JS:Redirector-OM[Trj] Seite Blockiert

elleas · 06.05.2012, 19:23

Hallo!

Kurz zu meinem Problem. Als ich gestern auf der Seite einer lokalen Kirche surfte, um dort Termine für den Gottesdienst zu finden, wurde mir von Avast, nachdem ich einen Unterseite angeklickt hatte, folgende Meldung angezeigt:

JS:Redirector-OM[Trj] - Der Zugriff auf die Seite wurde blockiert.

Soweit, so gut. Ich dachte mir, besser sicher gehen und habe mein gesamtes System mit Avast geprüft. Keine Funde. Da ich neue Dateien grundsätzlich immer schnell auf meiner externen Festplatte speichere, hielt ich es für keinen großen Verlust mein System zur Sicherheit zurück zu setzen. Habe dies auch getan, auf einen Zeitpunkt 3 Tage vorher. Dies verlief ohne Zwischenfälle. Nach dem Neustart war die Uhrzeit allerdings auf ca. 9 Stunden zurück eingestellt. Habe dies behoben. Beim nächsten Start von Chrome, in dem einige Tabs einer letzten Sitzung gespeichert waren, habe ich dann wieder Meldung erhalten, dass der Zugriff auf eine Seite blockiert wurde:

URL: hxxp://img.pcsearcht.com/1pc_300x250.html
Prozess: C:\Users\Julia.Julia-PC\AppData\Local\Google\Chrome\Application\chrome.exe
Infektion: URL:Mal

Habe, um festzustellen ob das Problem von einem der Tabs herrührt, diese dann geschlossen und Chrome erneut gestartet. Die gleiche Meldung erschien erneut. Konnte mir auch nicht erklären, woher es kam. Habe nur Seiten besucht, die ich auch normalerweise immer besuche und bisher noch keine Probleme hatte. So zB gmx, twitter, livejournal.
Danach musste ich noch fort, habe den Pc aber angelassen. Als ich zurück kam, war er im Ruhezustand und als ich ihn dann wieder startete, war die Uhrzeit erneut ca. 9 Stunden zurück gestellt.

Darauf habe ich nun einen scan mit Malwarebytes durchgeführt und logs mit OTL erstellt. Diese befinden sich im Anhang.
Da mich vor allem das Zurücksetzen der Uhrzeit irritiert hat, hoffe ich doch, dass mir jemand bei meinem Problem helfen kann. Vielen Dank.

cosinus · 07.05.2012, 11:44

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

elleas · 07.05.2012, 12:12

Danke fürs Annehmen des Problems!
Habe erst vor ca. 3 Wochen mein System neu aufsetzen müssen. Bzw ein Bekannter hat es gemacht, weil ich selbst es versucht, aber gescheitert war.
Daher sind dies jetzt die ersten Logs, die ich auf dem neuen System gemacht habe.

cosinus · 07.05.2012, 13:27

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

elleas · 07.05.2012, 23:22

Habe das Programm über Chrome ausgeführt und da keine Besonderheit aufgeführt waren, hoffe ich alles richtig gemacht zu haben.

Hier der Inhalt der log.txt

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77a7e6941542604f85c532647688e6df
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-07 10:42:28
# local_time=2012-05-07 03:42:28 (-0800, Pacific Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 87970717 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=107702
# found=0
# cleaned=0
# scan_time=3280
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77a7e6941542604f85c532647688e6df
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-08 07:12:52
# local_time=2012-05-08 12:12:52 (-0800, Pacific Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 88001164 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=141349
# found=1
# cleaned=0
# scan_time=3459
H:\Julia\Dokumente\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

cosinus · 08.05.2012, 10:44

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

elleas · 08.05.2012, 11:53

Habe bisher keine Beeinträchtigungen bei der Benutzung bemerkt. Nutze den Computer weiterhin wie bisher, allerdings ohne Seiten zu besuchen, die Passworteingabe erfordern.

