Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.05.2013, 11:36   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 19:31   #17
HilfeHilfeH
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Die aswMBR.exe hat mich nciht nach der aktuellen Virendefinition gefragt. Habe einfach gescannt... Hier das Log

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-09 19:21:35
-----------------------------
19:21:35.029    OS Version: Windows x64 6.2.9200 
19:21:35.029    Number of processors: 4 586 0x3A09
19:21:35.030    ComputerName: BÄR  UserName: 
19:21:35.255    Initialze error 1 
19:21:36.235    AVAST engine defs: 13050800
19:22:11.626    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b
19:22:11.628    Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR10001 Size: 953869MB BusType: 11
19:22:11.643    Disk 0 MBR read successfully
19:22:11.646    Disk 0 MBR scan
19:22:11.648    Disk 0 unknown MBR code
19:22:11.650    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
19:22:11.653    Disk 0 scanning C:\Windows\system32\drivers
19:22:11.656    Service scanning
19:22:12.361    Modules scanning
19:22:12.366    Disk 0 trace - called modules:
19:22:12.375    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
19:22:12.381    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80051d4060]
19:22:12.387    3 CLASSPNP.SYS[fffff88001201fea] -> nt!IofCallDriver -> [0xfffffa8004635430]
19:22:12.396    5 ACPI.sys[fffff88001183a91] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa8004630230]
19:22:12.403    AVAST engine scan C:\Windows
19:22:12.411    AVAST engine scan C:\Windows\system32
19:22:12.418    AVAST engine scan C:\Windows\system32\drivers
19:22:12.426    AVAST engine scan C:\Users\henning
19:22:12.434    AVAST engine scan C:\ProgramData
19:22:12.441    Scan finished successfully
19:22:53.264    Disk 0 MBR has been saved successfully to "C:\Users\henning\Desktop\MBR.dat"
19:22:53.280    The log file has been saved successfully to "C:\Users\henning\Desktop\aswMBR.txt"
         

