME> <FILESIZE>26112</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:47</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>File system</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mshidkmdf.sys</FILENAME> <FILESIZE>8192</FILESIZE>
 <CREATIONDATE>07-14-2009 00:06:24</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>msisadrv.sys</FILENAME> <FILESIZE>15424</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>MSKSSRV.sys</FILENAME> <FILESIZE>11136</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:18</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>MSPCLOCK.sys</FILENAME> <FILESIZE>7168</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:17</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>MSPQM.sys</FILENAME> <FILESIZE>6784</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:17</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>MsRPC.sys</FILENAME> <FILESIZE>366976</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:41</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>mssmbios.sys</FILENAME>
 <FILESIZE>32320</FILESIZE> <CREATIONDATE>07-13-2009 23:31:10</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>MSTEE.sys</FILENAME>
 <FILESIZE>8064</FILESIZE> <CREATIONDATE>07-14-2009 00:00:17</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>MTConfig.sys</FILENAME> <FILESIZE>15360</FILESIZE>
 <CREATIONDATE>07-14-2009 00:02:08</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>mup.sys</FILENAME> <FILESIZE>60496</FILESIZE>
 <CREATIONDATE>07-13-2009 23:23:45</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>nwifi.sys</FILENAME> <FILESIZE>318976</FILESIZE>
 <CREATIONDATE>07-14-2009 00:07:24</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ndis.sys</FILENAME> <FILESIZE>950128</FILESIZE>
 <CREATIONDATE>09-12-2012 07:25:29</CREATIONDATE>
 <VERSION>6.1.7601.17939</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>NDIS Wrapper</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ndiscap.sys</FILENAME> <FILESIZE>35328</FILESIZE>
 <CREATIONDATE>07-14-2009 00:08:13</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ndistapi.sys</FILENAME> <FILESIZE>24064</FILESIZE>
 <CREATIONDATE>07-14-2009 00:10:00</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>ndisuio.sys</FILENAME>
 <FILESIZE>56832</FILESIZE> <CREATIONDATE>07-08-2011 10:33:49</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ndiswan.sys</FILENAME> <FILESIZE>164352</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:06</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>NDProxy.sys</FILENAME>
 <FILESIZE>57856</FILESIZE> <CREATIONDATE>07-08-2011 10:34:14</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
 <FILENAME>netbios.sys</FILENAME> <FILESIZE>44544</FILESIZE>
 <CREATIONDATE>07-14-2009 00:09:26</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>NetBIOSGroup</GROUP> </DRIVER> <DRIVER>
 <FILENAME>netbt.sys</FILENAME> <FILESIZE>261632</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:58</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
 <FILENAME>nfrd960.sys</FILENAME> <FILESIZE>51264</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>7.10.0.0</VERSION>
 <MANUFACTURER>IBM Corporation</MANUFACTURER> <PRODUCTNAME>IBM ServeRAID 
Controller</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ccdcmbx64.sys</FILENAME> <FILESIZE>19968</FILESIZE>
 <CREATIONDATE>05-18-2011 08:14:12</CREATIONDATE> <VERSION>7.1.32.68</VERSION>
 <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/> <GROUP>Extended Base</GROUP>
 </DRIVER> <DRIVER> <FILENAME>ccdcmbox64.sys</FILENAME>
 <FILESIZE>27136</FILESIZE> <CREATIONDATE>05-18-2011 08:14:16</CREATIONDATE>
 <VERSION>7.1.32.68</VERSION> <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/>
 </DRIVER> <DRIVER> <FILENAME>nmwcdnsucx64.sys</FILENAME>
 <FILESIZE>12800</FILESIZE> <CREATIONDATE>05-18-2011 08:09:48</CREATIONDATE>
 <VERSION>6.85.14.46</VERSION> <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/>
 </DRIVER> <DRIVER> <FILENAME>nmwcdnsux64.sys</FILENAME>
 <FILESIZE>171008</FILESIZE> <CREATIONDATE>05-18-2011 08:09:48</CREATIONDATE>
 <VERSION>6.85.14.46</VERSION> <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/>
 <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER> <FILENAME>npf.sys</FILENAME>
 <FILESIZE>35344</FILESIZE> <CREATIONDATE>06-25-2010 17:07:26</CREATIONDATE>
 <VERSION>4.1.0.2001</VERSION> <MANUFACTURER>CACE Technologies, 
Inc.</MANUFACTURER> <PRODUCTNAME>WinPcap</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>Npfs.sys</FILENAME> <FILESIZE>44032</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:48</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>File system</GROUP> </DRIVER> <DRIVER>
 <FILENAME>nsiproxy.sys</FILENAME> <FILESIZE>24576</FILESIZE>
 <CREATIONDATE>07-13-2009 23:21:03</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>Ntfs.sys</FILENAME>
 <FILESIZE>1659760</FILESIZE> <CREATIONDATE>10-10-2012 07:35:35</CREATIONDATE>
 <VERSION>6.1.7601.17945</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
 <FILENAME>Null.sys</FILENAME> <FILESIZE>6144</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:38</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>nusb3hub.sys</FILENAME> <FILESIZE>75776</FILESIZE>
 <CREATIONDATE>11-20-2009 11:15:58</CREATIONDATE> <VERSION>1.0.18.0</VERSION>
 <MANUFACTURER>NEC Electronics Corporation</MANUFACTURER> <PRODUCTNAME>USB 3.0 
Device Driver</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>nusb3xhc.sys</FILENAME> <FILESIZE>177152</FILESIZE>
 <CREATIONDATE>11-20-2009 11:16:02</CREATIONDATE> <VERSION>1.0.18.0</VERSION>
 <MANUFACTURER>NEC Electronics Corporation</MANUFACTURER> <PRODUCTNAME>USB 3.0 
Device Driver</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>nvlddmkm.sys</FILENAME> <FILESIZE>13443944</FILESIZE>
 <CREATIONDATE>10-10-2012 20:22:18</CREATIONDATE> <VERSION>9.18.13.697</VERSION>
 <MANUFACTURER>NVIDIA Corporation</MANUFACTURER> <PRODUCTNAME>NVIDIA Windows 
Kernel Mode Driver, Version 306.97 </PRODUCTNAME> <GROUP>Video</GROUP> </DRIVER>
 <DRIVER> <FILENAME>nvraid.sys</FILENAME> <FILESIZE>148352</FILESIZE>
 <CREATIONDATE>04-27-2011 23:00:35</CREATIONDATE> <VERSION>10.6.0.18</VERSION>
 <MANUFACTURER>NVIDIA Corporation</MANUFACTURER> <PRODUCTNAME>NVIDIA nForce(TM) 
RAID Driver</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>nvstor.sys</FILENAME> <FILESIZE>166272</FILESIZE>
 <CREATIONDATE>04-27-2011 23:00:35</CREATIONDATE> <VERSION>10.6.0.18</VERSION>
 <MANUFACTURER>NVIDIA Corporation</MANUFACTURER> <PRODUCTNAME>NVIDIA nForce(TM) 
SATA Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>nv_agp.sys</FILENAME> <FILESIZE>122960</FILESIZE>
 <CREATIONDATE>07-13-2009 23:38:44</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ohci1394.sys</FILENAME> <FILESIZE>72832</FILESIZE>
 <CREATIONDATE>07-14-2009 00:06:45</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>parport.sys</FILENAME>
 <FILESIZE>97280</FILESIZE> <CREATIONDATE>07-14-2009 00:00:41</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Parallel arbitrator</GROUP> </DRIVER> <DRIVER>
 <FILENAME>partmgr.sys</FILENAME> <FILESIZE>75120</FILESIZE>
 <CREATIONDATE>05-12-2012 16:05:24</CREATIONDATE>
 <VERSION>6.1.7601.17796</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>pccsmcfdx64.sys</FILENAME> <FILESIZE>25600</FILESIZE>
 <CREATIONDATE>08-07-2010 14:45:22</CREATIONDATE> <VERSION>7.0.0.0</VERSION>
 <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/> </DRIVER> <DRIVER>
 <FILENAME>pci.sys</FILENAME> <FILESIZE>184704</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:28</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>pciide.sys</FILENAME> <FILESIZE>12352</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:49</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>pcmcia.sys</FILENAME> <FILESIZE>220752</FILESIZE>
 <CREATIONDATE>07-13-2009 23:31:10</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>pcw.sys</FILENAME> <FILESIZE>50768</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:30</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>peauth.sys</FILENAME> <FILESIZE>651264</FILESIZE>
 <CREATIONDATE>07-13-2009 23:51:01</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>raspptp.sys</FILENAME>
 <FILESIZE>111104</FILESIZE> <CREATIONDATE>07-08-2011 10:34:59</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>processr.sys</FILENAME>
 <FILESIZE>60416</FILESIZE> <CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>pacer.sys</FILENAME> <FILESIZE>131584</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:44</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>pwdrvio.sys</FILENAME> <FILESIZE>19032</FILESIZE>
 <CREATIONDATE>01-09-2013 23:31:36</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
 <MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
 <FILENAME>pwdspio.sys</FILENAME> <FILESIZE>12384</FILESIZE>
 <CREATIONDATE>01-09-2013 23:31:36</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
 <MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
 <FILENAME>PxHlpa64.sys</FILENAME> <FILESIZE>55856</FILESIZE>
 <CREATIONDATE>08-07-2010 16:15:51</CREATIONDATE> <VERSION>3.0.93.0</VERSION>
 <MANUFACTURER>Sonic Solutions</MANUFACTURER>
 <PRODUCTNAME>PxHelp64</PRODUCTNAME> <GROUP>Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ql2300.sys</FILENAME> <FILESIZE>1524816</FILESIZE>
 <CREATIONDATE>06-10-2009 20:37:36</CREATIONDATE> <VERSION>9.1.8.6</VERSION>
 <MANUFACTURER>QLogic Corporation</MANUFACTURER> <PRODUCTNAME>QLogic Fibre 
Channel Stor Miniport Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP>
 </DRIVER> <DRIVER> <FILENAME>ql40xx.sys</FILENAME> <FILESIZE>128592</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:34</CREATIONDATE> <VERSION>2.1.3.20</VERSION>
 <MANUFACTURER>QLogic Corporation</MANUFACTURER> <PRODUCTNAME>QLA40XX iSCSI Host 
Bus Adapter</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>qwavedrv.sys</FILENAME> <FILESIZE>46592</FILESIZE>
 <CREATIONDATE>07-14-2009 00:09:48</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rasacd.sys</FILENAME>
 <FILESIZE>14848</FILESIZE> <CREATIONDATE>07-14-2009 00:10:09</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Streams Drivers</GROUP> </DRIVER> <DRIVER>
 <FILENAME>AgileVpn.sys</FILENAME> <FILESIZE>60416</FILESIZE>
 <CREATIONDATE>07-14-2009 00:10:24</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rasl2tp.sys</FILENAME>
 <FILESIZE>129536</FILESIZE> <CREATIONDATE>07-08-2011 10:35:25</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>raspppoe.sys</FILENAME>
 <FILESIZE>92672</FILESIZE> <CREATIONDATE>07-14-2009 00:10:17</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rassstp.sys</FILENAME>
 <FILESIZE>83968</FILESIZE> <CREATIONDATE>07-14-2009 00:10:25</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rdbss.sys</FILENAME>
 <FILESIZE>309248</FILESIZE> <CREATIONDATE>07-08-2011 10:35:39</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>rdpbus.sys</FILENAME> <FILESIZE>24064</FILESIZE>
 <CREATIONDATE>07-14-2009 00:17:46</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>RDPCDD.sys</FILENAME>
 <FILESIZE>7680</FILESIZE> <CREATIONDATE>07-14-2009 00:16:34</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Video Save</GROUP> </DRIVER> <DRIVER>
 <FILENAME>rdpdr.sys</FILENAME> <FILESIZE>165888</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:18</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rdpencdd.sys</FILENAME>
 <FILESIZE>7680</FILESIZE> <CREATIONDATE>07-14-2009 00:16:34</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Video Save</GROUP> </DRIVER> <DRIVER>
 <FILENAME>rdprefmp.sys</FILENAME> <FILESIZE>8192</FILESIZE>
 <CREATIONDATE>07-14-2009 00:16:35</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Video Save</GROUP> </DRIVER> <DRIVER>
 <FILENAME>RDPWD.sys</FILENAME> <FILESIZE>210944</FILESIZE>
 <CREATIONDATE>06-12-2012 22:39:23</CREATIONDATE>
 <VERSION>6.1.7601.17830</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rdyboost.sys</FILENAME>
 <FILESIZE>213888</FILESIZE> <CREATIONDATE>07-08-2011 10:34:35</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>RimUsb_AMD64.sys</FILENAME> <FILESIZE>27520</FILESIZE>
 <CREATIONDATE>05-14-2007 14:06:18</CREATIONDATE> <VERSION>4.0.0.2</VERSION>
 <MANUFACTURER>Research In Motion Limited</MANUFACTURER> <PRODUCTNAME>BlackBerry 
Device Driver</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>rrnetcap.sys</FILENAME> <FILESIZE>37480</FILESIZE>
 <CREATIONDATE>08-02-2010 14:01:41</CREATIONDATE> <VERSION>4.0.4000.0</VERSION>
 <MANUFACTURER>RapidSolution Software AG</MANUFACTURER>
 <PRODUCTNAME>RadioRip</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>rrnetcap.sys</FILENAME> <FILESIZE>37480</FILESIZE>
 <CREATIONDATE>08-02-2010 14:01:41</CREATIONDATE> <VERSION>4.0.4000.0</VERSION>
 <MANUFACTURER>RapidSolution Software AG</MANUFACTURER>
 <PRODUCTNAME>RadioRip</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>rspndr.sys</FILENAME> <FILESIZE>76800</FILESIZE>
 <CREATIONDATE>07-14-2009 00:08:51</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>Rt64win7.sys</FILENAME> <FILESIZE>346144</FILESIZE>
 <CREATIONDATE>07-29-2010 10:59:40</CREATIONDATE>
 <VERSION>7.17.304.2010</VERSION> <MANUFACTURER>Realtek </MANUFACTURER>
 <PRODUCTNAME>Realtek 8136/8168/8169 PCI/PCIe Adapters </PRODUCTNAME>
 <GROUP>NDIS</GROUP> </DRIVER> <DRIVER> <FILENAME>wg111v3.sys</FILENAME>
 <FILESIZE>446976</FILESIZE> <CREATIONDATE>04-12-2011 15:57:56</CREATIONDATE>
 <VERSION>62.1181.1118.2009</VERSION> <MANUFACTURER>NETGEAR Inc. </MANUFACTURER>
 <PRODUCTNAME>NETGEAR WG111v3 Wireless-G USB Adapter NDIS Driver</PRODUCTNAME>
 <GROUP>NDIS</GROUP> </DRIVER> <DRIVER> <FILENAME>vms3cap.sys</FILENAME>
 <FILESIZE>6656</FILESIZE> <CREATIONDATE>07-08-2011 10:33:21</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Video</GROUP> </DRIVER> <DRIVER>
 <FILENAME>sbp2port.sys</FILENAME> <FILESIZE>103808</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:56</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>scfilter.sys</FILENAME>
 <FILESIZE>29696</FILESIZE> <CREATIONDATE>07-08-2011 10:33:24</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>secdrv.sys</FILENAME> <FILESIZE>23040</FILESIZE>
 <CREATIONDATE>07-14-2009 02:36:07</CREATIONDATE> <VERSION>4.3.86.0</VERSION>
 <MANUFACTURER>Macrovision Corporation, Macrovision Europe Limited, and 
Macrovision Japan and Asia K.K.</MANUFACTURER> <PRODUCTNAME>Macrovision SECURITY 
Driver</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>Sentinel64.sys</FILENAME>
 <FILESIZE>142120</FILESIZE> <CREATIONDATE>08-11-2010 13:12:56</CREATIONDATE>
 <VERSION>7.4.0.0</VERSION> <MANUFACTURER>SafeNet, Inc.</MANUFACTURER>
 <PRODUCTNAME/> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>serenum.sys</FILENAME> <FILESIZE>23552</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:33</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>PNP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>serial.sys</FILENAME> <FILESIZE>94208</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:40</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Extended base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>sermouse.sys</FILENAME> <FILESIZE>26624</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:20</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Pointer Port</GROUP> </DRIVER> <DRIVER>