Habe eben auch das Startmenü untersucht und verschiedene Ordner geöffnet, angklickt etc. Alles vorhanden wie gewohnt.

cosinus · 08.05.2012, 12:12

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

elleas · 08.05.2012, 13:10

Okay, erledigt. Hier Inhalt der OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.05.2012 13:51:03 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Julia.Julia-PC\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 69,28% Memory free
7,71 Gb Paging File | 6,28 Gb Available in Paging File | 81,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 196,23 Gb Total Space | 157,65 Gb Free Space | 80,34% Space Free | Partition Type: NTFS
Drive D: | 269,53 Gb Total Space | 269,08 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
 
Computer Name: JULIA-PC | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Julia.Julia-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3727396773-1165147163-1533710087-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-21-3727396773-1165147163-1533710087-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3727396773-1165147163-1533710087-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3727396773-1165147163-1533710087-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 0E EB 95 99 2C CD 01  [binary data]
IE - HKU\S-1-5-21-3727396773-1165147163-1533710087-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3727396773-1165147163-1533710087-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3727396773-1165147163-1533710087-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julia.Julia-PC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julia.Julia-PC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.24 05:50:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.24 05:50:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Julia.Julia-PC\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julia.Julia-PC\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julia.Julia-PC\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Julia.Julia-PC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Julia.Julia-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Julia.Julia-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Julia.Julia-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Google Mail = C:\Users\Julia.Julia-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Julia.Julia-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Julia.Julia-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4323E8C4-59F5-4BF5-8806-B7FDCD3ECF8F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.07 14:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.06 11:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.06 11:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.05.05 21:05:57 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Julia.Julia-PC\Desktop\OTL.exe
[2012.05.05 19:34:49 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Malwarebytes
[2012.05.05 19:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.05 19:34:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.05 19:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.05 19:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.05 12:01:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.05.03 17:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CS5
[2012.05.01 22:38:25 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.01 22:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.05.01 22:38:20 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012.05.01 22:38:16 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.05.01 22:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.05.01 22:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.05.01 22:37:34 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\DVDVideoSoft
[2012.05.01 02:32:41 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\Desktop\hjsplit
[2012.04.29 21:04:35 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\WinRAR
[2012.04.29 21:04:35 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.29 21:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.29 21:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.04.28 17:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.04.28 17:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.04.28 17:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.04.28 17:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.04.28 17:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.04.28 12:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\virtualdub
[2012.04.27 00:50:43 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\vlc
[2012.04.27 00:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.04.27 00:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.04.25 19:02:56 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
[2012.04.25 19:02:47 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\AOL
[2012.04.24 05:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.04.24 05:52:48 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\HP
[2012.04.24 05:52:47 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\HP
[2012.04.24 05:50:58 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Yahoo!
[2012.04.24 05:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012.04.24 05:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.04.24 05:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.04.24 05:49:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.04.24 05:48:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.04.24 05:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012.04.24 05:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012.04.24 05:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.04.24 05:47:13 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.04.24 05:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.04.23 11:36:54 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Microsoft Games
[2012.04.22 21:49:05 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\twitter
[2012.04.22 21:48:33 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck
[2012.04.22 21:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twitter
[2012.04.22 12:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012.04.22 12:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.04.22 12:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.04.22 12:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.04.22 12:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.04.22 12:40:36 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Microsoft Help
[2012.04.22 12:07:57 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Macromedia
[2012.04.22 12:07:57 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Adobe
[2012.04.22 12:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\CS5
[2012.04.22 11:59:15 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.04.22 11:58:53 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Google
[2012.04.22 11:58:33 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Apps
[2012.04.22 11:58:32 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Deployment
[2012.04.22 11:56:44 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Broadcom
[2012.04.22 11:56:44 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\Documents\Bluetooth-Exchange-Ordner
[2012.04.22 11:54:46 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Sony Corporation
[2012.04.22 11:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.04.22 11:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2012.04.22 11:27:40 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Intel Corporation
[2012.04.22 11:25:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.04.22 11:25:47 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.04.22 11:25:47 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.04.22 11:25:47 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.04.22 11:25:47 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.04.22 11:25:47 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.04.22 11:25:46 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.04.22 11:25:46 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.04.22 11:25:46 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.04.22 11:25:46 | 000,321,536 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.04.22 11:25:46 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.04.22 11:25:46 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.04.22 11:25:46 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.04.22 11:25:46 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.04.22 11:25:46 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.04.22 11:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.04.22 11:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.04.22 11:23:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.04.22 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.04.22 11:23:06 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\InstallShield