Und das andere

Code:
ATTFilter
19:26:30.0605 4484  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:26:30.0605 4484  UEFI system
19:26:30.0824 4484  ============================================================
19:26:30.0824 4484  Current date / time: 2013/05/09 19:26:30.0824
19:26:30.0824 4484  SystemInfo:
19:26:30.0824 4484  
19:26:30.0824 4484  OS Version: 6.2.9200 ServicePack: 0.0
19:26:30.0824 4484  Product type: Workstation
19:26:30.0824 4484  ComputerName: BÄR
19:26:30.0824 4484  UserName: henning
19:26:30.0824 4484  Windows directory: C:\Windows
19:26:30.0824 4484  System windows directory: C:\Windows
19:26:30.0824 4484  Running under WOW64
19:26:30.0824 4484  Processor architecture: Intel x64
19:26:30.0824 4484  Number of processors: 4
19:26:30.0824 4484  Page size: 0x1000
19:26:30.0824 4484  Boot type: Normal boot
19:26:30.0824 4484  ============================================================
19:26:31.0731 4484  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:26:31.0731 4484  ============================================================
19:26:31.0731 4484  \Device\Harddisk0\DR0:
19:26:31.0731 4484  GPT partitions:
19:26:31.0731 4484  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {ED8A7604-9430-4EAE-8C6A-3C3A23273634}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xF9800
19:26:31.0731 4484  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {19BFAB54-0AC1-468B-982B-1CE87B02647A}, Name: EFI system partition, StartLBA 0xFA000, BlocksNum 0x32000
19:26:31.0731 4484  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {910C2AE2-B224-4000-B8D6-29913B5BE3C1}, Name: Microsoft reserved partition, StartLBA 0x12C000, BlocksNum 0x40000
19:26:31.0731 4484  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {68382FB2-A422-4901-AA8C-725A01BAB5F0}, Name: Basic data partition, StartLBA 0x16C000, BlocksNum 0x200000
19:26:31.0731 4484  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7922F0A1-A429-45BD-8631-30874705F313}, Name: Basic data partition, StartLBA 0x36C000, BlocksNum 0x6CB9A000
19:26:31.0731 4484  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {64928DD1-57DD-4AD6-9F83-FE0763D3E4B9}, Name: Basic data partition, StartLBA 0x6CF06000, BlocksNum 0x77FE000
19:26:31.0731 4484  MBR partitions:
19:26:31.0731 4484  ============================================================
19:26:31.0762 4484  C: <-> \Device\Harddisk0\DR0\Partition5
19:26:31.0825 4484  D: <-> \Device\Harddisk0\DR0\Partition6
19:26:31.0825 4484  ============================================================
19:26:31.0825 4484  Initialize success
19:26:31.0825 4484  ============================================================
19:26:41.0348 5760  ============================================================
19:26:41.0348 5760  Scan started
19:26:41.0348 5760  Mode: Manual; SigCheck; TDLFS; 
19:26:41.0348 5760  ============================================================
19:26:42.0101 5760  ================ Scan system memory ========================
19:26:42.0101 5760  System memory - ok
19:26:42.0101 5760  ================ Scan services =============================
19:26:42.0321 5760  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
19:26:42.0524 5760  1394ohci - ok
19:26:42.0539 5760  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
19:26:42.0571 5760  3ware - ok
19:26:42.0602 5760  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:26:42.0633 5760  ACPI - ok
19:26:42.0649 5760  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
19:26:42.0664 5760  acpiex - ok
19:26:42.0696 5760  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
19:26:42.0727 5760  acpipagr - ok
19:26:42.0727 5760  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
19:26:42.0774 5760  AcpiPmi - ok
19:26:42.0789 5760  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
19:26:42.0836 5760  acpitime - ok
19:26:42.0961 5760  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:26:42.0977 5760  AdobeFlashPlayerUpdateSvc - ok
19:26:43.0024 5760  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:26:43.0055 5760  adp94xx - ok
19:26:43.0102 5760  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:26:43.0133 5760  adpahci - ok
19:26:43.0164 5760  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:26:43.0196 5760  adpu320 - ok
19:26:43.0243 5760  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:26:43.0305 5760  AeLookupSvc - ok
19:26:43.0336 5760  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
19:26:43.0399 5760  AFD - ok
19:26:43.0399 5760  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:26:43.0414 5760  agp440 - ok
19:26:43.0446 5760  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
19:26:43.0493 5760  ALG - ok
19:26:43.0539 5760  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
19:26:43.0555 5760  AllUserInstallAgent - ok
19:26:43.0633 5760  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
19:26:43.0664 5760  AmdK8 - ok
19:26:43.0680 5760  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
19:26:43.0727 5760  AmdPPM - ok
19:26:43.0758 5760  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:26:43.0774 5760  amdsata - ok
19:26:43.0805 5760  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:26:43.0821 5760  amdsbs - ok
19:26:43.0836 5760  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:26:43.0852 5760  amdxata - ok
19:26:43.0883 5760  [ 0C3D62CB6B8F2B3CC42369BAC0F58AD5 ] AMPPAL          C:\Windows\System32\drivers\AMPPAL.sys
19:26:43.0914 5760  AMPPAL - ok
19:26:43.0914 5760  [ 0C3D62CB6B8F2B3CC42369BAC0F58AD5 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
19:26:43.0914 5760  AMPPALP - ok
19:26:43.0993 5760  [ 11DA9AEDEDE229C6BDF6889298E91FDD ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:26:44.0024 5760  AMPPALR3 - ok
19:26:44.0055 5760  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
19:26:44.0086 5760  AppID - ok
19:26:44.0118 5760  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:26:44.0149 5760  AppIDSvc - ok
19:26:44.0164 5760  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
19:26:44.0211 5760  Appinfo - ok
19:26:44.0258 5760  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device c:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:26:44.0274 5760  Apple Mobile Device - ok
19:26:44.0312 5760  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
19:26:44.0328 5760  arc - ok
19:26:44.0359 5760  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:26:44.0375 5760  arcsas - ok
19:26:44.0406 5760  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:26:44.0421 5760  aswFsBlk - ok
19:26:44.0437 5760  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:26:44.0453 5760  aswMonFlt - ok
19:26:44.0468 5760  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:26:44.0484 5760  aswRdr - ok
19:26:44.0515 5760  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
19:26:44.0531 5760  aswRvrt - ok
19:26:44.0562 5760  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:26:44.0609 5760  aswSnx - ok
19:26:44.0609 5760  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:26:44.0625 5760  aswSP - ok
19:26:44.0625 5760  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:26:44.0640 5760  aswTdi - ok
19:26:44.0656 5760  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
19:26:44.0671 5760  aswVmm - ok
19:26:44.0687 5760  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:44.0718 5760  AsyncMac - ok
19:26:44.0718 5760  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:26:44.0734 5760  atapi - ok
19:26:44.0765 5760  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
19:26:44.0797 5760  AudioEndpointBuilder - ok
19:26:44.0835 5760  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:26:44.0897 5760  Audiosrv - ok
19:26:44.0991 5760  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:26:45.0007 5760  avast! Antivirus - ok
19:26:45.0038 5760  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:26:45.0069 5760  AxInstSV - ok
19:26:45.0116 5760  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:26:45.0147 5760  b06bdrv - ok
19:26:45.0163 5760  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
19:26:45.0226 5760  BasicDisplay - ok
19:26:45.0257 5760  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
19:26:45.0288 5760  BasicRender - ok
19:26:45.0319 5760  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:26:45.0382 5760  BDESVC - ok
19:26:45.0382 5760  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:26:45.0429 5760  Beep - ok
19:26:45.0476 5760  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
19:26:45.0523 5760  BFE - ok
19:26:45.0554 5760  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
19:26:45.0726 5760  BITS - ok
19:26:45.0866 5760  [ BAE8683BE3463B25E51875B380AB695A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:26:45.0913 5760  Bluetooth Device Monitor - ok
19:26:45.0944 5760  [ AF06006C7A8B6CE409ABD351867A9544 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:26:45.0991 5760  Bluetooth OBEX Service - ok
19:26:46.0047 5760  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service c:\Program Files\Bonjour\mDNSResponder.exe
19:26:46.0078 5760  Bonjour Service - ok
19:26:46.0109 5760  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:26:46.0141 5760  bowser - ok
19:26:46.0203 5760  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
19:26:46.0234 5760  BrokerInfrastructure - ok
19:26:46.0266 5760  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
19:26:46.0297 5760  Browser - ok
19:26:46.0359 5760  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
19:26:46.0406 5760  BthAvrcpTg - ok
19:26:46.0438 5760  [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
19:26:46.0469 5760  BthEnum - ok
19:26:46.0500 5760  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
19:26:46.0563 5760  BthHFEnum - ok
19:26:46.0594 5760  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
19:26:46.0625 5760  bthhfhid - ok
19:26:46.0641 5760  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
19:26:46.0719 5760  BthLEEnum - ok
19:26:46.0719 5760  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
19:26:46.0766 5760  BTHMODEM - ok
19:26:46.0797 5760  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:26:46.0875 5760  BthPan - ok
19:26:46.0938 5760  [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:26:46.0969 5760  BTHPORT - ok
19:26:47.0000 5760  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
19:26:47.0031 5760  bthserv - ok
19:26:47.0047 5760  [ 53ECA72327243009C4D49BF934134A1B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:26:47.0063 5760  BTHSSecurityMgr - ok
19:26:47.0078 5760  [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:26:47.0110 5760  BTHUSB - ok
19:26:47.0141 5760  [ 8F5E4E166C19A1B60F508057CF2FF96E ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
19:26:47.0156 5760  btmaux - ok
19:26:47.0191 5760  [ FD6DCB9E986D4B88655370C7F3976F78 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
19:26:47.0238 5760  btmhsf - ok
19:26:47.0269 5760  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:26:47.0347 5760  cdfs - ok
19:26:47.0378 5760  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
19:26:47.0430 5760  cdrom - ok
19:26:47.0461 5760  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:26:47.0493 5760  CertPropSvc - ok
19:26:47.0508 5760  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
19:26:47.0555 5760  circlass - ok
19:26:47.0571 5760  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
19:26:47.0602 5760  CLFS - ok
19:26:47.0618 5760  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
19:26:47.0649 5760  CmBatt - ok
19:26:47.0727 5760  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:26:47.0758 5760  CNG - ok
19:26:47.0774 5760  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
19:26:47.0805 5760  CompositeBus - ok
19:26:47.0805 5760  COMSysApp - ok
19:26:47.0821 5760  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
19:26:47.0853 5760  condrv - ok
19:26:47.0916 5760  [ 7324EC715932A12B09715B50891396F7 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:26:47.0931 5760  cphs - ok
19:26:47.0994 5760  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:26:48.0025 5760  CryptSvc - ok
19:26:48.0056 5760  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
19:26:48.0072 5760  dam - ok
19:26:48.0134 5760  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:26:48.0197 5760  DcomLaunch - ok
19:26:48.0259 5760  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:26:48.0306 5760  defragsvc - ok
19:26:48.0338 5760  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
19:26:48.0384 5760  DeviceAssociationService - ok
19:26:48.0416 5760  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
19:26:48.0463 5760  DeviceInstall - ok
19:26:48.0494 5760  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
19:26:48.0525 5760  Dfsc - ok
19:26:48.0572 5760  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:26:48.0619 5760  Dhcp - ok
19:26:48.0634 5760  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
19:26:48.0666 5760  discache - ok
19:26:48.0681 5760  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
19:26:48.0713 5760  disk - ok
19:26:48.0728 5760  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
19:26:48.0759 5760  dmvsc - ok
19:26:48.0775 5760  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:26:48.0869 5760  Dnscache - ok
19:26:48.0900 5760  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
19:26:48.0947 5760  dot3svc - ok
19:26:48.0978 5760  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
19:26:49.0025 5760  DPS - ok
19:26:49.0056 5760  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:26:49.0088 5760  drmkaud - ok
19:26:49.0103 5760  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
19:26:49.0134 5760  DsmSvc - ok
19:26:49.0197 5760  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:26:49.0259 5760  DXGKrnl - ok
19:26:49.0275 5760  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
19:26:49.0291 5760  Eaphost - ok
19:26:49.0384 5760  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:26:49.0478 5760  ebdrv - ok