 <FILENAME>sffdisk.sys</FILENAME> <FILESIZE>14336</FILESIZE>
 <CREATIONDATE>07-14-2009 00:01:01</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>sffp_mmc.sys</FILENAME>
 <FILESIZE>13824</FILESIZE> <CREATIONDATE>07-14-2009 00:01:03</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>sffp_sd.sys</FILENAME>
 <FILESIZE>14336</FILESIZE> <CREATIONDATE>07-08-2011 10:33:24</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>sfloppy.sys</FILENAME>
 <FILESIZE>16896</FILESIZE> <CREATIONDATE>07-14-2009 00:01:02</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>SiSRaid2.sys</FILENAME>
 <FILESIZE>43584</FILESIZE> <CREATIONDATE>06-10-2009 20:37:40</CREATIONDATE>
 <VERSION>5.1.1039.2600</VERSION> <MANUFACTURER>Silicon Integrated Systems 
Corp.</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>sisraid4.sys</FILENAME> <FILESIZE>80464</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE>
 <VERSION>5.1.1039.3600</VERSION> <MANUFACTURER>Silicon Integrated 
Systems</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>smb.sys</FILENAME> <FILESIZE>93184</FILESIZE>
 <CREATIONDATE>07-14-2009 00:09:09</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
 <FILENAME>spldr.sys</FILENAME> <FILESIZE>19008</FILESIZE>
 <CREATIONDATE>07-13-2009 20:27:56</CREATIONDATE> <VERSION>6.1.7127.0</VERSION>
 <MANUFACTURER>Microsoft Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® 
Windows® Operating System</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>sptd.sys</FILENAME> <FILESIZE>834544</FILESIZE>
 <CREATIONDATE>08-05-2010 23:39:02</CREATIONDATE> <VERSION>1.62.0.0</VERSION>
 <MANUFACTURER>Duplex Secure Ltd.</MANUFACTURER> <PRODUCTNAME>SCSI Pass Through 
Direct</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>srv.sys</FILENAME> <FILESIZE>467456</FILESIZE>
 <CREATIONDATE>06-16-2011 12:58:14</CREATIONDATE>
 <VERSION>6.1.7601.17608</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>srv2.sys</FILENAME> <FILESIZE>410112</FILESIZE>
 <CREATIONDATE>06-16-2011 12:58:14</CREATIONDATE>
 <VERSION>6.1.7601.17608</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>srvnet.sys</FILENAME> <FILESIZE>168448</FILESIZE>
 <CREATIONDATE>06-16-2011 12:58:14</CREATIONDATE>
 <VERSION>6.1.7601.17608</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ssadbus.sys</FILENAME> <FILESIZE>157672</FILESIZE>
 <CREATIONDATE>10-08-2011 13:26:08</CREATIONDATE> <VERSION>5.28.2.1</VERSION>
 <MANUFACTURER>MCCI Corporation</MANUFACTURER> <PRODUCTNAME>SAMSUNG Android USB 
Composite Device</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ssadmdfl.sys</FILENAME> <FILESIZE>16872</FILESIZE>
 <CREATIONDATE>10-08-2011 13:26:08</CREATIONDATE> <VERSION>5.28.2.1</VERSION>
 <MANUFACTURER>MCCI Corporation</MANUFACTURER> <PRODUCTNAME>SAMSUNG Android USB 
Modem Filter Driver</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>ssadmdm.sys</FILENAME> <FILESIZE>177640</FILESIZE>
 <CREATIONDATE>10-08-2011 13:26:08</CREATIONDATE> <VERSION>5.28.2.1</VERSION>
 <MANUFACTURER>MCCI Corporation</MANUFACTURER> <PRODUCTNAME>SAMSUNG Android USB 
Modem</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>ssadserd.sys</FILENAME>
 <FILESIZE>146920</FILESIZE> <CREATIONDATE>10-08-2011 13:26:07</CREATIONDATE>
 <VERSION>5.28.2.1</VERSION> <MANUFACTURER>MCCI Corporation</MANUFACTURER>
 <PRODUCTNAME>SAMSUNG Android USB Diagnostic Serial Port</PRODUCTNAME> </DRIVER>
 <DRIVER> <FILENAME>StarOpen.sys</FILENAME> <FILESIZE>5504</FILESIZE>
 <CREATIONDATE>09-13-2010 19:03:13</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
 <MANUFACTURER/> <PRODUCTNAME/> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>stexstor.sys</FILENAME> <FILESIZE>24656</FILESIZE>
 <CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>5.0.1.1</VERSION>
 <MANUFACTURER>Promise Technology</MANUFACTURER> <PRODUCTNAME>Promise SuperTrak 
EX Series</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>serscan.sys</FILENAME> <FILESIZE>12288</FILESIZE>
 <CREATIONDATE>07-14-2009 00:35:32</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>vmstorfl.sys</FILENAME> <FILESIZE>46464</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:12</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>storvsc.sys</FILENAME> <FILESIZE>34688</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:28</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>swenum.sys</FILENAME> <FILESIZE>12496</FILESIZE>
 <CREATIONDATE>07-14-2009 00:00:18</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tap0901.sys</FILENAME>
 <FILESIZE>31232</FILESIZE> <CREATIONDATE>07-01-2011 09:46:40</CREATIONDATE>
 <VERSION>9.0.0.8</VERSION> <MANUFACTURER>The OpenVPN Project</MANUFACTURER>
 <PRODUCTNAME>TAP-Win32 Virtual Network Driver</PRODUCTNAME> <GROUP>NDIS</GROUP>
 </DRIVER> <DRIVER> <FILENAME>tapoas.sys</FILENAME> <FILESIZE>30720</FILESIZE>
 <CREATIONDATE>08-19-2011 00:46:06</CREATIONDATE> <VERSION>9.0.0.7</VERSION>
 <MANUFACTURER>The OpenVPN Project</MANUFACTURER> <PRODUCTNAME>TAP-Win32 Virtual 
Network Driver</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>tbhsd.sys</FILENAME> <FILESIZE>47208</FILESIZE>
 <CREATIONDATE>08-20-2012 10:48:46</CREATIONDATE> <VERSION>6.0.3400.0</VERSION>
 <MANUFACTURER>RapidSolution Software AG</MANUFACTURER> <PRODUCTNAME>Audials 
Sound Capturing</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tcpip.sys</FILENAME>
 <FILESIZE>1913192</FILESIZE> <CREATIONDATE>02-13-2013 12:04:45</CREATIONDATE>
 <VERSION>6.1.7601.18042</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
 <FILENAME>tcpip.sys</FILENAME> <FILESIZE>1913192</FILESIZE>
 <CREATIONDATE>02-13-2013 12:04:45</CREATIONDATE>
 <VERSION>6.1.7601.18042</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tcpipreg.sys</FILENAME>
 <FILESIZE>45568</FILESIZE> <CREATIONDATE>11-15-2012 18:52:50</CREATIONDATE>
 <VERSION>6.1.7601.17964</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tdpipe.sys</FILENAME>
 <FILESIZE>15872</FILESIZE> <CREATIONDATE>07-14-2009 00:16:32</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tdtcp.sys</FILENAME>
 <FILESIZE>23552</FILESIZE> <CREATIONDATE>03-14-2012 10:24:36</CREATIONDATE>
 <VERSION>6.1.7601.17779</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tdx.sys</FILENAME>
 <FILESIZE>119296</FILESIZE> <CREATIONDATE>07-08-2011 10:35:59</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
 <FILENAME>termdd.sys</FILENAME> <FILESIZE>63360</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:05</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>Tpkd.sys</FILENAME>
 <FILESIZE>105592</FILESIZE> <CREATIONDATE>12-23-2009 09:36:04</CREATIONDATE>
 <VERSION>5.8.13.3234</VERSION> <MANUFACTURER>PACE Anti-Piracy, 
Inc.</MANUFACTURER> <PRODUCTNAME>InterLok(R)</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>truecrypt.sys</FILENAME> <FILESIZE>230352</FILESIZE>
 <CREATIONDATE>07-29-2010 12:22:50</CREATIONDATE> <VERSION>7.0.0.0</VERSION>
 <MANUFACTURER>TrueCrypt Foundation</MANUFACTURER>
 <PRODUCTNAME>TrueCrypt</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>tssecsrv.sys</FILENAME> <FILESIZE>39424</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:26</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tsusbflt.sys</FILENAME>
 <FILESIZE>59392</FILESIZE> <CREATIONDATE>07-08-2011 10:36:45</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>tunnel.sys</FILENAME> <FILESIZE>125440</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:38</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>uagp35.sys</FILENAME> <FILESIZE>64080</FILESIZE>
 <CREATIONDATE>07-13-2009 23:38:44</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>udfs.sys</FILENAME> <FILESIZE>328192</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:33</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
 <FILENAME>uliagpkx.sys</FILENAME> <FILESIZE>64592</FILESIZE>
 <CREATIONDATE>07-13-2009 23:38:48</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
 <FILENAME>umbus.sys</FILENAME> <FILESIZE>48640</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:00</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>umpass.sys</FILENAME> <FILESIZE>9728</FILESIZE>
 <CREATIONDATE>07-14-2009 00:06:52</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>UnlockerDriver5.sys</FILENAME> <FILESIZE>4096</FILESIZE>
 <CREATIONDATE>07-04-2010 19:51:26</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
 <MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
 <FILENAME>usbser_lowerfltx64.sys</FILENAME> <FILESIZE>9216</FILESIZE>
 <CREATIONDATE>05-18-2011 08:14:20</CREATIONDATE> <VERSION>7.1.32.68</VERSION>
 <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/> </DRIVER> <DRIVER>
 <FILENAME>usbaudio.sys</FILENAME> <FILESIZE>109696</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:52</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>usbccgp.sys</FILENAME>
 <FILESIZE>98816</FILESIZE> <CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
 <VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>usbcir.sys</FILENAME> <FILESIZE>100352</FILESIZE>
 <CREATIONDATE>07-14-2009 00:06:37</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>usbehci.sys</FILENAME> <FILESIZE>52736</FILESIZE>
 <CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
 <VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>usbhub.sys</FILENAME> <FILESIZE>343040</FILESIZE>
 <CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
 <VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>usbohci.sys</FILENAME> <FILESIZE>25600</FILESIZE>
 <CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
 <VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>usbprint.sys</FILENAME> <FILESIZE>25088</FILESIZE>
 <CREATIONDATE>07-14-2009 00:38:18</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>usbser.sys</FILENAME> <FILESIZE>32768</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:44</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER>
 <FILENAME>usbser_lowerfltjx64.sys</FILENAME> <FILESIZE>9216</FILESIZE>
 <CREATIONDATE>05-18-2011 08:14:22</CREATIONDATE> <VERSION>7.1.32.68</VERSION>
 <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/> </DRIVER> <DRIVER>
 <FILENAME>USBSTOR.SYS</FILENAME> <FILESIZE>91648</FILESIZE>
 <CREATIONDATE>04-27-2011 23:00:33</CREATIONDATE>
 <VERSION>6.1.7601.17577</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>usbuhci.sys</FILENAME>
 <FILESIZE>30720</FILESIZE> <CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
 <VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>vdrvroot.sys</FILENAME> <FILESIZE>36432</FILESIZE>
 <CREATIONDATE>07-14-2009 00:01:31</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>vgapnp.sys</FILENAME> <FILESIZE>29184</FILESIZE>
 <CREATIONDATE>07-13-2009 23:38:48</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Video</GROUP> </DRIVER> <DRIVER>
 <FILENAME>vga.sys</FILENAME> <FILESIZE>29184</FILESIZE>
 <CREATIONDATE>07-13-2009 23:38:48</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Video Save</GROUP> </DRIVER> <DRIVER>
 <FILENAME>vhdmp.sys</FILENAME> <FILESIZE>215936</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:47</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>SCSI miniport</GROUP> </DRIVER> <DRIVER>
 <FILENAME>viaide.sys</FILENAME> <FILESIZE>17488</FILESIZE>
 <CREATIONDATE>07-13-2009 23:19:50</CREATIONDATE>
 <VERSION>6.0.6000.170</VERSION> <MANUFACTURER>VIA Technologies, 
Inc.</MANUFACTURER> <PRODUCTNAME>VIA PCI IDE MINI Driver</PRODUCTNAME>
 <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>vmbus.sys</FILENAME> <FILESIZE>199552</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:33</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>VMBusHID.sys</FILENAME> <FILESIZE>21760</FILESIZE>
 <CREATIONDATE>07-08-2011 10:33:18</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>volmgr.sys</FILENAME> <FILESIZE>71552</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:22</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>volmgrx.sys</FILENAME> <FILESIZE>363392</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:42</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
 <FILENAME>volsnap.sys</FILENAME> <FILESIZE>295808</FILESIZE>
 <CREATIONDATE>07-08-2011 10:35:41</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>vsmraid.sys</FILENAME>
 <FILESIZE>161872</FILESIZE> <CREATIONDATE>06-10-2009 20:37:58</CREATIONDATE>
 <VERSION>6.0.6000.6210</VERSION> <MANUFACTURER>VIA Technologies 
Inc.,Ltd</MANUFACTURER> <PRODUCTNAME>VIA RAID driver</PRODUCTNAME> <GROUP>SCSI 
Miniport</GROUP> </DRIVER> <DRIVER> <FILENAME>vwifibus.sys</FILENAME>
 <FILESIZE>24576</FILESIZE> <CREATIONDATE>07-14-2009 00:07:21</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>vwififlt.sys</FILENAME>
 <FILESIZE>59904</FILESIZE> <CREATIONDATE>07-14-2009 00:07:22</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>vwifimp.sys</FILENAME> <FILESIZE>17920</FILESIZE>
 <CREATIONDATE>07-14-2009 00:07:28</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>wacompen.sys</FILENAME> <FILESIZE>27776</FILESIZE>
 <CREATIONDATE>07-14-2009 00:02:07</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>wanarp.sys</FILENAME> <FILESIZE>88576</FILESIZE>
 <CREATIONDATE>07-08-2011 10:34:43</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>wanarp.sys</FILENAME>
 <FILESIZE>88576</FILESIZE> <CREATIONDATE>07-08-2011 10:34:43</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>wd.sys</FILENAME>
 <FILESIZE>21056</FILESIZE> <CREATIONDATE>07-13-2009 23:19:55</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>Wdf01000.sys</FILENAME>
 <FILESIZE>785512</FILESIZE> <CREATIONDATE>11-16-2012 00:19:10</CREATIONDATE>
 <VERSION>1.11.9200.16384</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>WdfLoadGroup</GROUP> </DRIVER> <DRIVER>
 <FILENAME>wfplwf.sys</FILENAME> <FILESIZE>12800</FILESIZE>
 <CREATIONDATE>07-14-2009 00:09:26</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
 <FILENAME>wimmount.sys</FILENAME> <FILESIZE>22096</FILESIZE>
 <CREATIONDATE>07-13-2009 23:29:31</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>FSFilter Infrastructure</GROUP>
 <ALTITUDE>180700</ALTITUDE> </DRIVER> <DRIVER> <FILENAME>WinUsb.sys</FILENAME>
 <FILESIZE>41984</FILESIZE> <CREATIONDATE>07-08-2011 10:34:42</CREATIONDATE>
 <VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>wmiacpi.sys</FILENAME>
 <FILESIZE>14336</FILESIZE> <CREATIONDATE>07-13-2009 23:31:03</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>ws2ifsl.sys</FILENAME> <FILESIZE>21504</FILESIZE>
 <CREATIONDATE>07-14-2009 00:10:34</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft® 
Windows®</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
 <FILENAME>WSDPrint.sys</FILENAME> <FILESIZE>23040</FILESIZE>
 <CREATIONDATE>07-14-2009 00:39:20</CREATIONDATE>
 <VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>WudfPf.sys</FILENAME> <FILESIZE>87040</FILESIZE>
 <CREATIONDATE>11-16-2012 00:05:33</CREATIONDATE>
 <VERSION>6.2.9200.16384</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> <GROUP>base</GROUP> </DRIVER> <DRIVER>
 <FILENAME>WUDFRd.sys</FILENAME> <FILESIZE>198656</FILESIZE>
 <CREATIONDATE>11-16-2012 00:05:33</CREATIONDATE>
 <VERSION>6.2.9200.16384</VERSION> <MANUFACTURER>Microsoft 
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating 
System</PRODUCTNAME> </DRIVER> </DRIVERS> </SYSTEMINFO>
         