[2012.04.22 11:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012.04.22 11:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.04.22 10:56:21 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\ATI
[2012.04.22 10:56:21 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\ATI
[2012.04.22 10:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.04.22 10:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.04.22 10:38:51 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2012.04.22 10:38:51 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2012.04.22 03:01:31 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.04.22 03:01:31 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.04.22 03:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.04.22 03:01:30 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.04.22 03:01:30 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.04.22 03:01:30 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.04.22 03:01:30 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.04.22 03:01:29 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.04.22 03:01:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.04.22 03:01:13 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.04.22 00:42:22 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Virtual Machines
[2012.04.22 00:42:22 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.04.22 00:42:22 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Searches
[2012.04.22 00:42:22 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.04.22 00:42:08 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Identities
[2012.04.22 00:42:03 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Contacts
[2012.04.22 00:34:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.04.22 00:02:28 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.04.22 00:01:41 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.04.21 23:59:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.04.21 23:56:51 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\VirtualStore
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Vorlagen
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Verlauf
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Temporary Internet Files
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Startmenü
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\SendTo
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Recent
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Netzwerkumgebung
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Lokale Einstellungen
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Documents\Eigene Videos
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Documents\Eigene Musik
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Eigene Dateien
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Documents\Eigene Bilder
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Druckumgebung
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Cookies
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Anwendungsdaten
[2012.04.21 23:56:28 | 000,000,000 | -HSD | C] -- C:\Users\Julia.Julia-PC\Anwendungsdaten
[2012.04.21 23:56:26 | 000,000,000 | --SD | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Videos
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Saved Games
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Pictures
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Music
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Links
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Favorites
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Downloads
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Documents
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\Desktop
[2012.04.21 23:56:26 | 000,000,000 | R--D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.04.21 23:56:26 | 000,000,000 | -H-D | C] -- C:\Users\Julia.Julia-PC\AppData
[2012.04.21 23:56:26 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Temp
[2012.04.21 23:56:26 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Local\Microsoft
[2012.04.21 23:56:26 | 000,000,000 | ---D | C] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Media Center Programs
[2012.04.21 23:06:44 | 000,000,000 | ---D | C] -- C:\Intel
[2012.04.21 22:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skillbrains
[2012.04.21 22:57:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.04.21 21:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012.04.21 21:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.04.21 20:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.04.21 20:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2012.04.21 20:41:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.04.21 20:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.04.21 20:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.04.21 20:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.04.21 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.04.21 20:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.04.21 20:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.04.21 20:03:15 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2012.04.21 19:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.04.21 18:08:21 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.04.21 18:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012.04.21 18:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.04.21 18:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012.04.21 18:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.04.21 18:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012.04.21 18:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.04.21 18:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.04.21 18:05:16 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.04.21 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.21 17:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.04.21 17:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.04.21 17:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2012.04.21 17:48:53 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.04.21 17:48:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.04.21 09:40:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.04.21 09:40:23 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.04.21 08:44:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.04.21 08:41:25 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.04.21 08:41:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.08 13:03:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3727396773-1165147163-1533710087-1000UA.job
[2012.05.08 12:40:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.08 12:40:20 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3727396773-1165147163-1533710087-1000Core.job
[2012.05.08 11:27:03 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 11:27:03 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 11:19:17 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.06 11:20:52 | 000,043,849 | ---- | M] () -- C:\Users\Julia.Julia-PC\Desktop\logfiles.zip
[2012.05.06 10:28:12 | 000,002,408 | ---- | M] () -- C:\Users\Julia.Julia-PC\Desktop\Google Chrome.lnk
[2012.05.05 21:06:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Julia.Julia-PC\Desktop\OTL.exe
[2012.05.05 19:34:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.05 19:09:24 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.05.05 19:09:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.05.01 09:59:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\WebReg HP Officejet 5600 series.job
[2012.04.30 00:09:33 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.30 00:09:33 | 000,645,740 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.30 00:09:33 | 000,607,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.30 00:09:33 | 000,127,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.30 00:09:33 | 000,104,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.25 19:02:59 | 000,001,101 | ---- | M] () -- C:\Users\Julia.Julia-PC\Desktop\AIM.lnk
[2012.04.24 21:06:08 | 000,415,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.24 05:53:12 | 000,245,500 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012.04.24 05:49:00 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.04.22 11:19:43 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.04.22 10:58:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.04.22 10:33:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.04.21 09:40:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.04.21 08:44:30 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.04.21 08:44:30 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.04.21 08:43:55 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.04.18 13:49:50 | 000,405,176 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
 