19:26:49.0509 5760  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
19:26:49.0541 5760  EFS - ok
19:26:49.0572 5760  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
19:26:49.0588 5760  EhStorClass - ok
19:26:49.0619 5760  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
19:26:49.0634 5760  EhStorTcgDrv - ok
19:26:49.0650 5760  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
19:26:49.0681 5760  ErrDev - ok
19:26:49.0728 5760  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
19:26:49.0759 5760  EventSystem - ok
19:26:49.0838 5760  [ 933723A47E9B7B22208F79F0F40A249A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:26:49.0869 5760  EvtEng - ok
19:26:49.0884 5760  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:26:49.0931 5760  exfat - ok
19:26:49.0947 5760  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:26:49.0978 5760  fastfat - ok
19:26:50.0025 5760  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
19:26:50.0072 5760  Fax - ok
19:26:50.0088 5760  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
19:26:50.0119 5760  fdc - ok
19:26:50.0134 5760  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
19:26:50.0181 5760  fdPHost - ok
19:26:50.0197 5760  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
19:26:50.0228 5760  FDResPub - ok
19:26:50.0260 5760  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
19:26:50.0291 5760  fhsvc - ok
19:26:50.0322 5760  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:26:50.0338 5760  FileInfo - ok
19:26:50.0353 5760  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:26:50.0400 5760  Filetrace - ok
19:26:50.0416 5760  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
19:26:50.0463 5760  flpydisk - ok
19:26:50.0494 5760  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:26:50.0525 5760  FltMgr - ok
19:26:50.0572 5760  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
19:26:50.0635 5760  FontCache - ok
19:26:50.0713 5760  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:26:50.0728 5760  FontCache3.0.0.0 - ok
19:26:50.0760 5760  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:26:50.0791 5760  FsDepends - ok
19:26:50.0806 5760  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:26:50.0822 5760  Fs_Rec - ok
19:26:50.0869 5760  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:26:50.0885 5760  fvevol - ok
19:26:50.0900 5760  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
19:26:50.0931 5760  FxPPM - ok
19:26:50.0947 5760  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:26:50.0947 5760  gagp30kx - ok
19:26:50.0978 5760  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:26:50.0994 5760  GEARAspiWDM - ok
19:26:51.0010 5760  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
19:26:51.0041 5760  gencounter - ok
19:26:51.0119 5760  [ 9162ECA694162A77679950CF2E27D3C1 ] GFNEXSrv        C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
19:26:51.0150 5760  GFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
19:26:51.0150 5760  GFNEXSrv - detected UnsignedFile.Multi.Generic (1)
19:26:51.0181 5760  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
19:26:51.0197 5760  GPIOClx0101 - ok
19:26:51.0260 5760  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:26:51.0322 5760  gpsvc - ok
19:26:51.0369 5760  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:26:51.0400 5760  HdAudAddService - ok
19:26:51.0431 5760  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
19:26:51.0463 5760  HDAudBus - ok
19:26:51.0494 5760  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
19:26:51.0525 5760  HidBatt - ok
19:26:51.0541 5760  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
19:26:51.0588 5760  HidBth - ok
19:26:51.0619 5760  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
19:26:51.0650 5760  hidi2c - ok
19:26:51.0666 5760  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
19:26:51.0713 5760  HidIr - ok
19:26:51.0744 5760  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
19:26:51.0775 5760  hidserv - ok
19:26:51.0791 5760  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
19:26:51.0822 5760  HidUsb - ok
19:26:51.0838 5760  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:26:51.0885 5760  hkmsvc - ok
19:26:51.0900 5760  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:26:51.0947 5760  HomeGroupListener - ok
19:26:52.0025 5760  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:26:52.0072 5760  HomeGroupProvider - ok
19:26:52.0088 5760  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:26:52.0119 5760  HpSAMD - ok
19:26:52.0150 5760  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:26:52.0213 5760  HTTP - ok
19:26:52.0228 5760  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:26:52.0244 5760  hwpolicy - ok
19:26:52.0244 5760  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
19:26:52.0322 5760  hyperkbd - ok
19:26:52.0322 5760  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
19:26:52.0338 5760  HyperVideo - ok
19:26:52.0369 5760  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
19:26:52.0385 5760  i8042prt - ok
19:26:52.0416 5760  [ 6C91E425ACE29594BD574DE38AC9B76D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
19:26:52.0447 5760  iaStorA - ok
19:26:52.0510 5760  [ 0AB254994A460550258446950BB58311 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:26:52.0525 5760  IAStorDataMgrSvc - ok
19:26:52.0557 5760  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:26:52.0588 5760  iaStorV - ok
19:26:52.0603 5760  [ C430482AC892D52CED021EDDD4D368A2 ] ibtfltcoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:26:52.0619 5760  ibtfltcoex - ok
19:26:52.0728 5760  [ FCAA07539A6137EF78AAB39CC455CC5E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:26:52.0900 5760  igfx - ok
19:26:52.0932 5760  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:26:52.0947 5760  iirsp - ok
19:26:52.0994 5760  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:26:53.0041 5760  IKEEXT - ok
19:26:53.0072 5760  [ FD2032D2EAE8D7F3381EBA5FA3E7FEEA ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
19:26:53.0088 5760  intaud_WaveExtensible - ok
19:26:53.0182 5760  [ 900A45658DCB6BAE1003764991BB5FAB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:26:53.0307 5760  IntcAzAudAddService - ok
19:26:53.0339 5760  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:26:53.0370 5760  IntcDAud - ok
19:26:53.0417 5760  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:26:53.0448 5760  Intel(R) Capability Licensing Service Interface - ok
19:26:53.0448 5760  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:26:53.0464 5760  intelide - ok
19:26:53.0495 5760  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
19:26:53.0526 5760  intelppm - ok
19:26:53.0542 5760  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:53.0558 5760  IpFilterDriver - ok
19:26:53.0589 5760  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:26:53.0651 5760  iphlpsvc - ok
19:26:53.0667 5760  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
19:26:53.0683 5760  IPMIDRV - ok
19:26:53.0698 5760  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:26:53.0745 5760  IPNAT - ok
19:26:53.0776 5760  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:26:53.0808 5760  iPod Service - ok
19:26:53.0823 5760  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:26:53.0855 5760  IRENUM - ok
19:26:53.0855 5760  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:26:53.0870 5760  isapnp - ok
19:26:53.0901 5760  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
19:26:53.0933 5760  iScsiPrt - ok
19:26:53.0948 5760  [ C59B9CE2855E667809F9E63C20FC44A5 ] iwdbus          C:\Windows\System32\drivers\iwdbus.sys
19:26:53.0964 5760  iwdbus - ok
19:26:54.0011 5760  [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:26:54.0026 5760  jhi_service - ok
19:26:54.0042 5760  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
19:26:54.0058 5760  kbdclass - ok
19:26:54.0089 5760  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
19:26:54.0105 5760  kbdhid - ok
19:26:54.0120 5760  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
19:26:54.0151 5760  kdnic - ok
19:26:54.0167 5760  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
19:26:54.0198 5760  KeyIso - ok
19:26:54.0245 5760  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:26:54.0276 5760  KSecDD - ok
19:26:54.0292 5760  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:26:54.0308 5760  KSecPkg - ok
19:26:54.0339 5760  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:26:54.0355 5760  ksthunk - ok
19:26:54.0386 5760  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:26:54.0464 5760  KtmRm - ok
19:26:54.0495 5760  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:26:54.0526 5760  LanmanServer - ok
19:26:54.0558 5760  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:26:54.0620 5760  LanmanWorkstation - ok
19:26:54.0636 5760  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:26:54.0683 5760  lltdio - ok
19:26:54.0730 5760  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:26:54.0808 5760  lltdsvc - ok
19:26:54.0839 5760  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:26:54.0870 5760  lmhosts - ok
19:26:54.0902 5760  [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:26:54.0917 5760  LMS - ok
19:26:54.0948 5760  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:26:54.0995 5760  LSI_SAS - ok
19:26:55.0026 5760  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:26:55.0042 5760  LSI_SAS2 - ok
19:26:55.0058 5760  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:26:55.0073 5760  LSI_SCSI - ok
19:26:55.0089 5760  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
19:26:55.0105 5760  LSI_SSS - ok
19:26:55.0152 5760  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
19:26:55.0198 5760  LSM - ok
19:26:55.0214 5760  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:26:55.0261 5760  luafv - ok
19:26:55.0261 5760  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
19:26:55.0292 5760  megasas - ok
19:26:55.0308 5760  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:26:55.0339 5760  MegaSR - ok
19:26:55.0370 5760  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
19:26:55.0386 5760  MEIx64 - ok
19:26:55.0417 5760  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
19:26:55.0433 5760  MMCSS - ok
19:26:55.0448 5760  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
19:26:55.0480 5760  Modem - ok
19:26:55.0511 5760  [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor         C:\Windows\System32\drivers\monitor.sys
19:26:55.0542 5760  monitor - ok
19:26:55.0558 5760  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
19:26:55.0573 5760  mouclass - ok
19:26:55.0605 5760  [ C0ADEBED913295803B579ED288936CBB ] mouhid          C:\Windows\System32\drivers\mouhid.sys
19:26:55.0636 5760  mouhid - ok
19:26:55.0652 5760  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:26:55.0667 5760  mountmgr - ok
19:26:55.0698 5760  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:26:55.0745 5760  MozillaMaintenance - ok
19:26:55.0777 5760  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:26:55.0808 5760  mpsdrv - ok
19:26:55.0855 5760  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:26:55.0933 5760  MpsSvc - ok
19:26:55.0964 5760  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:26:56.0011 5760  MRxDAV - ok
19:26:56.0042 5760  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:56.0120 5760  mrxsmb - ok
19:26:56.0167 5760  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:56.0183 5760  mrxsmb10 - ok
19:26:56.0214 5760  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:56.0230 5760  mrxsmb20 - ok
19:26:56.0277 5760  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
19:26:56.0308 5760  MsBridge - ok
19:26:56.0323 5760  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
19:26:56.0339 5760  MSDTC - ok
19:26:56.0370 5760  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:26:56.0386 5760  Msfs - ok
19:26:56.0417 5760  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
19:26:56.0433 5760  msgpiowin32 - ok
19:26:56.0448 5760  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:26:56.0495 5760  mshidkmdf - ok
19:26:56.0511 5760  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
19:26:56.0542 5760  mshidumdf - ok
19:26:56.0542 5760  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:26:56.0573 5760  msisadrv - ok
19:26:56.0605 5760  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:26:56.0636 5760  MSiSCSI - ok
19:26:56.0652 5760  msiserver - ok
19:26:56.0667 5760  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:26:56.0698 5760  MSKSSRV - ok
19:26:56.0714 5760  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
19:26:56.0745 5760  MsLldp - ok
19:26:56.0761 5760  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:56.0792 5760  MSPCLOCK - ok
19:26:56.0808 5760  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:26:56.0839 5760  MSPQM - ok
19:26:56.0870 5760  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:26:56.0902 5760  MsRPC - ok
19:26:56.0917 5760  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
19:26:56.0948 5760  mssmbios - ok
19:26:56.0964 5760  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:26:56.0980 5760  MSTEE - ok
19:26:56.0995 5760  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
19:26:57.0027 5760  MTConfig - ok
19:26:57.0042 5760  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:26:57.0058 5760  Mup - ok
19:26:57.0073 5760  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
19:26:57.0105 5760  mvumis - ok
19:26:57.0136 5760  [ D8C1FE237762249C879760E7F3ABFC1F ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:26:57.0152 5760  MyWiFiDHCPDNS - ok
19:26:57.0183 5760  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
19:26:57.0261 5760  napagent - ok
19:26:57.0292 5760  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:26:57.0339 5760  NativeWifiP - ok
19:26:57.0370 5760  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
19:26:57.0433 5760  NcaSvc - ok