Nach Neustart hab ich es dann noch mal auf jeden Fall als Administrator gestartet, dabei kam dann folgendes raus:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-28 22:47:02
-----------------------------
22:47:02.190    OS Version: Windows x64 6.1.7601 Service Pack 1
22:47:02.190    Number of processors: 4 586 0x502
22:47:02.190    ComputerName: USER-PC  UserName: user
22:47:02.565    Initialize success
22:47:17.065    AVAST engine defs: 13022800
22:47:31.846    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID2Port1Path0Target0Lun0
22:47:31.846    Disk 0 Vendor: SAMSUNG_ FV01 Size: 238474MB BusType: 8
22:47:31.862    Disk 0 MBR read successfully
22:47:31.862    Disk 0 MBR scan
22:47:31.893    Disk 0 Windows 7 default MBR code
22:47:31.909    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        39899 MB offset 206848
22:47:31.924    Disk 0 Partition - 00     0F Extended LBA            198472 MB offset 81922048
22:47:31.940    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       198471 MB offset 81924096
22:47:32.002    Disk 0 scanning C:\Windows\system32\drivers
22:47:45.987    Service scanning
22:48:13.471    Modules scanning
22:48:13.487    Disk 0 trace - called modules:
22:48:13.502    ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll jraid.sys 
22:48:14.018    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a53060]
22:48:14.018    3 CLASSPNP.SYS[fffff880019af43f] -> nt!IofCallDriver -> \Device\Scsi\JRAID2Port1Path0Target0Lun0[0xfffffa80047d1050]
22:48:15.065    AVAST engine scan C:\Windows
22:48:17.737    AVAST engine scan C:\Windows\system32
22:52:45.706    AVAST engine scan C:\Windows\system32\drivers
22:53:02.956    AVAST engine scan C:\Users\user
23:00:55.612    AVAST engine scan C:\ProgramData
23:04:44.127    Scan finished successfully
23:36:24.128    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
23:36:24.144    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
         