========== Files Created - No Company Name ==========
 
[2012.05.06 11:20:52 | 000,043,849 | ---- | C] () -- C:\Users\Julia.Julia-PC\Desktop\logfiles.zip
[2012.05.05 19:34:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.25 19:02:59 | 000,001,101 | ---- | C] () -- C:\Users\Julia.Julia-PC\Desktop\AIM.lnk
[2012.04.24 05:57:07 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\WebReg HP Officejet 5600 series.job
[2012.04.24 05:49:46 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.04.24 05:49:00 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.04.24 05:46:21 | 000,245,500 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.04.24 05:46:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.04.22 11:59:16 | 000,002,408 | ---- | C] () -- C:\Users\Julia.Julia-PC\Desktop\Google Chrome.lnk
[2012.04.22 11:58:55 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3727396773-1165147163-1533710087-1000UA.job
[2012.04.22 11:58:53 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3727396773-1165147163-1533710087-1000Core.job
[2012.04.22 11:41:01 | 000,002,258 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012.04.22 11:19:16 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.04.22 10:58:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.04.22 10:33:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.04.22 03:01:31 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.04.22 03:01:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.04.22 00:42:31 | 000,001,409 | ---- | C] () -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.04.22 00:42:24 | 000,001,443 | ---- | C] () -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.04.22 00:02:47 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.04.22 00:02:26 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.04.22 00:01:49 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012.04.22 00:01:43 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012.04.22 00:01:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.04.22 00:01:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.04.22 00:01:43 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.04.21 09:40:25 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.04.21 09:40:24 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012.04.21 08:43:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.21 08:41:09 | 3106,480,128 | -HS- | C] () -- C:\hiberfil.sys
 
========== LOP Check ==========
 
[2012.05.01 22:38:49 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\DVDVideoSoft
[2012.05.01 22:38:25 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.07.13 22:08:49 | 000,007,938 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.22 12:07:57 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Adobe
[2012.04.22 10:56:21 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\ATI
[2012.05.01 22:38:49 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\DVDVideoSoft
[2012.05.01 22:38:25 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.24 05:57:59 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\HP
[2012.04.22 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Identities
[2012.04.22 11:23:06 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\InstallShield
[2012.04.22 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Intel Corporation
[2012.04.22 12:07:57 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Macromedia
[2012.05.05 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Malwarebytes
[2009.07.14 11:18:19 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Media Center Programs
[2012.04.28 12:35:29 | 000,000,000 | --SD | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft
[2012.04.22 11:54:46 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Sony Corporation
[2012.05.05 19:07:41 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\vlc
[2012.04.29 21:04:50 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\WinRAR
[2012.04.24 05:50:58 | 000,000,000 | ---D | M] -- C:\Users\Julia.Julia-PC\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.04.22 21:48:33 | 000,612,888 | R--- | M] () -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe
[2012.04.22 11:21:56 | 000,010,134 | R--- | M] () -- C:\Users\Julia.Julia-PC\AppData\Roaming\Microsoft\Installer\{935B5086-C002-0FBC-0723-5741D2478EE7}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.11.20 15:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.20 15:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.13 17:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.13 17:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 08.05.2012, 16:08

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

elleas · 08.05.2012, 16:30

Alles wie gewünscht erledigt.

Code:

ATTFilter

 17:24:03.0892 4456	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
17:24:04.0218 4456	============================================================
17:24:04.0219 4456	Current date / time: 2012/05/08 17:24:04.0218
17:24:04.0219 4456	SystemInfo:
17:24:04.0219 4456	
17:24:04.0219 4456	OS Version: 6.1.7601 ServicePack: 1.0
17:24:04.0219 4456	Product type: Workstation
17:24:04.0219 4456	ComputerName: JULIA-PC
17:24:04.0219 4456	UserName: Julia
17:24:04.0219 4456	Windows directory: C:\Windows
17:24:04.0219 4456	System windows directory: C:\Windows
17:24:04.0219 4456	Running under WOW64
17:24:04.0219 4456	Processor architecture: Intel x64
17:24:04.0219 4456	Number of processors: 4
17:24:04.0219 4456	Page size: 0x1000
17:24:04.0219 4456	Boot type: Normal boot
17:24:04.0219 4456	============================================================
17:24:04.0893 4456	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:04.0900 4456	============================================================
17:24:04.0900 4456	\Device\Harddisk0\DR0:
17:24:04.0900 4456	MBR partitions:
17:24:04.0900 4456	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x18875000
17:24:04.0900 4456	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18875800, BlocksNum 0x21B10000
17:24:04.0900 4456	============================================================
17:24:04.0926 4456	C: <-> \Device\Harddisk0\DR0\Partition0
17:24:04.0957 4456	D: <-> \Device\Harddisk0\DR0\Partition1
17:24:04.0957 4456	============================================================
17:24:04.0957 4456	Initialize success
17:24:04.0957 4456	============================================================
17:24:37.0834 5316	============================================================
17:24:37.0834 5316	Scan started
17:24:37.0834 5316	Mode: Manual; SigCheck; TDLFS; 
17:24:37.0834 5316	============================================================
17:24:38.0389 5316	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:24:38.0555 5316	1394ohci - ok
17:24:38.0624 5316	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:24:38.0671 5316	ACPI - ok
17:24:38.0704 5316	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:24:38.0755 5316	AcpiPmi - ok
17:24:38.0831 5316	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:24:38.0891 5316	adp94xx - ok
17:24:38.0942 5316	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:24:38.0979 5316	adpahci - ok
17:24:39.0001 5316	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:24:39.0017 5316	adpu320 - ok
17:24:39.0048 5316	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:24:39.0110 5316	AeLookupSvc - ok
17:24:39.0208 5316	AFD             (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
17:24:39.0359 5316	AFD - ok
17:24:39.0413 5316	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:24:39.0428 5316	agp440 - ok
17:24:39.0458 5316	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:24:39.0494 5316	ALG - ok
17:24:39.0532 5316	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:24:39.0547 5316	aliide - ok
17:24:39.0597 5316	AMD External Events Utility (3260756e234083bd2bd1709c60b6e6d7) C:\Windows\system32\atiesrxx.exe
17:24:39.0647 5316	AMD External Events Utility - ok
17:24:39.0682 5316	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:24:39.0696 5316	amdide - ok
17:24:39.0737 5316	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:24:39.0779 5316	AmdK8 - ok
17:24:39.0804 5316	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:24:39.0846 5316	AmdPPM - ok
17:24:39.0879 5316	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
17:24:39.0901 5316	amdsata - ok
17:24:39.0932 5316	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:24:39.0958 5316	amdsbs - ok
17:24:39.0966 5316	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
17:24:39.0977 5316	amdxata - ok
17:24:40.0027 5316	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:24:40.0112 5316	AppID - ok
17:24:40.0138 5316	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:24:40.0201 5316	AppIDSvc - ok
17:24:40.0251 5316	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:24:40.0344 5316	Appinfo - ok
17:24:40.0391 5316	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:24:40.0436 5316	AppMgmt - ok
17:24:40.0464 5316	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:24:40.0480 5316	arc - ok
17:24:40.0501 5316	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:24:40.0518 5316	arcsas - ok
17:24:40.0559 5316	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
17:24:40.0587 5316	aswFsBlk - ok
17:24:40.0635 5316	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
17:24:40.0654 5316	aswMonFlt - ok
17:24:40.0665 5316	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
17:24:40.0677 5316	aswRdr - ok
17:24:40.0732 5316	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
17:24:40.0788 5316	aswSnx - ok
17:24:40.0820 5316	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
17:24:40.0854 5316	aswSP - ok
17:24:40.0865 5316	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
17:24:40.0875 5316	aswTdi - ok
17:24:40.0911 5316	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:24:41.0006 5316	AsyncMac - ok
17:24:41.0068 5316	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:24:41.0080 5316	atapi - ok
17:24:41.0227 5316	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
17:24:41.0317 5316	athr - ok
17:24:41.0900 5316	atikmdag        (f3a362b683b6158cc47d7e8e58b7ddc9) C:\Windows\system32\DRIVERS\atikmdag.sys
17:24:42.0142 5316	atikmdag - ok
17:24:42.0338 5316	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:24:42.0489 5316	AudioEndpointBuilder - ok
17:24:42.0495 5316	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:24:42.0545 5316	AudioSrv - ok
17:24:42.0622 5316	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:24:42.0637 5316	avast! Antivirus - ok
17:24:42.0700 5316	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:24:42.0762 5316	AxInstSV - ok
17:24:42.0866 5316	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:24:42.0928 5316	b06bdrv - ok