19:26:57.0449 5760  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
19:26:57.0480 5760  NcdAutoSetup - ok
19:26:57.0527 5760  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:26:57.0573 5760  NDIS - ok
19:26:57.0636 5760  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:26:57.0667 5760  NdisCap - ok
19:26:57.0698 5760  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
19:26:57.0714 5760  NdisImPlatform - ok
19:26:57.0730 5760  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:57.0761 5760  NdisTapi - ok
19:26:57.0777 5760  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:57.0808 5760  Ndisuio - ok
19:26:57.0808 5760  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:57.0855 5760  NdisWan - ok
19:26:57.0855 5760  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:57.0886 5760  NDISWANLEGACY - ok
19:26:57.0949 5760  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:26:57.0980 5760  NDProxy - ok
19:26:57.0995 5760  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
19:26:58.0027 5760  Ndu - ok
19:26:58.0042 5760  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:26:58.0074 5760  NetBIOS - ok
19:26:58.0105 5760  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:26:58.0136 5760  NetBT - ok
19:26:58.0167 5760  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
19:26:58.0183 5760  Netlogon - ok
19:26:58.0214 5760  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
19:26:58.0261 5760  Netman - ok
19:26:58.0292 5760  [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm        C:\Windows\System32\netprofmsvc.dll
19:26:58.0339 5760  netprofm - ok
19:26:58.0386 5760  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:58.0433 5760  NetTcpPortSharing - ok
19:26:58.0532 5760  [ 8CEF52F56EE6E9C4DDD374CE8E2E3DC6 ] NETwNe64        C:\Windows\system32\DRIVERS\NETwew00.sys
19:26:58.0689 5760  NETwNe64 - ok
19:26:58.0705 5760  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:26:58.0705 5760  nfrd960 - ok
19:26:58.0736 5760  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:26:58.0767 5760  NlaSvc - ok
19:26:58.0783 5760  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:26:58.0876 5760  Npfs - ok
19:26:58.0908 5760  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
19:26:58.0955 5760  npsvctrig - ok
19:26:58.0986 5760  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
19:26:59.0017 5760  nsi - ok
19:26:59.0033 5760  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:26:59.0064 5760  nsiproxy - ok
19:26:59.0142 5760  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:26:59.0205 5760  Ntfs - ok
19:26:59.0220 5760  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
19:26:59.0251 5760  Null - ok
19:26:59.0495 5760  [ 076C32433B06AAAD72742774E56FB854 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:26:59.0859 5760  nvlddmkm - ok
19:26:59.0875 5760  [ 0AFB4857ADD1D11012E6B38C9F4B625B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:26:59.0891 5760  nvpciflt - ok
19:26:59.0906 5760  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:26:59.0938 5760  nvraid - ok
19:26:59.0953 5760  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:26:59.0969 5760  nvstor - ok
19:27:00.0000 5760  [ A9495A3AAAB5E470F2460F85849A5F66 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:27:00.0047 5760  nvsvc - ok
19:27:00.0109 5760  [ FAA2048284D763409F7BB84F61601C80 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:27:00.0156 5760  nvUpdatusService - ok
19:27:00.0172 5760  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:27:00.0203 5760  nv_agp - ok
19:27:00.0234 5760  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:27:00.0266 5760  p2pimsvc - ok
19:27:00.0297 5760  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:27:00.0344 5760  p2psvc - ok
19:27:00.0359 5760  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
19:27:00.0391 5760  Parport - ok
19:27:00.0422 5760  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:27:00.0453 5760  partmgr - ok
19:27:00.0485 5760  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:27:00.0516 5760  PcaSvc - ok
19:27:00.0531 5760  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
19:27:00.0563 5760  pci - ok
19:27:00.0578 5760  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:27:00.0610 5760  pciide - ok
19:27:00.0610 5760  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:27:00.0641 5760  pcmcia - ok
19:27:00.0656 5760  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:27:00.0672 5760  pcw - ok
19:27:00.0703 5760  [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc             C:\Windows\system32\drivers\pdc.sys
19:27:00.0719 5760  pdc - ok
19:27:00.0766 5760  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:27:00.0797 5760  PEAUTH - ok
19:27:00.0813 5760  [ EE926C59CBD4DC4DC9FBB85014A2F1A5 ] PEGAGFN         C:\Program Files (x86)\PHotkey\PEGAGFN.sys
19:27:00.0828 5760  PEGAGFN - ok
19:27:00.0891 5760  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:27:00.0922 5760  PerfHost - ok
19:27:00.0985 5760  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
19:27:01.0063 5760  pla - ok
19:27:01.0094 5760  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:27:01.0110 5760  PlugPlay - ok
19:27:01.0125 5760  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:27:01.0156 5760  PNRPAutoReg - ok
19:27:01.0172 5760  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:27:01.0188 5760  PNRPsvc - ok
19:27:01.0219 5760  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:27:01.0266 5760  PolicyAgent - ok
19:27:01.0297 5760  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
19:27:01.0313 5760  Power - ok
19:27:01.0344 5760  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:27:01.0391 5760  PptpMiniport - ok
19:27:01.0469 5760  [ CC0B8655E4B2A5BBB215CDA8FC3BE4DE ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
19:27:01.0532 5760  PrintNotify - ok
19:27:01.0563 5760  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
19:27:01.0579 5760  Processor - ok
19:27:01.0610 5760  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
19:27:01.0657 5760  ProfSvc - ok
19:27:01.0688 5760  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:27:01.0719 5760  Psched - ok
19:27:01.0750 5760  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
19:27:01.0797 5760  QWAVE - ok
19:27:01.0813 5760  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:27:01.0844 5760  QWAVEdrv - ok
19:27:01.0860 5760  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:27:01.0907 5760  RasAcd - ok
19:27:01.0938 5760  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:27:01.0954 5760  RasAgileVpn - ok
19:27:01.0985 5760  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
19:27:02.0016 5760  RasAuto - ok
19:27:02.0032 5760  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:27:02.0063 5760  Rasl2tp - ok
19:27:02.0094 5760  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
19:27:02.0141 5760  RasMan - ok
19:27:02.0157 5760  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:27:02.0204 5760  RasPppoe - ok
19:27:02.0219 5760  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:27:02.0250 5760  RasSstp - ok
19:27:02.0282 5760  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:27:02.0297 5760  rdbss - ok
19:27:02.0329 5760  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
19:27:02.0344 5760  rdpbus - ok
19:27:02.0360 5760  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:27:02.0391 5760  RDPDR - ok
19:27:02.0422 5760  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:27:02.0438 5760  RdpVideoMiniport - ok
19:27:02.0454 5760  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:27:02.0485 5760  RDPWD - ok
19:27:02.0516 5760  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:27:02.0532 5760  rdyboost - ok
19:27:02.0610 5760  [ 695C4AC7D0B5002040C7540364C43940 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:27:02.0625 5760  RegSrvc - ok
19:27:02.0641 5760  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:27:02.0672 5760  RemoteAccess - ok
19:27:02.0704 5760  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:27:02.0750 5760  RemoteRegistry - ok
19:27:02.0782 5760  [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
19:27:02.0844 5760  RFCOMM - ok
19:27:02.0922 5760  [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
19:27:02.0938 5760  RichVideo64 - ok
19:27:02.0969 5760  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:27:03.0016 5760  RpcEptMapper - ok
19:27:03.0047 5760  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
19:27:03.0079 5760  RpcLocator - ok
19:27:03.0141 5760  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
19:27:03.0172 5760  RpcSs - ok
19:27:03.0188 5760  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:27:03.0204 5760  rspndr - ok
19:27:03.0235 5760  [ 0E32A8922DCFD28EA00AAEC07CB3F331 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
19:27:03.0235 5760  RSUSBSTOR - ok
19:27:03.0266 5760  [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
19:27:03.0282 5760  RTL8168 - ok
19:27:03.0313 5760  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
19:27:03.0329 5760  s3cap - ok
19:27:03.0360 5760  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
19:27:03.0376 5760  SamSs - ok
19:27:03.0391 5760  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:27:03.0407 5760  sbp2port - ok
19:27:03.0438 5760  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:27:03.0469 5760  SCardSvr - ok
19:27:03.0485 5760  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:27:03.0516 5760  scfilter - ok
19:27:03.0547 5760  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
19:27:03.0594 5760  Schedule - ok
19:27:03.0610 5760  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:27:03.0626 5760  SCPolicySvc - ok
19:27:03.0657 5760  [ 047315E75392CEA447ACC86257824C16 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
19:27:03.0672 5760  sdbus - ok
19:27:03.0719 5760  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:27:03.0735 5760  SDRSVC - ok
19:27:03.0766 5760  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
19:27:03.0782 5760  sdstor - ok
19:27:03.0797 5760  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:27:03.0813 5760  secdrv - ok
19:27:03.0829 5760  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
19:27:03.0877 5760  seclogon - ok
19:27:03.0892 5760  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
19:27:03.0923 5760  SENS - ok
19:27:03.0939 5760  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:27:03.0955 5760  SensrSvc - ok
19:27:03.0970 5760  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
19:27:04.0002 5760  SerCx - ok
19:27:04.0017 5760  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
19:27:04.0033 5760  Serenum - ok
19:27:04.0048 5760  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
19:27:04.0064 5760  Serial - ok
19:27:04.0064 5760  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
19:27:04.0083 5760  sermouse - ok
19:27:04.0099 5760  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
19:27:04.0130 5760  SessionEnv - ok
19:27:04.0130 5760  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
19:27:04.0146 5760  sfloppy - ok
19:27:04.0193 5760  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:27:04.0255 5760  SharedAccess - ok
19:27:04.0287 5760  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:27:04.0333 5760  ShellHWDetection - ok
19:27:04.0365 5760  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:27:04.0380 5760  SiSRaid2 - ok
19:27:04.0396 5760  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:27:04.0427 5760  SiSRaid4 - ok
19:27:04.0458 5760  [ 07CEDCCDB208905867EBAD761EA4E057 ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
19:27:04.0474 5760  SmbDrv - ok
19:27:04.0521 5760  [ 74BF7AF7D1B642044BE5CCC93884C2F3 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
19:27:04.0537 5760  SmbDrvI - ok
19:27:04.0537 5760  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:27:04.0583 5760  SNMPTRAP - ok
19:27:04.0615 5760  [ 739A739DCC5D02FE30EDEADEBD7B9898 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
19:27:04.0646 5760  spaceport - ok
19:27:04.0662 5760  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
19:27:04.0677 5760  SpbCx - ok
19:27:04.0724 5760  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
19:27:04.0771 5760  Spooler - ok
19:27:04.0880 5760  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:27:05.0037 5760  sppsvc - ok
19:27:05.0068 5760  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:27:05.0115 5760  srv - ok
19:27:05.0146 5760  [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:27:05.0193 5760  srv2 - ok
19:27:05.0224 5760  [ FD8B4F201B681C555A4AF41922C52557 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:27:05.0255 5760  srvnet - ok
19:27:05.0287 5760  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:27:05.0333 5760  SSDPSRV - ok
19:27:05.0349 5760  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:27:05.0380 5760  SstpSvc - ok
19:27:05.0396 5760  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:27:05.0412 5760  stexstor - ok
19:27:05.0459 5760  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
19:27:05.0490 5760  stisvc - ok
19:27:05.0521 5760  [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci        C:\Windows\system32\drivers\storahci.sys
19:27:05.0552 5760  storahci - ok
19:27:05.0568 5760  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
19:27:05.0615 5760  storflt - ok
19:27:05.0646 5760  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
19:27:05.0677 5760  StorSvc - ok
19:27:05.0693 5760  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:27:05.0709 5760  storvsc - ok
19:27:05.0724 5760  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
19:27:05.0771 5760  svsvc - ok
19:27:05.0803 5760  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
19:27:05.0818 5760  swenum - ok
19:27:05.0850 5760  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
19:27:05.0896 5760  swprv - ok
19:27:05.0943 5760  [ 530EF17999990539CC56474252802364 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:27:05.0959 5760  SynTP - ok