__________________

Alt 01.03.2013, 14:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Ups
Irgendwas hat die Anleitung verschluckt

Also nochmal richtig

TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.03.2013, 15:05   #5
numbi
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Okay, super. Hier der TDSS-Killer Log:
Code:
ATTFilter
14:59:51.0966 4588  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:59:52.0083 4588  ============================================================
14:59:52.0083 4588  Current date / time: 2013/03/01 14:59:52.0083
14:59:52.0083 4588  SystemInfo:
14:59:52.0083 4588  
14:59:52.0083 4588  OS Version: 6.1.7601 ServicePack: 1.0
14:59:52.0083 4588  Product type: Workstation
14:59:52.0083 4588  ComputerName: USER-PC
14:59:52.0083 4588  UserName: user
14:59:52.0083 4588  Windows directory: C:\Windows
14:59:52.0083 4588  System windows directory: C:\Windows
14:59:52.0083 4588  Running under WOW64
14:59:52.0083 4588  Processor architecture: Intel x64
14:59:52.0083 4588  Number of processors: 4
14:59:52.0083 4588  Page size: 0x1000
14:59:52.0083 4588  Boot type: Normal boot
14:59:52.0083 4588  ============================================================
14:59:52.0583 4588  Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
14:59:52.0607 4588  ============================================================
14:59:52.0607 4588  \Device\Harddisk0\DR0:
14:59:52.0607 4588  MBR partitions:
14:59:52.0607 4588  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4DED800
14:59:52.0623 4588  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E21000, BlocksNum 0x183A3800
14:59:52.0623 4588  ============================================================
14:59:52.0685 4588  C: <-> \Device\Harddisk0\DR0\Partition1
14:59:52.0732 4588  D: <-> \Device\Harddisk0\DR0\Partition2
14:59:52.0732 4588  ============================================================
14:59:52.0732 4588  Initialize success
14:59:52.0732 4588  ============================================================
15:00:26.0271 4992  ============================================================
15:00:26.0271 4992  Scan started
15:00:26.0271 4992  Mode: Manual; SigCheck; TDLFS; 
15:00:26.0271 4992  ============================================================
15:00:26.0521 4992  ================ Scan system memory ========================
15:00:26.0521 4992  System memory - ok
15:00:26.0521 4992  ================ Scan services =============================
15:00:26.0732 4992  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:00:26.0880 4992  1394ohci - ok
15:00:26.0935 4992  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:00:26.0966 4992  ACPI - ok
15:00:26.0998 4992  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:00:27.0083 4992  AcpiPmi - ok
15:00:27.0201 4992  [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:00:27.0240 4992  AdobeActiveFileMonitor8.0 - ok
15:00:27.0279 4992  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:00:27.0310 4992  adp94xx - ok
15:00:27.0341 4992  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:00:27.0365 4992  adpahci - ok
15:00:27.0412 4992  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:00:27.0451 4992  adpu320 - ok
15:00:27.0490 4992  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:00:27.0748 4992  AeLookupSvc - ok
15:00:27.0826 4992  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:00:27.0927 4992  AFD - ok
15:00:27.0958 4992  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:00:27.0982 4992  agp440 - ok
15:00:28.0248 4992  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
15:00:28.0248 4992  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
15:00:28.0263 4992  Akamai ( HiddenFile.Multi.Generic ) - warning
15:00:28.0263 4992  Akamai - detected HiddenFile.Multi.Generic (1)
15:00:28.0302 4992  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:00:28.0357 4992  ALG - ok
15:00:28.0388 4992  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:00:28.0404 4992  aliide - ok
15:00:28.0435 4992  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:00:28.0451 4992  amdide - ok
15:00:28.0474 4992  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:00:28.0537 4992  AmdK8 - ok
15:00:28.0560 4992  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:00:28.0599 4992  AmdPPM - ok
15:00:28.0646 4992  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:00:28.0693 4992  amdsata - ok
15:00:28.0708 4992  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:00:28.0740 4992  amdsbs - ok
15:00:28.0755 4992  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:00:28.0779 4992  amdxata - ok
15:00:28.0826 4992  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
15:00:28.0919 4992  androidusb - ok
15:00:28.0998 4992  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService D:\Program Files\Avira\AntiVir Desktop\sched.exe
15:00:29.0044 4992  AntiVirSchedulerService - ok
15:00:29.0060 4992  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  D:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:00:29.0083 4992  AntiVirService - ok
15:00:29.0123 4992  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:00:29.0341 4992  AppID - ok
15:00:29.0365 4992  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:00:29.0419 4992  AppIDSvc - ok
15:00:29.0451 4992  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:00:29.0529 4992  Appinfo - ok
15:00:29.0576 4992  [ 43F86AE638618EEC90460F2238B7B1DD ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
15:00:29.0607 4992  AppleCharger - ok
15:00:29.0623 4992  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:00:29.0654 4992  AppleChargerSrv - ok
15:00:29.0708 4992  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:00:29.0802 4992  AppMgmt - ok
15:00:29.0841 4992  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:00:29.0865 4992  arc - ok
15:00:29.0873 4992  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:00:29.0896 4992  arcsas - ok
15:00:29.0927 4992  ASPI32 - ok
15:00:29.0951 4992  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:30.0005 4992  AsyncMac - ok
15:00:30.0037 4992  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:00:30.0044 4992  atapi - ok
15:00:30.0091 4992  [ 6D1272154A72B6C973A27DD505820EA7 ] athrusb         C:\Windows\system32\DRIVERS\athrxusb.sys
15:00:30.0201 4992  athrusb - ok
15:00:30.0255 4992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:30.0349 4992  AudioEndpointBuilder - ok
15:00:30.0365 4992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:00:30.0396 4992  AudioSrv - ok
15:00:30.0435 4992  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:00:30.0466 4992  avgntflt - ok
15:00:30.0498 4992  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:00:30.0521 4992  avipbb - ok
15:00:30.0552 4992  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:00:30.0568 4992  avkmgr - ok
15:00:30.0607 4992  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:00:30.0701 4992  AxInstSV - ok
15:00:30.0748 4992  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:00:30.0810 4992  b06bdrv - ok
15:00:30.0849 4992  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:30.0912 4992  b57nd60a - ok
15:00:30.0951 4992  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:00:31.0005 4992  BDESVC - ok
15:00:31.0037 4992  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:00:31.0099 4992  Beep - ok
15:00:31.0177 4992  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:00:31.0263 4992  BFE - ok
15:00:31.0294 4992  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:00:31.0365 4992  BITS - ok
15:00:31.0396 4992  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:31.0443 4992  blbdrive - ok
15:00:31.0498 4992  BotkindSyncService - ok
15:00:31.0537 4992  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:00:31.0615 4992  bowser - ok
15:00:31.0654 4992  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:31.0755 4992  BrFiltLo - ok
15:00:31.0771 4992  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:31.0787 4992  BrFiltUp - ok
15:00:31.0818 4992  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:00:31.0873 4992  Browser - ok
15:00:31.0896 4992  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:00:31.0958 4992  Brserid - ok
15:00:31.0974 4992  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:32.0013 4992  BrSerWdm - ok
15:00:32.0021 4992  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:32.0068 4992  BrUsbMdm - ok
15:00:32.0083 4992  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:32.0107 4992  BrUsbSer - ok
15:00:32.0130 4992  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:32.0154 4992  BTHMODEM - ok
15:00:32.0201 4992  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:00:32.0271 4992  bthserv - ok
15:00:32.0302 4992  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:00:32.0404 4992  cdfs - ok
15:00:32.0451 4992  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:00:32.0498 4992  cdrom - ok
15:00:32.0537 4992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:00:32.0599 4992  CertPropSvc - ok
15:00:32.0615 4992  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:00:32.0630 4992  circlass - ok
15:00:32.0654 4992  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:00:32.0693 4992  CLFS - ok
15:00:32.0802 4992  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:32.0841 4992  clr_optimization_v2.0.50727_32 - ok
15:00:32.0888 4992  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:32.0927 4992  clr_optimization_v2.0.50727_64 - ok
15:00:33.0013 4992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:33.0060 4992  clr_optimization_v4.0.30319_32 - ok
15:00:33.0107 4992  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:33.0138 4992  clr_optimization_v4.0.30319_64 - ok
15:00:33.0162 4992  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:33.0193 4992  CmBatt - ok
15:00:33.0224 4992  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:00:33.0240 4992  cmdide - ok
15:00:33.0279 4992  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:00:33.0318 4992  CNG - ok
15:00:33.0341 4992  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:00:33.0349 4992  Compbatt - ok
15:00:33.0388 4992  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:00:33.0419 4992  CompositeBus - ok
15:00:33.0443 4992  COMSysApp - ok
15:00:33.0458 4992  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:33.0474 4992  crcdisk - ok
15:00:33.0513 4992  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:00:33.0591 4992  CryptSvc - ok
15:00:33.0646 4992  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
15:00:33.0740 4992  CSC - ok
15:00:33.0794 4992  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
15:00:33.0826 4992  CscService - ok
15:00:33.0857 4992  cvintdrv - ok
15:00:33.0896 4992  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
15:00:33.0912 4992  CVirtA - ok
15:00:33.0982 4992  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
15:00:34.0021 4992  CVPND - ok
15:00:34.0076 4992  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
15:00:34.0107 4992  CVPNDRVA - ok
15:00:34.0146 4992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:00:34.0193 4992  DcomLaunch - ok
15:00:34.0248 4992  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:00:34.0365 4992  defragsvc - ok
15:00:34.0388 4992  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:00:34.0427 4992  DfsC - ok
15:00:34.0474 4992  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:00:34.0521 4992  Dhcp - ok
15:00:34.0623 4992  [ 1AC413BEE91E786DFCB55D5D732EBFA1 ] DirMngr         D:\Program Files\GNU\GnuPG\dirmngr.exe
15:00:34.0662 4992  DirMngr ( UnsignedFile.Multi.Generic ) - warning
15:00:34.0662 4992  DirMngr - detected UnsignedFile.Multi.Generic (1)
15:00:34.0693 4992  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:00:34.0755 4992  discache - ok
15:00:34.0771 4992  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:00:34.0787 4992  Disk - ok
15:00:34.0841 4992  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
15:00:34.0849 4992  DNE - ok
15:00:34.0927 4992  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:00:34.0998 4992  Dnscache - ok
15:00:35.0037 4992  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:00:35.0083 4992  dot3svc - ok
15:00:35.0107 4992  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:00:35.0169 4992  DPS - ok
15:00:35.0208 4992  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:00:35.0255 4992  drmkaud - ok
15:00:35.0310 4992  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:00:35.0341 4992  DXGKrnl - ok
15:00:35.0388 4992  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:00:35.0443 4992  EapHost - ok
15:00:35.0560 4992  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:00:35.0646 4992  ebdrv - ok
15:00:35.0685 4992  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:00:35.0748 4992  EFS - ok
15:00:35.0810 4992  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:00:35.0919 4992  ehRecvr - ok
15:00:35.0982 4992  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:00:36.0068 4992  ehSched - ok
15:00:36.0115 4992  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:00:36.0177 4992  elxstor - ok
15:00:36.0193 4992  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:00:36.0216 4992  ErrDev - ok
15:00:36.0263 4992  [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
15:00:36.0294 4992  ES lite Service - ok
15:00:36.0333 4992  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:00:36.0396 4992  EventSystem - ok
15:00:36.0412 4992  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:00:36.0458 4992  exfat - ok
15:00:36.0482 4992  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:00:36.0529 4992  fastfat - ok
15:00:36.0583 4992  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:00:36.0638 4992  Fax - ok
15:00:36.0662 4992  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:00:36.0677 4992  fdc - ok
15:00:36.0685 4992  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:00:36.0732 4992  fdPHost - ok
15:00:36.0740 4992  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:00:36.0826 4992  FDResPub - ok
15:00:36.0841 4992  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:00:36.0857 4992  FileInfo - ok
15:00:36.0865 4992  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:00:36.0896 4992  Filetrace - ok
15:00:36.0935 4992  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:00:37.0013 4992  FLEXnet Licensing Service - ok
15:00:37.0037 4992  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:37.0083 4992  flpydisk - ok
15:00:37.0123 4992  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:00:37.0185 4992  FltMgr - ok
15:00:37.0255 4992  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:00:37.0333 4992  FontCache - ok
15:00:37.0380 4992  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:37.0412 4992  FontCache3.0.0.0 - ok
15:00:37.0435 4992  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:00:37.0451 4992  FsDepends - ok
15:00:37.0474 4992  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:00:37.0490 4992  Fs_Rec - ok
15:00:37.0537 4992  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:00:37.0552 4992  fvevol - ok
15:00:37.0568 4992  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:37.0591 4992  gagp30kx - ok
15:00:37.0623 4992  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
15:00:37.0638 4992  gdrv - ok
15:00:37.0677 4992  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:00:37.0724 4992  gpsvc - ok
15:00:37.0794 4992  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:37.0810 4992  gupdate - ok
15:00:37.0818 4992  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:37.0833 4992  gupdatem - ok
15:00:37.0880 4992  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:00:37.0919 4992  gusvc - ok
15:00:37.0943 4992  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:00:37.0990 4992  hcw85cir - ok
15:00:38.0029 4992  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:00:38.0083 4992  HdAudAddService - ok
15:00:38.0115 4992  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:00:38.0169 4992  HDAudBus - ok
15:00:38.0177 4992  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:38.0201 4992  HidBatt - ok
15:00:38.0216 4992  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:00:38.0240 4992  HidBth - ok
15:00:38.0248 4992  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:00:38.0279 4992  HidIr - ok
15:00:38.0302 4992  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:00:38.0373 4992  hidserv - ok
15:00:38.0419 4992  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:00:38.0435 4992  HidUsb - ok
15:00:38.0466 4992  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:00:38.0505 4992  hkmsvc - ok
15:00:38.0537 4992  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:38.0583 4992  HomeGroupListener - ok
15:00:38.0623 4992  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:38.0677 4992  HomeGroupProvider - ok
15:00:38.0818 4992  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        D:\Program Files\Treiber\HP\Digital Imaging\bin\hpqcxs08.dll
15:00:38.0841 4992  hpqcxs08 - ok
15:00:38.0896 4992  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        D:\Program Files\Treiber\HP\Digital Imaging\bin\hpqddsvc.dll
15:00:38.0904 4992  hpqddsvc - ok
15:00:38.0943 4992  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:00:38.0966 4992  HpSAMD - ok
15:00:39.0021 4992  [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC        D:\Program Files\Treiber\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:00:39.0052 4992  HPSLPSVC - ok
15:00:39.0107 4992  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:00:39.0201 4992  HTTP - ok
15:00:39.0224 4992  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:00:39.0232 4992  hwpolicy - ok
15:00:39.0271 4992  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:00:39.0287 4992  i8042prt - ok
15:00:39.0326 4992  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:00:39.0349 4992  iaStorV - ok
15:00:39.0435 4992  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:39.0513 4992  idsvc - ok
15:00:39.0560 4992  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:00:39.0591 4992  iirsp - ok
15:00:39.0630 4992  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:00:39.0708 4992  IKEEXT - ok
15:00:39.0810 4992  [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:00:39.0849 4992  IntcAzAudAddService - ok
15:00:39.0865 4992  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:00:39.0873 4992  intelide - ok
15:00:39.0904 4992  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:00:39.0927 4992  intelppm - ok
15:00:39.0951 4992  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:00:39.0990 4992  IPBusEnum - ok
15:00:40.0021 4992  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:40.0068 4992  IpFilterDriver - ok
15:00:40.0107 4992  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:00:40.0177 4992  iphlpsvc - ok
15:00:40.0208 4992  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:00:40.0240 4992  IPMIDRV - ok
15:00:40.0263 4992  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:00:40.0318 4992  IPNAT - ok
15:00:40.0341 4992  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:00:40.0419 4992  IRENUM - ok
15:00:40.0451 4992  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:00:40.0458 4992  isapnp - ok
15:00:40.0498 4992  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:00:40.0529 4992  iScsiPrt - ok
15:00:40.0623 4992  [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X          C:\Windows\SysWOW64\XSrvSetup.exe
15:00:40.0669 4992  JMB36X - ok
15:00:40.0701 4992  [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
15:00:40.0724 4992  JRAID - ok
15:00:40.0763 4992  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:00:40.0787 4992  kbdclass - ok
15:00:40.0818 4992  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:00:40.0833 4992  kbdhid - ok
15:00:40.0857 4992  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:00:40.0873 4992  KeyIso - ok
15:00:40.0904 4992  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:00:40.0943 4992  KSecDD - ok
15:00:40.0974 4992  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:00:40.0998 4992  KSecPkg - ok
15:00:41.0021 4992  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:00:41.0123 4992  ksthunk - ok
15:00:41.0162 4992  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:00:41.0240 4992  KtmRm - ok
15:00:41.0263 4992  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:00:41.0349 4992  LanmanServer - ok
15:00:41.0380 4992  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:41.0427 4992  LanmanWorkstation - ok
15:00:41.0458 4992  [ 02538E602280C07438C94489DCBE77D5 ] libusb0         C:\Windows\system32\DRIVERS\libusb0.sys
15:00:41.0466 4992  libusb0 - ok
15:00:41.0498 4992  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:00:41.0560 4992  lltdio - ok
15:00:41.0591 4992  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:00:41.0685 4992  lltdsvc - ok
15:00:41.0701 4992  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:00:41.0732 4992  lmhosts - ok
15:00:41.0763 4992  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:41.0779 4992  LSI_FC - ok
15:00:41.0794 4992  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:41.0810 4992  LSI_SAS - ok
15:00:41.0818 4992  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:41.0833 4992  LSI_SAS2 - ok
15:00:41.0849 4992  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:41.0865 4992  LSI_SCSI - ok
15:00:41.0888 4992  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:00:41.0935 4992  luafv - ok
15:00:41.0958 4992  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:00:41.0990 4992  Mcx2Svc - ok
15:00:41.0998 4992  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:00:42.0013 4992  megasas - ok
15:00:42.0037 4992  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:42.0060 4992  MegaSR - ok
15:00:42.0154 4992  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:00:42.0201 4992  Microsoft Office Groove Audit Service - ok
15:00:42.0224 4992  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:00:42.0302 4992  MMCSS - ok
15:00:42.0318 4992  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:00:42.0380 4992  Modem - ok
15:00:42.0412 4992  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:00:42.0427 4992  monitor - ok
15:00:42.0451 4992  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:00:42.0466 4992  mouclass - ok
15:00:42.0474 4992  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:00:42.0498 4992  mouhid - ok
15:00:42.0544 4992  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:00:42.0560 4992  mountmgr - ok
15:00:42.0623 4992  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:00:42.0654 4992  MozillaMaintenance - ok
15:00:42.0669 4992  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:00:42.0693 4992  mpio - ok
15:00:42.0701 4992  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:00:42.0748 4992  mpsdrv - ok
15:00:42.0833 4992  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:00:42.0935 4992  MpsSvc - ok
15:00:42.0966 4992  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:00:43.0005 4992  MRxDAV - ok
15:00:43.0029 4992  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:43.0068 4992  mrxsmb - ok
15:00:43.0107 4992  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:43.0146 4992  mrxsmb10 - ok
15:00:43.0162 4992  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:43.0224 4992  mrxsmb20 - ok
15:00:43.0271 4992  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:00:43.0310 4992  msahci - ok
15:00:43.0341 4992  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:00:43.0365 4992  msdsm - ok
15:00:43.0380 4992  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:00:43.0412 4992  MSDTC - ok
15:00:43.0451 4992  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:00:43.0474 4992  Msfs - ok
15:00:43.0482 4992  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:00:43.0521 4992  mshidkmdf - ok
15:00:43.0552 4992  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:00:43.0560 4992  msisadrv - ok
15:00:43.0607 4992  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:00:43.0685 4992  MSiSCSI - ok
15:00:43.0685 4992  msiserver - ok
15:00:43.0708 4992  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:00:43.0748 4992  MSKSSRV - ok
15:00:43.0771 4992  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:43.0810 4992  MSPCLOCK - ok
15:00:43.0818 4992  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:00:43.0857 4992  MSPQM - ok
15:00:43.0888 4992  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:00:43.0912 4992  MsRPC - ok
15:00:43.0927 4992  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:00:43.0935 4992  mssmbios - ok
15:00:43.0951 4992  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:00:43.0990 4992  MSTEE - ok
15:00:44.0005 4992  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:44.0021 4992  MTConfig - ok
15:00:44.0044 4992  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:00:44.0060 4992  Mup - ok
15:00:44.0091 4992  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:00:44.0138 4992  napagent - ok
15:00:44.0177 4992  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:00:44.0240 4992  NativeWifiP - ok
15:00:44.0302 4992  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:00:44.0349 4992  NDIS - ok
15:00:44.0373 4992  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:44.0404 4992  NdisCap - ok
15:00:44.0435 4992  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:44.0482 4992  NdisTapi - ok
15:00:44.0498 4992  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:44.0599 4992  Ndisuio - ok
15:00:44.0623 4992  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:44.0685 4992  NdisWan - ok
15:00:44.0708 4992  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:00:44.0740 4992  NDProxy - ok
15:00:44.0779 4992  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:00:44.0818 4992  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:00:44.0818 4992  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:00:44.0841 4992  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:00:44.0912 4992  NetBIOS - ok
15:00:44.0943 4992  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:00:44.0966 4992  NetBT - ok
15:00:44.0982 4992  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:00:44.0990 4992  Netlogon - ok
15:00:45.0029 4992  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:00:45.0068 4992  Netman - ok
15:00:45.0107 4992  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:00:45.0154 4992  netprofm - ok
15:00:45.0177 4992  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:45.0201 4992  NetTcpPortSharing - ok
15:00:45.0208 4992  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:45.0224 4992  nfrd960 - ok
15:00:45.0255 4992  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:00:45.0318 4992  NlaSvc - ok
15:00:45.0380 4992  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       D:\Program Files\CDBurnerXP\NMSAccessU.exe
15:00:45.0412 4992  NMSAccess - ok
15:00:45.0458 4992  [ 88F2F2CB9FAEE2E14BCCF384F4C88061 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
15:00:45.0521 4992  nmwcd - ok
15:00:45.0552 4992  [ 31C1FAC4AE14FB2F8771C59BA3F90BAD ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
15:00:45.0615 4992  nmwcdc - ok
15:00:45.0646 4992  [ 863AA6C58AC85A22355AE943C605E44B ] nmwcdnsucx64    C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:00:45.0685 4992  nmwcdnsucx64 - ok
15:00:45.0716 4992  [ 7983D9201788407C4D1FC4D0BAA04E32 ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
15:00:45.0755 4992  nmwcdnsux64 - ok
15:00:45.0818 4992  [ EB900C136E660A8DEB657BE134C3BCD9 ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
15:00:45.0841 4992  nosGetPlusHelper - ok
15:00:45.0865 4992  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
15:00:45.0880 4992  NPF - ok
15:00:45.0896 4992  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:00:45.0927 4992  Npfs - ok
15:00:45.0966 4992  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:00:46.0021 4992  nsi - ok
15:00:46.0052 4992  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:00:46.0123 4992  nsiproxy - ok
15:00:46.0193 4992  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:00:46.0248 4992  Ntfs - ok
15:00:46.0255 4992  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:00:46.0287 4992  Null - ok
15:00:46.0302 4992  [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:00:46.0333 4992  nusb3hub - ok
15:00:46.0373 4992  [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:00:46.0419 4992  nusb3xhc - ok
15:00:46.0771 4992  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:00:46.0943 4992  nvlddmkm - ok
15:00:46.0974 4992  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:00:46.0990 4992  nvraid - ok
15:00:47.0029 4992  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:00:47.0044 4992  nvstor - ok
15:00:47.0107 4992  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:00:47.0154 4992  nvsvc - ok
15:00:47.0240 4992  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:00:47.0271 4992  nvUpdatusService - ok
15:00:47.0310 4992  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:00:47.0326 4992  nv_agp - ok
15:00:47.0412 4992  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:00:47.0466 4992  odserv - ok
15:00:47.0498 4992  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:00:47.0537 4992  ohci1394 - ok
15:00:47.0607 4992  [ 8C02B0CC65BEE71124A565062BA77B39 ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
15:00:47.0638 4992  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning
15:00:47.0638 4992  OpenVPNAccessClient - detected UnsignedFile.Multi.Generic (1)
15:00:47.0740 4992  [ D29D5E61A5722630BB58940D1E4E231A ] OpenVPNService  D:\Program Files\OpenVPN\bin\openvpnserv.exe
15:00:47.0779 4992  OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
15:00:47.0779 4992  OpenVPNService - detected UnsignedFile.Multi.Generic (1)
15:00:47.0826 4992  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:00:47.0873 4992  ose - ok
15:00:47.0927 4992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:00:47.0974 4992  p2pimsvc - ok
15:00:48.0013 4992  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:00:48.0044 4992  p2psvc - ok
15:00:48.0091 4992  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:00:48.0115 4992  Parport - ok
15:00:48.0146 4992  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:00:48.0169 4992  partmgr - ok
15:00:48.0185 4992  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:00:48.0232 4992  PcaSvc - ok
15:00:48.0248 4992  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:00:48.0279 4992  pccsmcfd - ok
15:00:48.0302 4992  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:00:48.0318 4992  pci - ok
15:00:48.0349 4992  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:00:48.0357 4992  pciide - ok
15:00:48.0373 4992  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:00:48.0396 4992  pcmcia - ok
15:00:48.0412 4992  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:00:48.0427 4992  pcw - ok
15:00:48.0443 4992  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:00:48.0505 4992  PEAUTH - ok
15:00:48.0583 4992  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:00:48.0662 4992  PeerDistSvc - ok
15:00:48.0685 4992  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:00:48.0701 4992  PerfHost - ok
15:00:48.0787 4992  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:00:48.0888 4992  pla - ok
15:00:48.0951 4992  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:00:48.0990 4992  PlugPlay - ok
15:00:49.0052 4992  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:00:49.0083 4992  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:00:49.0083 4992  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:00:49.0115 4992  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:00:49.0162 4992  PNRPAutoReg - ok
15:00:49.0185 4992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:00:49.0201 4992  PNRPsvc - ok
15:00:49.0255 4992  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:00:49.0357 4992  PolicyAgent - ok
15:00:49.0388 4992  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:00:49.0466 4992  Power - ok
15:00:49.0505 4992  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:00:49.0552 4992  PptpMiniport - ok
15:00:49.0576 4992  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:00:49.0599 4992  Processor - ok
15:00:49.0630 4992  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:00:49.0708 4992  ProfSvc - ok
15:00:49.0724 4992  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:00:49.0740 4992  ProtectedStorage - ok
15:00:49.0787 4992  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:00:49.0826 4992  Psched - ok
15:00:49.0873 4992  [ DEFD557D9B8C0FA3CEA6CC576400114E ] pwdrvio         C:\Windows\system32\pwdrvio.sys
15:00:49.0912 4992  pwdrvio - ok
15:00:49.0943 4992  [ A2EE3B70A9E05F651B888078726C2787 ] pwdspio         C:\Windows\system32\pwdspio.sys
15:00:49.0966 4992  pwdspio - ok
15:00:49.0998 4992  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:00:50.0021 4992  PxHlpa64 - ok
15:00:50.0076 4992  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:00:50.0146 4992  ql2300 - ok
15:00:50.0177 4992  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:00:50.0216 4992  ql40xx - ok
15:00:50.0248 4992  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:00:50.0279 4992  QWAVE - ok
15:00:50.0294 4992  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:00:50.0326 4992  QWAVEdrv - ok
15:00:50.0341 4992  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:00:50.0388 4992  RasAcd - ok
15:00:50.0427 4992  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:50.0458 4992  RasAgileVpn - ok
15:00:50.0466 4992  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:00:50.0513 4992  RasAuto - ok
15:00:50.0544 4992  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:50.0662 4992  Rasl2tp - ok
15:00:50.0724 4992  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:00:50.0794 4992  RasMan - ok
15:00:50.0818 4992  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:50.0857 4992  RasPppoe - ok
15:00:50.0896 4992  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:00:50.0951 4992  RasSstp - ok
15:00:50.0982 4992  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:00:51.0044 4992  rdbss - ok
15:00:51.0068 4992  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:00:51.0099 4992  rdpbus - ok
15:00:51.0107 4992  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:51.0146 4992  RDPCDD - ok
15:00:51.0177 4992  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:00:51.0193 4992  RDPDR - ok
15:00:51.0224 4992  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:00:51.0255 4992  RDPENCDD - ok
15:00:51.0271 4992  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:00:51.0294 4992  RDPREFMP - ok
15:00:51.0333 4992  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:00:51.0380 4992  RDPWD - ok
15:00:51.0404 4992  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:00:51.0427 4992  rdyboost - ok
15:00:51.0458 4992  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:00:51.0498 4992  RemoteAccess - ok
15:00:51.0529 4992  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:00:51.0576 4992  RemoteRegistry - ok
15:00:51.0615 4992  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:00:51.0638 4992  RimUsb - ok
15:00:51.0685 4992  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
15:00:51.0708 4992  rpcapd - ok
15:00:51.0740 4992  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:00:51.0787 4992  RpcEptMapper - ok
15:00:51.0810 4992  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:00:51.0849 4992  RpcLocator - ok
15:00:51.0896 4992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:00:51.0935 4992  RpcSs - ok
15:00:51.0974 4992  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
15:00:51.0982 4992  RRNetCap - ok
15:00:51.0998 4992  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
15:00:52.0005 4992  RRNetCapMP - ok
15:00:52.0044 4992  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:00:52.0068 4992  rspndr - ok
15:00:52.0107 4992  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:00:52.0123 4992  RTL8167 - ok
15:00:52.0162 4992  [ 4A06585C8673F4458E9FBBC9DDDB4D28 ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys
15:00:52.0201 4992  RTL8187B - ok
15:00:52.0224 4992  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:00:52.0294 4992  s3cap - ok
15:00:52.0318 4992  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:00:52.0326 4992  SamSs - ok
15:00:52.0349 4992  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:00:52.0373 4992  sbp2port - ok
15:00:52.0404 4992  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:00:52.0458 4992  SCardSvr - ok
15:00:52.0482 4992  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:00:52.0529 4992  scfilter - ok
15:00:52.0591 4992  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:00:52.0654 4992  Schedule - ok
15:00:52.0685 4992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:00:52.0716 4992  SCPolicySvc - ok
15:00:52.0740 4992  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:00:52.0779 4992  SDRSVC - ok
15:00:52.0833 4992  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:00:52.0935 4992  secdrv - ok
15:00:52.0966 4992  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:00:53.0005 4992  seclogon - ok
15:00:53.0021 4992  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:00:53.0068 4992  SENS - ok
15:00:53.0083 4992  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:00:53.0115 4992  SensrSvc - ok
15:00:53.0146 4992  [ 84AC127242DD3CCDE02F9A4673214B1F ] Sentinel64      C:\Windows\System32\Drivers\Sentinel64.sys
15:00:53.0185 4992  Sentinel64 - ok
15:00:53.0208 4992  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:00:53.0232 4992  Serenum - ok
15:00:53.0248 4992  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:00:53.0287 4992  Serial - ok
15:00:53.0302 4992  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:00:53.0326 4992  sermouse - ok
15:00:53.0396 4992  [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:00:53.0451 4992  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:00:53.0451 4992  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:00:53.0490 4992  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:00:53.0560 4992  SessionEnv - ok
15:00:53.0583 4992  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:00:53.0623 4992  sffdisk - ok
15:00:53.0638 4992  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:00:53.0662 4992  sffp_mmc - ok
15:00:53.0669 4992  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:00:53.0701 4992  sffp_sd - ok
15:00:53.0724 4992  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:00:53.0732 4992  sfloppy - ok
15:00:53.0771 4992  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:00:53.0818 4992  SharedAccess - ok
15:00:53.0849 4992  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:00:53.0904 4992  ShellHWDetection - ok
15:00:53.0912 4992  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:00:53.0927 4992  SiSRaid2 - ok
15:00:53.0951 4992  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:00:53.0966 4992  SiSRaid4 - ok
15:00:53.0998 4992  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:00:54.0052 4992  SkypeUpdate - ok
15:00:54.0076 4992  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:00:54.0123 4992  Smb - ok
15:00:54.0154 4992  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:00:54.0169 4992  SNMPTRAP - ok
15:00:54.0177 4992  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:00:54.0185 4992  spldr - ok
15:00:54.0224 4992  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:00:54.0271 4992  Spooler - ok
15:00:54.0365 4992  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:00:54.0451 4992  sppsvc - ok
15:00:54.0466 4992  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:00:54.0513 4992  sppuinotify - ok
15:00:54.0560 4992  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
15:00:54.0607 4992  sptd - ok
15:00:54.0677 4992  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:00:54.0732 4992  srv - ok
15:00:54.0779 4992  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:00:54.0841 4992  srv2 - ok
15:00:54.0857 4992  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:00:54.0888 4992  srvnet - ok
15:00:54.0935 4992  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
15:00:54.0974 4992  ssadbus - ok
15:00:54.0998 4992  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:00:55.0021 4992  ssadmdfl - ok
15:00:55.0044 4992  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
15:00:55.0076 4992  ssadmdm - ok
15:00:55.0083 4992  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
15:00:55.0107 4992  ssadserd - ok
15:00:55.0146 4992  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:00:55.0193 4992  SSDPSRV - ok
15:00:55.0208 4992  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:00:55.0240 4992  SstpSvc - ok
15:00:55.0255 4992  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
15:00:55.0294 4992  StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:00:55.0294 4992  StarOpen - detected UnsignedFile.Multi.Generic (1)
15:00:55.0357 4992  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:00:55.0380 4992  Stereo Service - ok
15:00:55.0396 4992  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:00:55.0412 4992  stexstor - ok
15:00:55.0443 4992  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:00:55.0458 4992  StillCam - ok
15:00:55.0505 4992  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:00:55.0552 4992  stisvc - ok
15:00:55.0583 4992  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:00:55.0599 4992  storflt - ok
15:00:55.0623 4992  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
15:00:55.0654 4992  StorSvc - ok
15:00:55.0677 4992  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:00:55.0693 4992  storvsc - ok
15:00:55.0716 4992  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:00:55.0724 4992  swenum - ok
15:00:55.0833 4992  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:00:55.0857 4992  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:00:55.0857 4992  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:00:55.0896 4992  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:00:55.0951 4992  swprv - ok
15:00:56.0005 4992  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:00:56.0060 4992  SysMain - ok
15:00:56.0091 4992  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:00:56.0115 4992  TabletInputService - ok
15:00:56.0162 4992  [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
15:00:56.0193 4992  tap0901 - ok
15:00:56.0232 4992  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:00:56.0287 4992  TapiSrv - ok
15:00:56.0318 4992  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
15:00:56.0365 4992  tapoas - ok
15:00:56.0412 4992  [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
15:00:56.0427 4992  tbhsd - ok
15:00:56.0451 4992  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:00:56.0513 4992  TBS - ok
15:00:56.0591 4992  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:00:56.0677 4992  Tcpip - ok
15:00:56.0732 4992  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:00:56.0763 4992  TCPIP6 - ok
15:00:56.0787 4992  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:00:56.0802 4992  tcpipreg - ok
15:00:56.0833 4992  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:00:56.0865 4992  TDPIPE - ok
15:00:56.0880 4992  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:00:56.0919 4992  TDTCP - ok
15:00:56.0958 4992  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:00:57.0052 4992  tdx - ok
15:00:57.0083 4992  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:00:57.0107 4992  TermDD - ok
15:00:57.0154 4992  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:00:57.0232 4992  TermService - ok
15:00:57.0263 4992  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:00:57.0302 4992  Themes - ok
15:00:57.0318 4992  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:00:57.0349 4992  THREADORDER - ok
15:00:57.0388 4992  [ C676B0F52F2B6483AFB88F79CABB011E ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
15:00:57.0404 4992  Tpkd - ok
15:00:57.0419 4992  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:00:57.0458 4992  TrkWks - ok
15:00:57.0490 4992  [ C4238AF5AAF167C3E5113F98F5427A0B ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
15:00:57.0505 4992  truecrypt - ok
15:00:57.0568 4992  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:00:57.0638 4992  TrustedInstaller - ok
15:00:57.0669 4992  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:57.0716 4992  tssecsrv - ok
15:00:57.0763 4992  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:00:57.0802 4992  TsUsbFlt - ok
15:00:57.0833 4992  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:00:57.0904 4992  tunnel - ok
15:00:57.0935 4992  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:00:57.0951 4992  uagp35 - ok
15:00:57.0982 4992  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:00:58.0044 4992  udfs - ok
15:00:58.0076 4992  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:00:58.0091 4992  UI0Detect - ok
15:00:58.0130 4992  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:00:58.0162 4992  uliagpkx - ok
15:00:58.0193 4992  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:00:58.0232 4992  umbus - ok
15:00:58.0248 4992  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:00:58.0263 4992  UmPass - ok
15:00:58.0310 4992  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:00:58.0349 4992  UmRdpService - ok
15:00:58.0396 4992  [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 D:\Program Files\Unlocker\UnlockerDriver5.sys
15:00:58.0427 4992  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
15:00:58.0427 4992  UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
15:00:58.0458 4992  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:00:58.0544 4992  upnphost - ok
15:00:58.0568 4992  [ FBD861E69E1F583BEC906FCD04E4F84E ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:00:58.0623 4992  upperdev - ok
15:00:58.0677 4992  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:00:58.0716 4992  usbaudio - ok
15:00:58.0740 4992  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:58.0787 4992  usbccgp - ok
15:00:58.0833 4992  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:00:58.0865 4992  usbcir - ok
15:00:58.0888 4992  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:00:58.0912 4992  usbehci - ok
15:00:58.0951 4992  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:00:59.0013 4992  usbhub - ok
15:00:59.0044 4992  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:00:59.0068 4992  usbohci - ok
15:00:59.0091 4992  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:00:59.0123 4992  usbprint - ok
15:00:59.0154 4992  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
15:00:59.0185 4992  usbser - ok
15:00:59.0208 4992  [ 0FBB0080B287BBCBF5C7076E3D74A35C ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:00:59.0248 4992  UsbserFilt - ok
15:00:59.0271 4992  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:59.0310 4992  USBSTOR - ok
15:00:59.0333 4992  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:00:59.0357 4992  usbuhci - ok
15:00:59.0380 4992  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:00:59.0419 4992  UxSms - ok
15:00:59.0427 4992  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:00:59.0435 4992  VaultSvc - ok
15:00:59.0466 4992  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:00:59.0474 4992  vdrvroot - ok
15:00:59.0521 4992  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:00:59.0623 4992  vds - ok
15:00:59.0646 4992  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:59.0662 4992  vga - ok
15:00:59.0677 4992  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:00:59.0716 4992  VgaSave - ok
15:00:59.0748 4992  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:00:59.0763 4992  vhdmp - ok
15:00:59.0787 4992  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:00:59.0802 4992  viaide - ok
15:00:59.0826 4992  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:00:59.0841 4992  vmbus - ok
15:00:59.0873 4992  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:00:59.0912 4992  VMBusHID - ok
15:00:59.0943 4992  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:00:59.0982 4992  volmgr - ok
15:01:00.0021 4992  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:01:00.0060 4992  volmgrx - ok
15:01:00.0068 4992  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:01:00.0091 4992  volsnap - ok
15:01:00.0115 4992  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:01:00.0138 4992  vsmraid - ok
15:01:00.0216 4992  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:01:00.0326 4992  VSS - ok
15:01:00.0333 4992  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:01:00.0365 4992  vwifibus - ok
15:01:00.0404 4992  [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:01:00.0458 4992  VWiFiFlt - ok
15:01:00.0498 4992  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:01:00.0521 4992  vwifimp - ok
15:01:00.0552 4992  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:01:00.0623 4992  W32Time - ok
15:01:00.0646 4992  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:01:00.0669 4992  WacomPen - ok
15:01:00.0701 4992  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:01:00.0779 4992  WANARP - ok
15:01:00.0787 4992  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:01:00.0818 4992  Wanarpv6 - ok
15:01:00.0888 4992  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:01:00.0982 4992  wbengine - ok
15:01:01.0013 4992  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:01:01.0037 4992  WbioSrvc - ok
15:01:01.0068 4992  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:01:01.0107 4992  wcncsvc - ok
15:01:01.0123 4992  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:01:01.0154 4992  WcsPlugInService - ok
15:01:01.0162 4992  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:01:01.0177 4992  Wd - ok
15:01:01.0216 4992  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:01:01.0279 4992  Wdf01000 - ok
15:01:01.0287 4992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:01:01.0373 4992  WdiServiceHost - ok
15:01:01.0373 4992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:01:01.0388 4992  WdiSystemHost - ok
15:01:01.0427 4992  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:01:01.0498 4992  WebClient - ok
15:01:01.0513 4992  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:01:01.0576 4992  Wecsvc - ok
15:01:01.0591 4992  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:01:01.0623 4992  wercplsupport - ok
15:01:01.0662 4992  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:01:01.0732 4992  WerSvc - ok
15:01:01.0755 4992  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:01:01.0779 4992  WfpLwf - ok
15:01:01.0794 4992  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:01:01.0810 4992  WIMMount - ok
15:01:01.0826 4992  WinDefend - ok
15:01:01.0826 4992  WinHttpAutoProxySvc - ok
15:01:01.0873 4992  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:01:01.0904 4992  Winmgmt - ok
15:01:01.0990 4992  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:01:02.0099 4992  WinRM - ok
15:01:02.0146 4992  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:01:02.0185 4992  WinUsb - ok
15:01:02.0232 4992  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:01:02.0271 4992  Wlansvc - ok
15:01:02.0287 4992  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:01:02.0310 4992  WmiAcpi - ok
15:01:02.0333 4992  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:01:02.0357 4992  wmiApSrv - ok
15:01:02.0373 4992  WMPNetworkSvc - ok
15:01:02.0388 4992  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:01:02.0412 4992  WPCSvc - ok
15:01:02.0451 4992  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:01:02.0490 4992  WPDBusEnum - ok
15:01:02.0521 4992  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:01:02.0583 4992  ws2ifsl - ok
15:01:02.0607 4992  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:01:02.0638 4992  wscsvc - ok
15:01:02.0654 4992  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:01:02.0716 4992  WSDPrintDevice - ok
15:01:02.0716 4992  WSearch - ok
15:01:02.0802 4992  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:01:02.0873 4992  wuauserv - ok
15:01:02.0904 4992  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:01:02.0951 4992  WudfPf - ok
15:01:02.0998 4992  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:03.0029 4992  WUDFRd - ok
15:01:03.0060 4992  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:01:03.0083 4992  wudfsvc - ok
15:01:03.0115 4992  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:01:03.0146 4992  WwanSvc - ok
15:01:03.0177 4992  ================ Scan global ===============================
15:01:03.0201 4992  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:01:03.0232 4992  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:01:03.0248 4992  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:01:03.0287 4992  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:01:03.0333 4992  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:01:03.0341 4992  [Global] - ok
15:01:03.0341 4992  ================ Scan MBR ==================================
15:01:03.0349 4992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:01:04.0396 4992  \Device\Harddisk0\DR0 - ok
15:01:04.0396 4992  ================ Scan VBR ==================================
15:01:04.0419 4992  [ 8D003667252B8B428EE23E8E6CE3DDD2 ] \Device\Harddisk0\DR0\Partition1
15:01:04.0427 4992  \Device\Harddisk0\DR0\Partition1 - ok
15:01:04.0443 4992  [ 9921D5E2EE2919FAF32EC9A3ACAF46B2 ] \Device\Harddisk0\DR0\Partition2
15:01:04.0451 4992  \Device\Harddisk0\DR0\Partition2 - ok
15:01:04.0451 4992  ============================================================
15:01:04.0451 4992  Scan finished
15:01:04.0451 4992  ============================================================
15:01:04.0466 3732  Detected object count: 10
15:01:04.0466 3732  Actual detected object count: 10
15:02:32.0912 3732  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:02:32.0912 3732  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
15:02:32.0919 3732  DirMngr ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0919 3732  DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:32.0919 3732  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0919 3732  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:32.0927 3732  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0927 3732  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:32.0927 3732  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0927 3732  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:32.0927 3732  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0927 3732  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:32.0927 3732  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0927 3732  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:32.0935 3732  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0935 3732  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:32.0935 3732  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0935 3732  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:32.0935 3732  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0935 3732  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 01.03.2013, 16:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Avira findet erst JS.Expack.EM und dann Spy.Zbot