19:27:06.0006 5760  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
19:27:06.0053 5760  SysMain - ok
19:27:06.0100 5760  [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
19:27:06.0115 5760  SystemEventsBroker - ok
19:27:06.0131 5760  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
19:27:06.0146 5760  TabletInputService - ok
19:27:06.0162 5760  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:27:06.0193 5760  TapiSrv - ok
19:27:06.0256 5760  [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:27:06.0318 5760  Tcpip - ok
19:27:06.0350 5760  [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:27:06.0396 5760  TCPIP6 - ok
19:27:06.0412 5760  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:27:06.0428 5760  tcpipreg - ok
19:27:06.0448 5760  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:27:06.0465 5760  tdx - ok
19:27:06.0481 5760  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
19:27:06.0512 5760  terminpt - ok
19:27:06.0559 5760  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
19:27:06.0621 5760  TermService - ok
19:27:06.0637 5760  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
19:27:06.0684 5760  Themes - ok
19:27:06.0700 5760  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:27:06.0731 5760  THREADORDER - ok
19:27:06.0762 5760  [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
19:27:06.0809 5760  TimeBroker - ok
19:27:06.0840 5760  [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM             C:\Windows\system32\drivers\tpm.sys
19:27:06.0871 5760  TPM - ok
19:27:06.0903 5760  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
19:27:06.0934 5760  TrkWks - ok
19:27:06.0965 5760  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:27:06.0996 5760  TrustedInstaller - ok
19:27:07.0028 5760  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:27:07.0043 5760  TsUsbFlt - ok
19:27:07.0059 5760  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
19:27:07.0091 5760  TsUsbGD - ok
19:27:07.0123 5760  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:27:07.0154 5760  tunnel - ok
19:27:07.0170 5760  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:27:07.0201 5760  uagp35 - ok
19:27:07.0216 5760  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
19:27:07.0248 5760  UASPStor - ok
19:27:07.0264 5760  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
19:27:07.0295 5760  UCX01000 - ok
19:27:07.0326 5760  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:27:07.0357 5760  udfs - ok
19:27:07.0389 5760  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:27:07.0436 5760  UI0Detect - ok
19:27:07.0436 5760  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:27:07.0467 5760  uliagpkx - ok
19:27:07.0482 5760  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
19:27:07.0514 5760  umbus - ok
19:27:07.0514 5760  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
19:27:07.0545 5760  UmPass - ok
19:27:07.0561 5760  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
19:27:07.0623 5760  UmRdpService - ok
19:27:07.0717 5760  [ DBE2E6388379D5CC78099650541E9566 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:27:07.0732 5760  UNS - ok
19:27:07.0779 5760  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
19:27:07.0842 5760  upnphost - ok
19:27:07.0857 5760  [ 8047D8AFA070A4C3B9FCBDBF77A84C45 ] usb3Hub         C:\Windows\System32\drivers\usb3Hub.sys
19:27:07.0873 5760  usb3Hub - ok
19:27:07.0904 5760  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
19:27:07.0936 5760  usbccgp - ok
19:27:07.0951 5760  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
19:27:08.0014 5760  usbcir - ok
19:27:08.0045 5760  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
19:27:08.0061 5760  usbehci - ok
19:27:08.0107 5760  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\Windows\System32\drivers\usbhub.sys
19:27:08.0139 5760  usbhub - ok
19:27:08.0139 5760  [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
19:27:08.0170 5760  USBHUB3 - ok
19:27:08.0186 5760  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
19:27:08.0201 5760  usbohci - ok
19:27:08.0217 5760  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
19:27:08.0264 5760  usbprint - ok
19:27:08.0279 5760  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
19:27:08.0311 5760  USBSTOR - ok
19:27:08.0326 5760  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
19:27:08.0357 5760  usbuhci - ok
19:27:08.0389 5760  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:27:08.0420 5760  usbvideo - ok
19:27:08.0451 5760  [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
19:27:08.0482 5760  USBXHCI - ok
19:27:08.0498 5760  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
19:27:08.0529 5760  VaultSvc - ok
19:27:08.0545 5760  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:27:08.0561 5760  vdrvroot - ok
19:27:08.0608 5760  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
19:27:08.0654 5760  vds - ok
19:27:08.0670 5760  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
19:27:08.0701 5760  VerifierExt - ok
19:27:08.0733 5760  [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
19:27:08.0779 5760  vhdmp - ok
19:27:08.0779 5760  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
19:27:08.0795 5760  viaide - ok
19:27:08.0811 5760  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:27:08.0826 5760  vmbus - ok
19:27:08.0842 5760  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
19:27:08.0858 5760  VMBusHID - ok
19:27:08.0889 5760  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
19:27:08.0936 5760  vmicheartbeat - ok
19:27:08.0936 5760  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
19:27:08.0951 5760  vmickvpexchange - ok
19:27:08.0967 5760  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
19:27:08.0983 5760  vmicrdv - ok
19:27:08.0983 5760  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
19:27:08.0998 5760  vmicshutdown - ok
19:27:09.0014 5760  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
19:27:09.0029 5760  vmictimesync - ok
19:27:09.0029 5760  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
19:27:09.0045 5760  vmicvss - ok
19:27:09.0061 5760  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:27:09.0076 5760  volmgr - ok
19:27:09.0108 5760  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:27:09.0123 5760  volmgrx - ok
19:27:09.0139 5760  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:27:09.0170 5760  volsnap - ok
19:27:09.0186 5760  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
19:27:09.0201 5760  vpci - ok
19:27:09.0217 5760  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:27:09.0233 5760  vsmraid - ok
19:27:09.0264 5760  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
19:27:09.0358 5760  VSS - ok
19:27:09.0389 5760  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
19:27:09.0420 5760  VSTXRAID - ok
19:27:09.0436 5760  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:27:09.0467 5760  vwifibus - ok
19:27:09.0467 5760  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:27:09.0483 5760  vwififlt - ok
19:27:09.0498 5760  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:27:09.0514 5760  vwifimp - ok
19:27:09.0545 5760  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
19:27:09.0576 5760  W32Time - ok
19:27:09.0592 5760  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
19:27:09.0608 5760  WacomPen - ok
19:27:09.0639 5760  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:27:09.0654 5760  Wanarp - ok
19:27:09.0654 5760  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:27:09.0670 5760  Wanarpv6 - ok
19:27:09.0717 5760  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
19:27:09.0795 5760  wbengine - ok
19:27:09.0826 5760  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:27:09.0858 5760  WbioSrvc - ok
19:27:09.0889 5760  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
19:27:09.0936 5760  Wcmsvc - ok
19:27:09.0967 5760  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:27:10.0014 5760  wcncsvc - ok
19:27:10.0029 5760  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:27:10.0045 5760  WcsPlugInService - ok
19:27:10.0061 5760  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
19:27:10.0108 5760  Wd - ok
19:27:10.0139 5760  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
19:27:10.0154 5760  WdBoot - ok
19:27:10.0201 5760  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:27:10.0248 5760  Wdf01000 - ok
19:27:10.0264 5760  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
19:27:10.0295 5760  WdFilter - ok
19:27:10.0311 5760  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:27:10.0358 5760  WdiServiceHost - ok
19:27:10.0358 5760  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:27:10.0389 5760  WdiSystemHost - ok
19:27:10.0420 5760  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
19:27:10.0451 5760  WebClient - ok
19:27:10.0467 5760  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:27:10.0514 5760  Wecsvc - ok
19:27:10.0530 5760  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:27:10.0561 5760  wercplsupport - ok
19:27:10.0592 5760  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:27:10.0639 5760  WerSvc - ok
19:27:10.0654 5760  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
19:27:10.0670 5760  WFPLWFS - ok
19:27:10.0686 5760  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
19:27:10.0733 5760  WiaRpc - ok
19:27:10.0748 5760  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:27:10.0748 5760  WIMMount - ok
19:27:10.0780 5760  WinDefend - ok
19:27:10.0826 5760  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
19:27:10.0873 5760  WinHttpAutoProxySvc - ok
19:27:10.0936 5760  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:27:10.0983 5760  Winmgmt - ok
19:27:11.0045 5760  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:27:11.0108 5760  WinRM - ok
19:27:11.0155 5760  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
19:27:11.0201 5760  WlanSvc - ok
19:27:11.0264 5760  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
19:27:11.0342 5760  wlidsvc - ok
19:27:11.0358 5760  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
19:27:11.0389 5760  WmiAcpi - ok
19:27:11.0436 5760  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:27:11.0467 5760  wmiApSrv - ok
19:27:11.0498 5760  WMPNetworkSvc - ok
19:27:11.0530 5760  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
19:27:11.0545 5760  wpcfltr - ok
19:27:11.0561 5760  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:27:11.0608 5760  WPCSvc - ok
19:27:11.0639 5760  [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:27:11.0670 5760  WPDBusEnum - ok
19:27:11.0686 5760  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
19:27:11.0733 5760  WpdUpFltr - ok
19:27:11.0764 5760  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:27:11.0795 5760  ws2ifsl - ok
19:27:11.0811 5760  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:27:11.0860 5760  wscsvc - ok
19:27:11.0860 5760  WSearch - ok
19:27:11.0938 5760  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
19:27:12.0016 5760  WSService - ok
19:27:12.0110 5760  [ 79F95469604B77296346DE7DB463EA2A ] wuauserv        C:\Windows\system32\wuaueng.dll
19:27:12.0204 5760  wuauserv - ok
19:27:12.0235 5760  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:27:12.0251 5760  WudfPf - ok
19:27:12.0282 5760  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
19:27:12.0313 5760  WUDFRd - ok
19:27:12.0345 5760  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:27:12.0376 5760  wudfsvc - ok
19:27:12.0391 5760  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
19:27:12.0407 5760  WUDFWpdFs - ok
19:27:12.0438 5760  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:27:12.0470 5760  WwanSvc - ok
19:27:12.0501 5760  [ 24E57041608ED6A9D7FDAD0D9EC214E2 ] XHCIPort        C:\Windows\System32\drivers\XHCIPort.sys
19:27:12.0516 5760  XHCIPort - ok
19:27:12.0595 5760  [ 7055B389BD0DA0B19236BF43CDDF0E1A ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
19:27:12.0642 5760  ZeroConfigService - ok
19:27:12.0658 5760  ================ Scan global ===============================
19:27:12.0705 5760  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
19:27:12.0720 5760  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
19:27:12.0752 5760  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
19:27:12.0799 5760  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
19:27:12.0814 5760  [Global] - ok
19:27:12.0814 5760  ================ Scan MBR ==================================
19:27:12.0830 5760  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:27:12.0911 5760  \Device\Harddisk0\DR0 - ok
19:27:12.0911 5760  ================ Scan VBR ==================================
19:27:12.0942 5760  [ BE2995BDA0BBE6C6504E03FF73933742 ] \Device\Harddisk0\DR0\Partition1
19:27:12.0942 5760  \Device\Harddisk0\DR0\Partition1 - ok
19:27:12.0958 5760  [ 554520A6128FDBE6639D78BC132A50C8 ] \Device\Harddisk0\DR0\Partition2
19:27:12.0958 5760  \Device\Harddisk0\DR0\Partition2 - ok
19:27:12.0974 5760  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
19:27:12.0974 5760  \Device\Harddisk0\DR0\Partition3 - ok
19:27:12.0974 5760  [ C9CD8CC7BBBFCD47D7C2C58E14DAF653 ] \Device\Harddisk0\DR0\Partition4
19:27:12.0989 5760  \Device\Harddisk0\DR0\Partition4 - ok
19:27:12.0989 5760  [ 2FCBA4D71FC047C521D9997B3BB6DE76 ] \Device\Harddisk0\DR0\Partition5
19:27:13.0005 5760  \Device\Harddisk0\DR0\Partition5 - ok
19:27:13.0036 5760  [ 51BF43914CE0D296F8E1984F479757D2 ] \Device\Harddisk0\DR0\Partition6
19:27:13.0036 5760  \Device\Harddisk0\DR0\Partition6 - ok
19:27:13.0036 5760  ============================================================
19:27:13.0036 5760  Scan finished
19:27:13.0036 5760  ============================================================
19:27:13.0052 4420  Detected object count: 1
19:27:13.0052 4420  Actual detected object count: 1
19:27:23.0436 4420  GFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:27:23.0436 4420  GFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________