Alt 01.03.2013, 19:51   #7
numbi
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Code:
ATTFilter
ComboFix 13-02-26.01 - user 01.03.2013  16:37:43.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2153 [GMT 1:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\UA000096.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-01 bis 2013-03-01  ))))))))))))))))))))))))))))))
.
.
2013-03-01 16:26 . 2013-03-01 16:26	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-01 16:26 . 2013-03-01 16:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-28 10:51 . 2013-02-28 10:51	--------	d-----w-	c:\users\user\AppData\Local\Programs
2013-02-25 21:13 . 2013-02-25 21:13	--------	d-----w-	c:\users\user\AppData\Roaming\{EBBDA7E5-AB7B-4114-A5D7-466CA013A61A}
2013-02-25 21:12 . 2013-02-25 21:12	--------	d-----w-	c:\users\user\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288}
2013-02-25 21:12 . 2013-02-25 21:12	--------	d-----w-	c:\users\user\AppData\Roaming\{C7E6AB03-F5B6-4277-BCC7-9290C2711314}
2013-02-25 21:11 . 2013-02-28 10:44	--------	d-----w-	c:\users\user\AppData\Roaming\Orleniu
2013-02-25 21:11 . 2013-02-28 10:27	--------	d-----w-	c:\users\user\AppData\Roaming\Ilhor
2013-02-21 11:47 . 2013-02-21 11:47	--------	d-----w-	c:\users\user\AppData\Roaming\Sync App Settings
2013-02-19 22:53 . 2013-03-01 13:46	--------	d-----w-	c:\users\user\AppData\Roaming\tor
2013-02-19 22:53 . 2013-02-19 22:53	--------	d-----w-	c:\users\user\AppData\Local\Tor
2013-02-19 22:53 . 2013-03-01 18:22	--------	d-----w-	c:\users\user\AppData\Local\Vidalia
2013-02-17 00:24 . 2013-02-17 00:24	--------	d-----w-	c:\program files (x86)\Winamp
2013-02-13 14:37 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 14:37 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:05 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 12:05 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 12:05 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 12:04 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 12:04 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 12:04 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 12:04 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 12:04 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 12:04 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 12:04 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 12:04 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:04 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-01 18:20 . 2010-07-29 11:03	25640	----a-w-	c:\windows\gdrv.sys
2013-02-14 12:34 . 2012-03-29 10:03	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 12:34 . 2011-05-14 09:57	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 02:18 . 2010-08-03 20:20	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 12:04	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-28 00:43	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-28 00:43	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-28 00:43	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-28 00:43	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2010-10-10 10:11	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 20:50	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 20:50	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 20:50	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 20:50	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 20:50	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 20:50	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 20:50	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 20:50	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 20:50	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 20:50	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 20:50	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 20:50	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 20:50	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 20:50	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 20:50	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 20:50	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 20:50	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 20:50	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 20:50	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 20:50	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 20:50	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 20:50	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 20:50	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 20:50	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 20:50	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 20:50	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 20:50	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 20:50	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 20:50	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 20:50	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 20:50	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 20:50	55296	----a-w-	c:\windows\SysWow64\cero.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\prxtbBro0.dll" [2011-01-17 175912]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\BrotherSoft_Extreme\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\prxtbBro0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"KiesPDLR"="d:\program files\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Vidalia"="d:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2012-07-28 6172985]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"KeePass 2 PreLoad"="d:\program files\KeePass\KeePass.exe" [2012-05-01 1895424]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="d:\program files\Treiber\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WA5H2V3YWCUAWV7AJ"="c:\4gejsvyia73\58A59837F3C.exe" [2011-11-17 352606]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenVPN GUI.lnk - d:\program files\OpenVPN\bin\openvpn-gui-1.0.3.exe [2011-7-1 99328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\program files\Treiber\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2080768]
OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-8-25 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;d:\program files\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-08-25 24064]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2006-11-30 556544]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-08-02 37480]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-05 834544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 21544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;d:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-11 86224]
S2 BotkindSyncService;Botkind Service;d:\program files\Allway Sync\Bin\SyncService.exe service [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-13 44480]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-08-02 37480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
Akamai	REG_MULTI_SZ   	Akamai
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 20:00]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 20:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: BID Link Explorer: Öffne aktuelle Seite - file://d:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://d:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://d:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://d:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://d:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Nach Microsoft &Excel exportieren - d:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - d:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b3rkme20.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=. 
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
.reg=Regedit.Document
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-GnuPG - d:\program files)\GNU\GnuPG\uninst-gnupg.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:03,b3,5a,29,cb,f0,ff,02,a1,20,93,2d,67,ee,e7,f0,63,da,6e,17,0d,
   2b,39,76,50,af,87,2e,5e,48,2b,68,2f,d5,93,77,2c,52,89,1b,49,f6,f6,f2,3c,f5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:03,b3,5a,29,cb,f0,ff,02,a1,20,93,2d,67,ee,e7,f0,63,da,6e,17,0d,
   2b,39,76,50,af,87,2e,5e,48,2b,68,2f,d5,93,77,2c,52,89,1b,49,f6,f6,f2,3c,f5,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\Allway Sync\Bin\SyncService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
d:\program files\CDBurnerXP\NMSAccessU.exe
d:\program files\Treiber\HP\Digital Imaging\bin\hpqSTE08.exe
d:\program files\Treiber\HP\Digital Imaging\bin\hpqbam08.exe
d:\program files\Treiber\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-01  19:48:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-01 18:48
.
Vor Suchlauf: 671.469.568 Bytes frei
Nach Suchlauf: 1.519.284.224 Bytes frei
.
- - End Of File - - CDC08A21FEA7118278CD2EDD62084492
         