Alt 09.05.2013, 21:23   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
__________________

Alt 10.05.2013, 08:58   #19
HilfeHilfeH
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by henning on 10.05.2013 at  8:24:43,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\henning\AppData\Roaming\mozilla\firefox\profiles\n2ts2czy.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.05.2013 at  8:29:34,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-09 19:21:35
-----------------------------
19:21:35.029    OS Version: Windows x64 6.2.9200 
19:21:35.029    Number of processors: 4 586 0x3A09
19:21:35.030    ComputerName: BÄR  UserName: 
19:21:35.255    Initialze error 1 
19:21:36.235    AVAST engine defs: 13050800
19:22:11.626    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b
19:22:11.628    Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR10001 Size: 953869MB BusType: 11
19:22:11.643    Disk 0 MBR read successfully
19:22:11.646    Disk 0 MBR scan
19:22:11.648    Disk 0 unknown MBR code
19:22:11.650    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
19:22:11.653    Disk 0 scanning C:\Windows\system32\drivers
19:22:11.656    Service scanning
19:22:12.361    Modules scanning
19:22:12.366    Disk 0 trace - called modules:
19:22:12.375    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
19:22:12.381    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80051d4060]
19:22:12.387    3 CLASSPNP.SYS[fffff88001201fea] -> nt!IofCallDriver -> [0xfffffa8004635430]
19:22:12.396    5 ACPI.sys[fffff88001183a91] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa8004630230]
19:22:12.403    AVAST engine scan C:\Windows
19:22:12.411    AVAST engine scan C:\Windows\system32
19:22:12.418    AVAST engine scan C:\Windows\system32\drivers
19:22:12.426    AVAST engine scan C:\Users\henning
19:22:12.434    AVAST engine scan C:\ProgramData
19:22:12.441    Scan finished successfully
19:22:53.264    Disk 0 MBR has been saved successfully to "C:\Users\henning\Desktop\MBR.dat"
19:22:53.280    The log file has been saved successfully to "C:\Users\henning\Desktop\aswMBR.txt"
         



Code:
ATTFilter
OTL logfile created on: 10.05.2013 08:46:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\henning\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,88 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,01% Memory free
7,88 Gb Paging File | 6,39 Gb Available in Paging File | 81,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 717,18 Gb Free Space | 82,45% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 41,38 Gb Free Space | 68,97% Space Free | Partition Type: NTFS
 
Computer Name: BÄR | User Name: henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\henning\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\henning\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe ()
PRC - C:\Program Files (x86)\PHotkey\POSD.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PHotkey\GPMTray.exe ()
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe ()
PRC - C:\Program Files (x86)\PHotkey\HCSynApi.exe (TODO: <Company name>)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - c:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - c:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe ()
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1001\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\..\SearchScopes\{08C348DD-4A2A-4D8A-8CB0-76ED069C86DE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1281773549-982182065-3777356010-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.29 12:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.23 18:47:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.04.23 18:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\henning\AppData\Roaming\mozilla\Extensions
[2013.04.23 18:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.29 12:22:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1281773549-982182065-3777356010-1002..\Run: [AshSnap] C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Snap\ashsnap.exe File not found
O4 - HKU\S-1-5-21-1281773549-982182065-3777356010-1002..\Run: [Spotify Web Helper] C:\Users\henning\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - c:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9841AA75-9506-40E5-A902-7CD7ACE4F26D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.10 08:24:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.10 08:24:16 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.10 08:23:43 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\henning\Desktop\JRT.exe
[2013.05.09 19:24:03 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\henning\Desktop\tdsskiller.exe
[2013.05.09 19:19:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\henning\Desktop\aswMBR.exe
[2013.05.08 09:41:08 | 000,000,000 | ---D | C] -- C:\Users\henning\Desktop\mbar
[2013.05.08 09:28:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.07 09:12:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\henning\Desktop\OTL.exe
[2013.05.05 11:44:55 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Malwarebytes
[2013.05.05 11:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.05 11:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.05 11:44:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.05 11:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.05 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Programs
[2013.05.04 09:44:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\photoOptimizeHistoryDataBase
[2013.05.04 09:44:12 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Ashampoo Photo Optimizer Medion
[2013.05.04 09:40:33 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Ashampoo
[2013.05.03 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.03 10:12:30 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\MediaServer
[2013.05.03 10:06:15 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\CyberLink
[2013.04.29 12:22:42 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.04.29 12:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.04.29 12:22:41 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.04.29 12:22:39 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.04.29 12:22:39 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.04.29 12:22:26 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.04.29 12:22:25 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.04.29 12:22:23 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.04.29 12:21:56 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.29 12:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.04.29 12:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.04.29 11:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2013.04.26 10:41:33 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\vlc
[2013.04.26 10:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.26 10:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.04.26 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\modul5
[2013.04.26 09:37:33 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Med
[2013.04.26 09:37:30 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\LernBär Modul 4
[2013.04.26 09:37:28 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Krankenkasse
[2013.04.26 09:37:27 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Bilder
[2013.04.26 09:37:11 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Arbeit
[2013.04.26 09:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.26 09:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.26 09:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.04.26 08:45:31 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013.04.26 08:45:30 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013.04.26 08:45:29 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013.04.26 08:45:22 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.04.26 08:45:21 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013.04.26 08:45:21 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013.04.26 08:45:20 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013.04.26 08:45:20 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013.04.26 08:45:20 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013.04.26 08:45:19 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013.04.26 08:45:19 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013.04.26 08:45:17 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013.04.26 08:45:17 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013.04.26 08:45:16 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.04.26 08:45:15 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013.04.26 08:45:15 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.04.26 08:45:15 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.04.26 08:45:15 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.04.26 08:45:15 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.04.26 08:45:15 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013.04.26 08:45:14 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.04.26 08:45:14 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013.04.26 08:45:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013.04.26 08:45:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013.04.25 19:22:33 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2013.04.25 19:22:33 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2013.04.25 19:22:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2013.04.25 19:22:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2013.04.25 19:22:30 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013.04.25 19:22:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013.04.25 19:22:30 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013.04.25 19:22:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.04.25 19:22:30 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013.04.25 19:22:30 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.04.25 19:22:13 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2013.04.25 19:22:11 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2013.04.25 19:22:09 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013.04.25 19:22:09 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013.04.25 19:22:08 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2013.04.25 19:22:08 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.04.25 19:22:07 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.04.25 19:22:07 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2013.04.25 19:22:07 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013.04.25 19:22:07 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013.04.25 19:22:07 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013.04.25 19:22:03 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2013.04.25 19:22:03 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013.04.25 19:22:02 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2013.04.25 19:22:02 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2013.04.25 19:22:02 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013.04.25 19:22:02 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2013.04.25 19:22:02 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2013.04.25 19:22:02 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2013.04.25 19:22:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2013.04.25 19:22:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2013.04.25 19:22:02 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2013.04.25 19:22:01 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.04.25 19:22:00 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.04.25 19:22:00 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2013.04.25 19:21:59 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2013.04.25 19:21:59 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2013.04.25 19:21:59 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013.04.25 19:21:58 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2013.04.25 19:21:58 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2013.04.25 19:21:58 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2013.04.25 19:21:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2013.04.25 19:21:58 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2013.04.25 19:21:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2013.04.25 19:21:57 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2013.04.25 19:21:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2013.04.25 19:21:57 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2013.04.25 19:21:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2013.04.25 19:21:55 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2013.04.25 19:21:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2013.04.25 19:21:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2013.04.25 19:21:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2013.04.25 18:22:13 | 000,692,576 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.25 18:22:13 | 000,078,176 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.25 18:17:03 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013.04.25 17:52:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013.04.25 17:52:44 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013.04.25 17:52:44 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013.04.25 17:52:44 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013.04.25 17:52:43 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.04.25 17:52:43 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.04.25 17:52:09 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013.04.25 17:52:09 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013.04.25 17:52:09 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013.04.25 17:52:08 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013.04.25 17:52:06 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013.04.25 17:52:06 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013.04.25 17:52:06 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013.04.25 17:52:06 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013.04.25 17:52:05 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.04.25 17:52:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013.04.25 17:52:05 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013.04.25 17:52:04 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013.04.25 17:52:04 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013.04.25 17:52:04 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.04.25 17:52:04 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013.04.25 17:52:04 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.04.25 17:52:04 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013.04.25 17:52:04 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013.04.25 17:52:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013.04.25 17:52:04 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013.04.25 17:52:04 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013.04.25 17:52:04 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013.04.25 17:52:04 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013.04.25 17:52:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013.04.25 17:52:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013.04.25 17:51:49 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.04.25 17:51:48 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013.04.25 17:51:47 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.04.25 17:51:45 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.25 17:51:43 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.25 17:51:42 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013.04.25 17:51:42 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013.04.25 17:51:42 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013.04.25 17:51:42 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013.04.25 17:51:42 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013.04.25 17:51:42 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013.04.25 17:51:42 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013.04.25 17:51:42 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013.04.25 17:51:41 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.25 17:51:41 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.04.25 17:51:41 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013.04.25 17:51:41 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.04.25 17:51:41 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013.04.25 17:51:41 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013.04.25 17:51:41 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013.04.25 17:51:41 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013.04.25 17:51:40 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.04.25 17:51:40 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013.04.25 17:51:40 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013.04.25 17:51:40 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.04.25 17:51:40 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.04.25 17:51:40 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013.04.25 17:51:39 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.04.25 17:51:39 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013.04.25 17:51:39 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013.04.25 17:51:39 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013.04.25 17:51:39 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013.04.25 17:51:39 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013.04.25 17:51:39 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.04.25 17:51:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013.04.25 17:51:39 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.04.25 17:51:38 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.04.25 17:51:38 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.04.25 17:51:38 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013.04.25 17:51:38 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013.04.25 17:51:38 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013.04.25 17:51:38 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013.04.25 17:51:38 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.04.25 17:51:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.04.25 17:51:38 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.04.25 17:51:38 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.04.25 17:51:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.04.25 17:51:37 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013.04.25 17:51:36 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013.04.25 17:51:36 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013.04.25 17:51:36 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013.04.25 17:51:36 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013.04.25 17:51:36 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013.04.25 17:51:36 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013.04.25 17:51:36 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013.04.25 17:51:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013.04.25 17:51:35 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.04.25 17:51:35 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013.04.25 17:51:35 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013.04.25 17:51:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013.04.25 17:51:35 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.04.25 17:51:35 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013.04.25 17:51:35 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013.04.25 17:51:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.04.25 17:51:35 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013.04.25 17:51:35 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013.04.25 17:51:35 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013.04.25 17:51:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2013.04.25 17:51:34 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2013.04.25 17:51:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2013.04.25 17:51:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2013.04.25 17:51:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2013.04.25 17:51:04 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.04.25 17:51:01 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.04.25 17:50:56 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.04.25 17:50:56 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013.04.25 17:50:56 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013.04.25 17:50:56 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013.04.25 17:50:56 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.04.25 17:50:56 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013.04.25 17:50:56 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.04.25 17:50:56 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013.04.25 17:50:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013.04.25 17:50:56 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013.04.25 17:50:56 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.04.25 17:50:56 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.04.25 17:50:56 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013.04.25 17:50:56 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.04.25 17:50:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013.04.25 17:50:55 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013.04.25 17:50:55 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013.04.25 17:50:55 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013.04.25 17:50:55 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.04.25 17:50:55 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013.04.25 17:50:55 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.04.25 17:50:55 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013.04.25 17:50:55 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013.04.25 17:50:55 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013.04.25 17:50:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2013.04.25 17:50:55 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013.04.25 17:50:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013.04.25 17:50:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013.04.25 17:50:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013.04.25 17:50:45 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.04.25 17:50:45 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.04.25 17:50:44 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.04.25 17:50:44 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.04.25 17:50:42 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.04.25 17:50:42 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013.04.25 17:50:42 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013.04.25 17:50:42 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013.04.25 17:50:42 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013.04.24 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Macromedia
[2013.04.24 20:13:17 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\OpenOffice.org
[2013.04.24 20:03:14 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Apple Computer
[2013.04.24 20:03:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Apple Computer
[2013.04.24 20:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.04.24 20:02:23 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.04.24 20:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.04.24 20:01:14 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.04.24 20:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.04.24 19:55:51 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Apple
[2013.04.24 19:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.04.24 19:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.04.24 19:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.24 19:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.04.24 19:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.04.24 19:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.04.24 19:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.04.24 19:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\redist
[2013.04.24 19:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\readmes
[2013.04.24 19:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\licenses
[2013.04.24 19:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.24 19:06:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Foxit Software
[2013.04.24 19:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.04.24 18:58:05 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Spotify
[2013.04.24 18:57:23 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Spotify
[2013.04.24 18:35:14 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.24 18:35:10 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.04.24 18:35:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.24 18:35:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.24 18:35:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.24 18:35:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.24 18:35:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.24 18:35:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.24 18:35:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.24 18:35:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.04.24 18:35:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.24 18:35:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.04.24 18:35:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.24 18:35:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.24 18:35:08 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013.04.24 18:35:08 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013.04.24 18:34:48 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.24 18:34:46 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.04.24 18:34:46 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.04.24 18:34:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013.04.24 18:34:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013.04.24 18:34:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013.04.24 18:34:46 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013.04.24 18:34:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013.04.24 18:34:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013.04.24 18:34:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013.04.24 18:34:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013.04.24 18:34:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013.04.24 18:34:46 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013.04.24 18:34:46 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013.04.24 18:34:46 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013.04.24 18:34:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.04.24 18:34:36 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013.04.24 18:34:35 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013.04.24 18:34:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013.04.24 18:34:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013.04.24 18:34:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.04.24 18:34:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.04.24 18:34:27 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.04.24 18:34:27 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.04.24 18:34:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.04.24 18:34:27 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.04.24 18:34:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.04.24 18:34:27 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.04.24 18:34:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013.04.24 18:34:27 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013.04.23 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Lenovo
[2013.04.23 18:59:12 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\My Videos
[2013.04.23 18:53:31 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Avatar
[2013.04.23 18:52:41 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\CyberLink
[2013.04.23 18:47:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Mozilla
[2013.04.23 18:47:13 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Mozilla
[2013.04.23 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.04.23 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.23 18:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.23 18:28:07 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Macromedia
[2013.04.23 18:27:10 | 000,000,000 | ---D | C] -- C:\Users\henning\Documents\Youcam
[2013.04.23 18:27:07 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\CyberLink
[2013.04.23 18:25:42 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Power2Go8
[2013.04.23 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.23 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\henning\Searches
[2013.04.23 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\henning\Contacts
[2013.04.23 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.23 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Adobe
[2013.04.23 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\VirtualStore
[2013.04.23 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Packages
[2013.04.23 18:22:51 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Intel
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Vorlagen
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\AppData\Local\Verlauf
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\AppData\Local\Temporary Internet Files
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Startmenü
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\SendTo
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Recent
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Netzwerkumgebung
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Lokale Einstellungen
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Documents\Eigene Videos
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Documents\Eigene Musik
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Eigene Dateien
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Documents\Eigene Bilder
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Druckumgebung
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Cookies
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\AppData\Local\Anwendungsdaten
[2013.04.23 18:22:47 | 000,000,000 | -HSD | C] -- C:\Users\henning\Anwendungsdaten
[2013.04.23 18:22:46 | 000,000,000 | --SD | C] -- C:\Users\henning\AppData\Roaming\Microsoft
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Videos
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Saved Games
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Pictures
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Music
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Links
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Favorites
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Downloads
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Documents
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\Desktop
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.23 18:22:46 | 000,000,000 | R--D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.04.23 18:22:46 | 000,000,000 | -H-D | C] -- C:\Users\henning\AppData
[2013.04.23 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Temp
[2013.04.23 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\henning\Roaming
[2013.04.23 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Local\Microsoft
[2013.04.23 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.23 18:22:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.10 08:38:15 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.05.10 08:36:12 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.10 08:36:08 | 3336,159,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.10 08:31:28 | 000,628,743 | ---- | M] () -- C:\Users\henning\Desktop\adwcleaner.exe
[2013.05.10 08:23:44 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\henning\Desktop\JRT.exe
[2013.05.10 08:19:05 | 003,227,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.10 08:19:05 | 000,754,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.10 08:19:05 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.10 08:19:05 | 000,156,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.10 08:19:05 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.09 21:02:00 | 000,076,688 | ---- | M] () -- C:\Users\henning\Desktop\Report-antonia.pdf
[2013.05.09 19:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 19:24:07 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\henning\Desktop\tdsskiller.exe
[2013.05.09 19:22:53 | 000,000,512 | ---- | M] () -- C:\Users\henning\Desktop\MBR.dat
[2013.05.09 19:20:50 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\henning\Desktop\aswMBR.exe
[2013.05.08 09:41:10 | 000,000,864 | ---- | M] () -- C:\Users\henning\Desktop\mbar-1.05.0.1001.zip
[2013.05.08 09:24:50 | 000,024,433 | ---- | M] () -- C:\Users\henning\Desktop\Unbenannt 1.odt
[2013.05.08 09:22:21 | 000,377,856 | ---- | M] () -- C:\Users\henning\Desktop\gmer_2.1.19163.exe
[2013.05.07 09:12:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\henning\Desktop\OTL.exe
[2013.05.05 11:44:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.29 12:29:22 | 000,326,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.29 12:27:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.04.29 12:22:42 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.26 10:32:29 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.26 09:49:02 | 000,000,913 | ---- | M] () -- C:\Users\henning\Desktop\Dokumente.lnk
[2013.04.24 20:03:09 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.24 18:58:04 | 000,001,814 | ---- | M] () -- C:\Users\henning\Desktop\Spotify.lnk
[2013.04.23 18:47:04 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.10 08:31:28 | 000,628,743 | ---- | C] () -- C:\Users\henning\Desktop\adwcleaner.exe
[2013.05.09 21:02:00 | 000,076,688 | ---- | C] () -- C:\Users\henning\Desktop\Report-antonia.pdf
[2013.05.09 19:22:53 | 000,000,512 | ---- | C] () -- C:\Users\henning\Desktop\MBR.dat
[2013.05.08 09:39:24 | 000,000,864 | ---- | C] () -- C:\Users\henning\Desktop\mbar-1.05.0.1001.zip
[2013.05.08 09:24:45 | 000,024,433 | ---- | C] () -- C:\Users\henning\Desktop\Unbenannt 1.odt
[2013.05.08 09:22:20 | 000,377,856 | ---- | C] () -- C:\Users\henning\Desktop\gmer_2.1.19163.exe
[2013.05.05 11:44:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.29 12:29:10 | 000,326,896 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.29 12:22:42 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.29 12:22:26 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.04.29 12:22:26 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.04.29 12:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.04.26 10:32:29 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.26 09:49:02 | 000,000,913 | ---- | C] () -- C:\Users\henning\Desktop\Dokumente.lnk
[2013.04.26 09:38:26 | 000,704,036 | ---- | C] () -- C:\Users\henning\Documents\Sedcard Antonia Hoppe.pdf
[2013.04.26 09:38:26 | 000,080,317 | ---- | C] () -- C:\Users\henning\Documents\Setcard Antonia Hoppe
[2013.04.26 09:38:25 | 000,711,321 | ---- | C] () -- C:\Users\henning\Documents\Sedcard Antonia Hoppe HostessServicekraft.pdf
[2013.04.26 09:38:25 | 000,178,051 | ---- | C] () -- C:\Users\henning\Documents\Sedcard Antonia Hoppe (2).PDF
[2013.04.26 09:38:25 | 000,161,970 | R--- | C] () -- C:\Users\henning\Documents\Potential Allstars Sedcard-Angaben.pdf
[2013.04.26 09:38:25 | 000,092,847 | ---- | C] () -- C:\Users\henning\Documents\Porträt.JPG
[2013.04.26 09:38:25 | 000,092,345 | ---- | C] () -- C:\Users\henning\Documents\Lebenslauf mit Lichtbild.pdf
[2013.04.26 09:38:25 | 000,068,702 | ---- | C] () -- C:\Users\henning\Documents\IMG_4079.JPG
[2013.04.26 09:38:24 | 000,068,884 | ---- | C] () -- C:\Users\henning\Documents\Ganzkörper.JPG
[2013.04.26 09:38:24 | 000,065,024 | ---- | C] () -- C:\Users\henning\Documents\Bahncard Kündigung
[2013.04.26 09:38:24 | 000,012,446 | ---- | C] () -- C:\Users\henning\Documents\Brief an das FA
[2013.04.25 17:51:39 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.04.24 20:03:09 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.24 19:55:49 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.04.24 19:54:14 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.24 18:58:04 | 000,001,814 | ---- | C] () -- C:\Users\henning\Desktop\Spotify.lnk
[2013.04.24 18:58:04 | 000,001,800 | ---- | C] () -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.04.23 18:47:04 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.23 18:47:04 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.23 18:25:03 | 000,001,442 | ---- | C] () -- C:\Users\henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.23 18:24:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\MEDION_NB_P6638_20051921.mrk
[2012.11.15 14:35:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.11.15 13:29:20 | 005,152,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.09 00:28:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.09 00:28:55 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.11.09 00:28:55 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.08 21:51:38 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files (x86)\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012.11.15 14:36:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         