Alt 02.03.2013, 01:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2013, 20:00   #9
numbi
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Waren zu groß, anbei gepackt.

Alt 02.03.2013, 20:41   #10
numbi
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Was noch zu erwähnen ist, ist dass Antivir (weiß leider nicht mehr nach welchem Start) die HOSTS-Datei blockiert hat.

Alt 03.03.2013, 18:17   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\.DEFAULT..\Run: [WA5H2V3YWCUAWV7AJ] C:\4gEJsVyiA73\58A59837F3C.exe ()
O4 - HKU\S-1-5-18..\Run: [WA5H2V3YWCUAWV7AJ] C:\4gEJsVyiA73\58A59837F3C.exe ()
[2013.02.25 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Orleniu
[2013.02.25 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ilhor
[2013.02.28 23:36:24 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA
@Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:OJ0YQExu03UDxq7DpcqoFrAcwI
@Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:cu2FmI3Q4fibyVmaHRHJgfe
@Alternate Data Stream - 1237 bytes -> C:\ProgramData\Microsoft:JKDMIATSCiGEmTWezHcJGU2cJ
@Alternate Data Stream - 1221 bytes -> C:\ProgramData\Microsoft:4zlAzNhJQeEHAXksRRsM
@Alternate Data Stream - 1210 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:NbarIRuIfeYYGKXlRqmW8F
:Files
C:\4gEJsVyiA73
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.03.2013, 11:57   #12
numbi
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 8118 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\WA5H2V3YWCUAWV7AJ deleted successfully.
C:\4gEJsVyiA73\58A59837F3C.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WA5H2V3YWCUAWV7AJ not found.
File C:\4gEJsVyiA73\58A59837F3C.exe not found.
C:\Users\user\AppData\Roaming\Orleniu folder moved successfully.
C:\Users\user\AppData\Roaming\Ilhor folder moved successfully.
C:\Users\user\Desktop\MBR.dat moved successfully.
ADS C:\ProgramData\TEMP:E8BE05FA deleted successfully.
ADS C:\ProgramData\Microsoft:OJ0YQExu03UDxq7DpcqoFrAcwI deleted successfully.
ADS C:\ProgramData\Microsoft:cu2FmI3Q4fibyVmaHRHJgfe deleted successfully.
ADS C:\ProgramData\Microsoft:JKDMIATSCiGEmTWezHcJGU2cJ deleted successfully.
ADS C:\ProgramData\Microsoft:4zlAzNhJQeEHAXksRRsM deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:NbarIRuIfeYYGKXlRqmW8F deleted successfully.
========== FILES ==========
C:\4gEJsVyiA73 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57616 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 58264 bytes
 
User: user
->Temp folder emptied: 826942 bytes
->Temporary Internet Files folder emptied: 6613143 bytes
->Java cache emptied: 1559803 bytes
->FireFox cache emptied: 66899510 bytes
->Opera cache emptied: 312962 bytes
->Flash cache emptied: 141586 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44929 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67153 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 73,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03042013_114837

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 04.03.2013, 12:19   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Eine neue Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.03.2013, 14:17   #14
numbi
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Wenn ich mich nicht grob verguckt habe, wurde wieder nur eine Datei erstellt:
Code:
ATTFilter
OTL logfile created on: 04.03.2013 12:34:58 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,13% Memory free
7,99 Gb Paging File | 5,95 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 38,96 Gb Total Space | 1,01 Gb Free Space | 2,58% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 12,28 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Program Files\Allway Sync\Bin\SyncService.exe ()
PRC - D:\Program Files\Vidalia Bundle\Tor\tor.exe ()
PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
PRC - D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe ()
PRC - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe ()
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - D:\Program Files\Vidalia Bundle\Polipo\polipo.exe ()
PRC - D:\Program Files\GNU\GnuPG\dirmngr.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - D:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
PRC - D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
PRC - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\user\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - D:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - D:\Program Files\Vidalia Bundle\Tor\tor.exe ()
MOD - D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
MOD - D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd ()
MOD - D:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe ()
MOD - D:\Program Files\Vidalia Bundle\Polipo\polipo.exe ()
MOD - D:\Program Files\Vidalia Bundle\Polipo\libgnurx-0.dll ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
MOD - D:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (BotkindSyncService) -- D:\Program Files\Allway Sync\Bin\SyncService.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe ()
SRV - (OpenVPNService) -- D:\Program Files\OpenVPN\bin\openvpnserv.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DirMngr) -- D:\Program Files\GNU\GnuPG\dirmngr.exe ()
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- D:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- D:\Program Files\Treiber\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (AdobeActiveFileMonitor8.0) -- D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\SysWOW64\drivers\npf.sys (CACE Technologies)
DRV - (cvintdrv) -- C:\Windows\SysWow64\drivers\cvintdrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB DA 64 3B 80 60 CD 01  [binary data]
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\..\SearchScopes\{5EBA3B38-9834-4418-BC1C-C0BE03A47579}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1004\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..CT2801948.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "hxxp://www.google.de"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "NCH EN Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: googlesharing%40extension.thoughtcrime.org:0.22
FF - prefs.js..extensions.enabledAddons: nitishthelegendkiller%40yahoo.co.in:1.0
FF - prefs.js..extensions.enabledAddons: rotateimage%40minisystems.de:0.1.3.2
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16
FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE%7D:3.1a6
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.32
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: rotateimage@minisystems.de:0.1.3.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.3.3.2
FF - prefs.js..extensions.enabledItems: nitishthelegendkiller@yahoo.co.in:1.0
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:3.7.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=. "
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.07 15:45:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.02.19 17:48:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.02.19 17:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2013.02.20 02:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.13 12:40:36 | 000,000,000 | ---D | M]
 
[2010.08.01 18:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010.08.01 18:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.04 11:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions
[2011.02.12 23:18:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2013.02.19 17:08:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.12.02 13:58:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013.02.23 12:18:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.29 22:58:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.03.01 19:50:26 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\firefox@ghostery.com
[2011.09.09 21:57:32 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org
[2013.01.21 00:32:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\https-everywhere@eff.org
[2012.09.17 09:01:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\ich@maltegoetz.de
[2011.04.22 11:14:20 | 000,000,000 | ---D | M] (ImgClub.org Image Uploader) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\nitishthelegendkiller@yahoo.co.in
[2010.07.31 19:59:16 | 000,000,000 | ---D | M] (Rotate Image) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\rotateimage@minisystems.de
[2011.09.09 21:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2011.09.09 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2011.09.09 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2010.07.31 19:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions
[2010.07.31 19:17:56 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.07.31 19:17:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.12.02 13:58:49 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\autofillForms@blueimp.net.xpi
[2012.11.19 00:41:08 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\compatibility@addons.mozilla.org.xpi
[2012.08.28 14:31:45 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\exif_viewer@mozilla.doslash.org.xpi
[2012.02.27 23:20:23 | 000,003,958 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\expire-history-by-days@bonardo.net.xpi
[2013.02.23 22:52:06 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\firebug@software.joehewitt.com.xpi
[2012.01.01 15:22:47 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2012.03.29 11:04:02 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2013.03.04 11:58:37 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.09.02 11:35:05 | 000,286,375 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE}.xpi
[2013.02.28 12:07:23 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010.08.01 18:26:39 | 000,002,305 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\searchplugins\znout-de.xml
 
O1 HOSTS File: ([2013.03.04 11:49:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] D:\Program Files\KeePass\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [KiesPDLR] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [Vidalia] D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - D:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8 - Extra context menu item: BID: Link in Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: BID: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: BID: Öffne diesen &Link - D:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: BID: Seite in &Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378EFFA4-C0DC-4D97-833C-9BC576364504}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D65EF701-E5A3-4F9D-B7B0-93879E23381D}: DhcpNameServer = 172.27.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.04 11:48:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.02 19:26:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.02 19:26:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.02 19:25:58 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013.03.01 19:21:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.03.01 16:35:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.01 16:35:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.01 16:35:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.01 16:35:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.01 16:14:20 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.03.01 14:56:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013.02.28 22:36:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.28 20:13:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013.02.28 17:44:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar-1.01.0.1020
[2013.02.28 12:32:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.02.28 11:51:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013.02.28 11:51:13 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.25 22:13:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{EBBDA7E5-AB7B-4114-A5D7-466CA013A61A}
[2013.02.25 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288}
[2013.02.25 22:12:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{C7E6AB03-F5B6-4277-BCC7-9290C2711314}
[2013.02.21 12:47:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Sync App Settings
[2013.02.19 23:53:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\tor
[2013.02.19 23:53:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Tor
[2013.02.19 23:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle
[2013.02.19 23:53:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Vidalia
[2013.02.17 01:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.02.17 01:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013.02.15 03:04:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.15 03:04:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.15 03:04:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.15 03:04:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.15 03:04:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.15 03:04:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.15 03:04:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.15 03:04:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.15 03:04:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.15 03:04:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.15 03:04:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.15 03:04:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.15 03:04:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.15 03:04:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.15 03:04:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 13:05:06 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 13:05:05 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 13:05:05 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 13:04:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 13:04:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 13:04:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 13:04:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 13:04:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 13:04:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 13:04:45 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.04 12:23:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.04 11:58:16 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 11:58:16 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 11:50:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.03.04 11:50:39 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013.03.04 11:50:31 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.04 11:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.04 11:50:14 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 11:49:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.03.02 19:58:50 | 000,034,452 | ---- | M] () -- C:\Users\user\Desktop\Desktop.rar
[2013.03.02 19:34:51 | 000,594,019 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013.03.02 19:26:10 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013.03.01 16:14:32 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.03.01 14:56:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013.02.28 20:14:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013.02.28 17:37:02 | 013,711,621 | ---- | M] () -- C:\Users\user\Desktop\mbar-1.01.0.1020.zip
[2013.02.28 13:02:05 | 000,377,856 | ---- | M] () -- C:\Users\user\Desktop\4np82roe.exe
[2013.02.28 12:32:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.02.28 12:24:12 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable
[2013.02.28 12:23:06 | 000,050,477 | ---- | M] () -- C:\Users\user\Desktop\Defogger.exe
[2013.02.28 11:51:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.28 11:51:14 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.26 18:48:34 | 007,010,574 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.26 18:48:34 | 002,475,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 18:48:34 | 002,103,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.26 18:48:34 | 001,879,536 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.26 18:48:34 | 000,005,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.25 02:23:52 | 000,054,784 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.19 00:02:17 | 000,003,033 | ---- | M] () -- C:\Users\user\Desktop\axp.axp
[2013.02.14 13:34:27 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.14 13:34:27 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.14 13:15:48 | 005,037,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.07 19:37:41 | 000,001,010 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.07 19:37:29 | 000,000,976 | ---- | M] () -- C:\Users\user\Desktop\Dropbox.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.04 11:50:39 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013.03.02 19:58:50 | 000,034,452 | ---- | C] () -- C:\Users\user\Desktop\Desktop.rar
[2013.03.02 19:34:46 | 000,594,019 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013.03.01 16:35:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.01 16:35:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.01 16:35:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.01 16:35:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.01 16:35:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.28 17:36:55 | 013,711,621 | ---- | C] () -- C:\Users\user\Desktop\mbar-1.01.0.1020.zip
[2013.02.28 13:02:04 | 000,377,856 | ---- | C] () -- C:\Users\user\Desktop\4np82roe.exe
[2013.02.28 12:24:12 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable
[2013.02.28 12:23:04 | 000,050,477 | ---- | C] () -- C:\Users\user\Desktop\Defogger.exe
[2013.02.28 11:51:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.19 00:02:17 | 000,003,033 | ---- | C] () -- C:\Users\user\Desktop\axp.axp
[2012.06.20 23:17:39 | 000,000,218 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2012.05.13 22:12:54 | 000,000,032 | ---- | C] () -- C:\Users\user\.simfy
[2012.04.08 22:14:33 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Local\PUTTY.RND
[2012.04.01 21:23:00 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd
[2011.12.21 21:09:41 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.08.05 23:51:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2011.08.02 18:09:24 | 000,233,582 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.05.13 20:55:00 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2011.03.28 10:30:33 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2011.03.28 10:30:31 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2011.03.28 10:30:31 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2010.08.11 16:32:44 | 000,001,789 | ---- | C] () -- C:\Users\user\Default.atp
[2010.08.11 16:32:44 | 000,000,288 | ---- | C] () -- C:\Users\user\user.properties
[2010.08.07 12:10:27 | 000,007,603 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2010.08.05 00:43:05 | 000,054,784 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 04.03.2013, 14:22   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet erst JS.Expack.EM und dann Spy.Zbot - Standard

Avira findet erst JS.Expack.EM und dann Spy.Zbot



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Avira findet erst JS.Expack.EM und dann Spy.Zbot
akamai, avira, bho, cdburnerxp, desktop, downloader, excel, google, helper, iexplore.exe, internet, internet explorer, js.expack, libusb0.sys, logfile, mozilla, mp3, netgear, ntdll.dll, nvidia update, programm, prozesse, realtek, registry, required, senden, server, software, spy.zbot, svchost.exe, usb, windows



Ähnliche Themen: Avira findet erst JS.Expack.EM und dann Spy.Zbot


  1. Malwarebytes Anti-Malware geht erst nicht, findet dann Security.Hijack - Ist da noch mehr?
    Log-Analyse und Auswertung - 21.08.2014 (17)
  2. zip Datei Anhang von falscher telecom Rechnung geöffnet, Avira findet keinen Virus, ist dann alles in Ordnung?
    Log-Analyse und Auswertung - 17.06.2014 (11)
  3. Avira findet TR/Spy.ZBot
    Log-Analyse und Auswertung - 31.10.2013 (9)
  4. Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (35)
  5. Avira findet immer wieder neue Viren wie z.B. TR/Spy.ZBot.prgn und weitere
    Log-Analyse und Auswertung - 29.09.2013 (4)
  6. Avira findet TR/Spy.ZBot.eshs
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (34)
  7. Avira findet TR/Spy.ZBot.ale
    Log-Analyse und Auswertung - 10.07.2013 (11)
  8. Avira findet Trojaner TR/Ransom.Blocker.bboz und TR/PSW.Zbot.274432.6
    Log-Analyse und Auswertung - 24.04.2013 (5)
  9. EXP/Js.Expack.CQ -- danach rechner langsam, avira findet 88 verstecke objekte und "mögliche archivbombe"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (1)
  10. Avira findet TR/PSW.Zbot.3325
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (13)
  11. Avira Free Antivir findet TR/PSW.Zbot.Y.46
    Log-Analyse und Auswertung - 29.08.2012 (17)
  12. Erst TR/Spy.ZBot.efym dann TR/Trash.Gen
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  13. Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden
    Log-Analyse und Auswertung - 23.01.2012 (21)
  14. Erst Exploit.2010-0840.BC aus Avira, dann Trojan.KillAV aus Malwarebytes
    Log-Analyse und Auswertung - 30.11.2011 (34)
  15. Erst Vista dann XP?
    Alles rund um Windows - 11.06.2010 (31)
  16. Erst Vista dann XP?
    Mülltonne - 01.06.2010 (4)
  17. Erst TR/Crypt.ZPACK.Gen, dann 9 weitere, dann unklar (Teil 1)
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (1)

Zum Thema Avira findet erst JS.Expack.EM und dann Spy.Zbot - Hallo liebe Menschen, folgendes ist mir widerfahren: Als ich neulich ausnahmsweise mal mit dem Internet Explorer (statt FF) unterwegs war, meldete Avira einen JS.Expack.EM. Dieser wurde in Quarantäne verschoben oder - Avira findet erst JS.Expack.EM und dann Spy.Zbot...
Archiv
Du betrachtest: Avira findet erst JS.Expack.EM und dann Spy.Zbot auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.