Code:
ATTFilter
OTL Extras logfile created on: 10.05.2013 08:46:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\henning\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,88 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,01% Memory free
7,88 Gb Paging File | 6,39 Gb Available in Paging File | 81,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 717,18 Gb Free Space | 82,45% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 41,38 Gb Free Space | 68,97% Space Free | Partition Type: NTFS
 
Computer Name: BÄR | User Name: henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0005A9B1-A008-4796-9A60-450D4041AE93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0775BEEC-803C-4816-8B03-341A0F2C9AC6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0BA2798F-CA53-4CC0-9476-939ABC04E4D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{124215A1-1E03-435C-B24F-ADCA1D8411B8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{302092B5-DC80-476C-8B4A-CB71664F858F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{31231A3F-62FC-4AC9-AE6C-67B58BDA5A9B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3A82E2B1-6D9D-42E0-88E2-0463BBC62BA9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6209049D-56E4-4C51-8B2B-218364A8EF3C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6778CFA2-BE97-42C9-932C-58A38180BDC1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6A38B9FA-5D49-4302-ADC9-14C49A6BF2DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6EFA0D57-CB72-4A16-800E-DB610752AB84}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7B6AB435-F956-4EAF-BD49-96DFE45862FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B2F58D7-46FC-497E-BE41-05315B88F14D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EFC7751-88EB-4AE7-A686-C17C576DE2ED}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F54C6BC-460C-4463-AE15-15DA54D96614}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F77360B-198E-4D71-AA1B-ED4F905101A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95B4B7DC-6021-4C14-A9FA-E6A77CBB1CA4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A67BEC96-47AB-4F38-99E2-23DE72CD90B8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AA617932-50CB-4DD4-8146-2667E8EC0120}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B3C18A7A-A3B3-4497-94F4-25748C9A9EE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B68E5BEC-81B2-4FFF-B762-751555FF1AE3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E35F4C65-B643-4484-A629-CC3910941402}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB33CFB4-BF56-476A-BF0C-794D23EE3AF9}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5FA1DB-1119-4E58-8C1C-8352F58AE430}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{10DE0ED0-871D-4C58-9A45-2608FF9562C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{110A880A-2BBB-481C-BD36-BB23689BEA7F}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{15FC3FFE-3DAA-49D7-8766-935455E01319}" = dir=out | name=wordament | 
"{1DD9C24F-C34C-4242-970A-59D8546BE18F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{204A76A6-6969-43B7-B127-1CBAFB8D98C7}" = dir=out | name=microsoft mahjong | 
"{22ED19A2-620B-427C-9148-CAD1A0B47FDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A00176F-1135-471F-BCA2-DDD383D4CCC3}" = dir=out | name=adera | 
"{2CD4700E-2F1B-4AC0-A643-C5998CEE86DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DD5B198-F19D-4922-829F-3351C1514726}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DF87CA4-9215-400D-ADF5-01C6A661F128}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{3495892C-F953-40BF-8751-0A490526EA1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{36A47206-6651-4E46-B5E5-6DFFEB87DCF2}" = dir=out | name=microsoft minesweeper | 
"{376ABBD0-FA97-4CB6-929C-7B1EEA4E8195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A27FC7A-F11E-470F-BFF6-804DEDA4F83B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{3F46C518-30FF-40D5-A5AA-DD5ADDAEC076}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{42C165C6-58F4-4C9A-92FE-907C178867B1}" = dir=out | name=windows_ie_ac_001 | 
"{4840850F-C69D-469A-AC3D-0815E3E67A61}" = dir=out | name=taptiles | 
"{48EE32AA-3627-4117-964A-63260503D7F4}" = dir=out | name=windows_ie_ac_001 | 
"{5BAF0E41-95C0-46A1-9713-30E28457C345}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{610E8104-27BF-4C2C-8C03-01DCAA4D3C91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63C40546-F4FD-4A36-868B-0025B6F14003}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{6493CCFA-AB7E-40F8-9DC7-09F312ED292C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{693DF6D8-E576-405B-9AF9-6D07067DE671}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 
"{6C7FA854-9BF2-4429-9303-EC7D9202B0CA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{6DC80B60-BD6E-4266-8B39-06D16E96B302}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7193D5D5-DAC6-4EEB-92FA-0792EE07F908}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{71D067CA-43A8-4DE6-A91D-7C64B1535556}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7261C1EE-D68E-4A75-ABD2-1BD51B7B314E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{7559C612-737A-438C-BC54-BA6A85784CB7}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{7AFFC3DC-9BCE-4C0E-9473-C0A6A7ACADA7}" = dir=out | name=microsoft solitaire collection | 
"{7E3D863E-61E1-4ED0-B0B1-325C57C9BB70}" = dir=out | name=youcam for medion | 
"{804DBC88-CBD3-48BE-A5C7-3978474C523F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{85F4B98A-B13C-4D6A-8E8A-E5E1C3A69415}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{919726A9-217D-45A2-BF48-2A92546D0B29}" = dir=out | name=pentomino | 
"{93D3F2E1-9CCF-4D3A-B33C-B5AC70152072}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{9A541657-6769-428D-83CA-4B28C27307C3}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9EADB734-EA18-4DC6-9192-A5E3320B32DA}" = protocol=6 | dir=out | app=system | 
"{A73909CD-1B1A-4153-B6FD-BF1609D8B33A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3F64DA3-34A9-4ABD-84B6-4638F0D4E63C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{B6A1D9B6-B73A-4BDC-BD8D-C720A3058854}" = dir=out | name=accuweather for windows 8 | 
"{B9C5719D-83AA-4C2B-8884-8B0A300847C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BCC135C9-A9CE-4CE1-9A24-B947559B901C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{C0C263E3-6902-4054-B970-5534E9E604B4}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{D7BCB6B7-CBDC-46DB-A9EC-F4DBFC145AB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DA160ECD-3DF1-429D-AE0E-A0F3533A74C3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E428B22D-9916-4D24-B8C4-5F30B57A7190}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E5C3A63B-08C6-4810-B142-72ABDA5BBAF6}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7A02481-A59D-4A8E-96DE-A6721150FB43}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{EDB85A50-417D-4E4F-AF1B-EB05C9587E60}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{F13E2EFA-EB15-41E6-8C70-95FD0696C12F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1B0DF1B-3D3C-497E-BC9C-1B0AA4DED05B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F50C924C-F439-4563-9928-793CC1CC6BBD}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{FB6A9B97-7A66-4949-BE42-00083FA60531}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{FC44FF5A-9C74-4172-BFB5-F20CD0DA4928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{774B5691-9C74-4A51-8226-6E4C793B96BF}C:\users\henning\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\henning\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1436310F-1ADE-49AF-9FC9-9E7971F54712}C:\users\henning\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\henning\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1281773549-982182065-3777356010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 10.05.2013 02:36:03 | Computer Name = Bär | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 10.05.2013 02:39:28 | Computer Name = Bär | Source = DCOM | ID = 10010
Description = 
 
Error - 10.05.2013 02:39:28 | Computer Name = Bär | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
 
 
< End of report >
         

Alt 10.05.2013, 19:58   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Hm, hast du aswMBR mit dem adwCleaner verwechselt?
Jedenfallls ist das Log von aswMBR gepostet worden, nicht aber das vom AdwCleaner

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.05.2013, 09:50   #21
HilfeHilfeH
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Hoppla

Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 10/05/2013 um 08:32:27 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : henning - BÄR
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\henning\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\henning\AppData\Roaming\Mozilla\Firefox\Profiles\n2ts2czy.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [700 octets] - [10/05/2013 08:32:27]

########## EOF - C:\AdwCleaner[S1].txt - [759 octets] ##########
         

Alt 12.05.2013, 21:02   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.05.2013, 12:40   #23
HilfeHilfeH
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



So, hier die Logs. Sieht gut aus, schätze ich. Soll ich die ganzen Programme jetzt einfach deinstallieren? Oder soll ich eins davon behalten?
Da befinden sich jetzt auch noch Systemdateien auf dem Desktop, kann ich die einfach löschen oder was soll ich damit machen?

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.13.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
henning :: BÄR [Administrator]

13.05.2013 19:47:39
mbam-log-2013-05-13 (19-47-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 604269
Laufzeit: 1 Stunde(n), 39 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=870d695e0aff0d449b7a7703b9f91bda
# engine=13825
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-14 10:09:33
# local_time=2013-05-14 12:09:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=774 16777213 85 91 1294941 145239645 0 0
# compatibility_mode=5893 16776574 100 94 358458 17253489 0 0
# scanned=381185
# found=0
# cleaned=0
# scan_time=8157
         

Alt 14.05.2013, 14:38   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.05.2013, 21:44   #25
HilfeHilfeH
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



VIELEN VIELEN DANK!

Eigentlich melde ich mich im Internet sowieso immer neu an FB, Ebay....), aber ich schau mir das mal an. Danke für den Tip.

Was mach ich denn nun mit den ganzen Programmen, die sich jetzt auf meinem Desktop befinden? Nützen die mir noch irgendwas? Oder soll ich sie einfach deinstallieren und löschen?
Und die Systemdateien? Da wrd ich immer gearnt, wenn ich die verschieben will?!

Alt 15.05.2013, 11:27   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.05.2013, 15:59   #27
HilfeHilfeH
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Alles klar, Programme sind runter, und Secunia läuft

Vielen vielen Dank nochmal für die Hilfe und auch für die ganzen Tips!!!

Alt 18.05.2013, 09:05   #28
HilfeHilfeH
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Eine Frage hätte ich aber doch noch: dass der Virus im Container von avast noch angezeigt wird, hat sicher nichts zu bedeuten, oder? Kann ich ihn da jetzt einfach rauslöschen oder wie soll ich damit verfahren?

Alt 19.05.2013, 00:21   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - Standard

Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?



Was habt ihr alle immer nur mit der Quarantäne?
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?
avast, container, datei, dateiname, downloads, externe, externe festplatte, externer, festplatte, gescannt, gestern, logdatei, malwarebytes, platte, poste, posten, protokoll, scan, scanner, schonmal, troja, trojaner, updated, virus, vollständige



Ähnliche Themen: Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?


  1. nsp5384.tmp und SPSetup[1].exe in Virus Container Avast
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (17)
  2. Windows 7: Rootkit durch Avast Internet Security blockiert und in Virus Container verschoben
    Log-Analyse und Auswertung - 31.05.2014 (26)
  3. Verdacht: Trojaner auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (17)
  4. Trojaner in avast nicht im Container
    Log-Analyse und Auswertung - 25.12.2013 (5)
  5. Avast hat NSIS - Adware gefunden und in Container verschoben - wie ins Board hochladen ?
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (2)
  6. PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (24)
  7. Trojaner Sirefef.Ag.9/Pidief.hck auf 2 PCs + externer Festplatte
    Log-Analyse und Auswertung - 26.02.2013 (3)
  8. Avast-Meldung: Datei "800000cb.@ TR..." gefunden und in Container verschoben
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (3)
  9. Archivbomben auf externer Festplatte durch Avast gemeldet
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (12)
  10. Trojaner versteckt Dateien auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  11. Avast entdeckte Trojaner und Rootkit,in Container verschoben Laptop sauber?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (3)
  12. Infizierte Dateien können nach dem Scannen nicht gelöscht bzw. in den Container verschoben werden
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (11)
  13. Avast findet "Win32 Virut" auf Externer Festplatte
    Log-Analyse und Auswertung - 20.10.2010 (7)
  14. Avast Container
    Antiviren-, Firewall- und andere Schutzprogramme - 16.01.2010 (2)
  15. Trojaner (trojan.downloader) auf externer Festplatte.
    Log-Analyse und Auswertung - 18.05.2009 (0)
  16. Trojaner auf externer Festplatte
    Mülltonne - 03.07.2008 (0)
  17. Darf ich Infizierte Dateien aus dem Avast Container löschen?
    Antiviren-, Firewall- und andere Schutzprogramme - 05.04.2007 (2)

Zum Thema Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? - aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Starte die aswMBR.exe - ( aswMBR.exe Anleitung ) Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator - Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt?...
Archiv
Du betrachtest: Trojaner von externer Festplatte in avast! Container verschoben. Und jetzt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.