17:24:42.0977 5316	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:24:43.0019 5316	b57nd60a - ok
17:24:43.0101 5316	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:24:43.0130 5316	BDESVC - ok
17:24:43.0153 5316	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:24:43.0225 5316	Beep - ok
17:24:43.0327 5316	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:24:43.0413 5316	BFE - ok
17:24:43.0498 5316	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:24:43.0615 5316	BITS - ok
17:24:43.0663 5316	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:24:43.0703 5316	blbdrive - ok
17:24:43.0743 5316	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
17:24:43.0828 5316	bowser - ok
17:24:43.0859 5316	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:24:43.0923 5316	BrFiltLo - ok
17:24:43.0951 5316	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:24:43.0985 5316	BrFiltUp - ok
17:24:44.0032 5316	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:24:44.0094 5316	Browser - ok
17:24:44.0123 5316	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:24:44.0169 5316	Brserid - ok
17:24:44.0187 5316	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:24:44.0226 5316	BrSerWdm - ok
17:24:44.0256 5316	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:24:44.0293 5316	BrUsbMdm - ok
17:24:44.0310 5316	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:24:44.0333 5316	BrUsbSer - ok
17:24:44.0382 5316	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:24:44.0433 5316	BthEnum - ok
17:24:44.0465 5316	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:24:44.0487 5316	BTHMODEM - ok
17:24:44.0535 5316	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:24:44.0592 5316	BthPan - ok
17:24:44.0650 5316	BTHPORT         (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
17:24:44.0719 5316	BTHPORT - ok
17:24:44.0765 5316	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:24:44.0854 5316	bthserv - ok
17:24:44.0880 5316	BTHUSB          (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
17:24:44.0914 5316	BTHUSB - ok
17:24:44.0965 5316	btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
17:24:44.0981 5316	btusbflt - ok
17:24:45.0001 5316	btwaudio        (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
17:24:45.0016 5316	btwaudio - ok
17:24:45.0056 5316	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
17:24:45.0070 5316	btwavdt - ok
17:24:45.0219 5316	btwdins         (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:24:45.0280 5316	btwdins - ok
17:24:45.0312 5316	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:24:45.0320 5316	btwl2cap - ok
17:24:45.0329 5316	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
17:24:45.0338 5316	btwrchid - ok
17:24:45.0361 5316	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:24:45.0428 5316	cdfs - ok
17:24:45.0481 5316	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:24:45.0523 5316	cdrom - ok
17:24:45.0575 5316	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:24:45.0644 5316	CertPropSvc - ok
17:24:45.0675 5316	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:24:45.0702 5316	circlass - ok
17:24:45.0756 5316	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:24:45.0791 5316	CLFS - ok
17:24:45.0850 5316	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:24:45.0866 5316	clr_optimization_v2.0.50727_32 - ok
17:24:45.0929 5316	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:24:45.0950 5316	clr_optimization_v2.0.50727_64 - ok
17:24:45.0982 5316	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:24:46.0008 5316	CmBatt - ok
17:24:46.0035 5316	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:24:46.0049 5316	cmdide - ok
17:24:46.0107 5316	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:24:46.0186 5316	CNG - ok
17:24:46.0217 5316	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:24:46.0233 5316	Compbatt - ok
17:24:46.0280 5316	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:24:46.0327 5316	CompositeBus - ok
17:24:46.0342 5316	COMSysApp - ok
17:24:46.0363 5316	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:24:46.0375 5316	crcdisk - ok
17:24:46.0429 5316	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:24:46.0523 5316	CryptSvc - ok
17:24:46.0561 5316	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:24:46.0632 5316	CSC - ok
17:24:46.0714 5316	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:24:46.0789 5316	CscService - ok
17:24:46.0872 5316	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:24:46.0979 5316	DcomLaunch - ok
17:24:47.0017 5316	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:24:47.0087 5316	defragsvc - ok
17:24:47.0157 5316	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:24:47.0240 5316	DfsC - ok
17:24:47.0288 5316	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:24:47.0374 5316	Dhcp - ok
17:24:47.0406 5316	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:24:47.0484 5316	discache - ok
17:24:47.0515 5316	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:24:47.0527 5316	Disk - ok
17:24:47.0573 5316	Dnscache        (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
17:24:47.0651 5316	Dnscache - ok
17:24:47.0684 5316	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:24:47.0756 5316	dot3svc - ok
17:24:47.0819 5316	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:24:47.0853 5316	Dot4 - ok
17:24:47.0887 5316	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:24:47.0920 5316	Dot4Print - ok
17:24:47.0947 5316	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:24:47.0981 5316	dot4usb - ok
17:24:48.0018 5316	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:24:48.0100 5316	DPS - ok
17:24:48.0138 5316	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:24:48.0168 5316	drmkaud - ok
17:24:48.0254 5316	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:24:48.0318 5316	DXGKrnl - ok
17:24:48.0345 5316	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:24:48.0414 5316	EapHost - ok
17:24:48.0678 5316	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:24:48.0809 5316	ebdrv - ok
17:24:48.0918 5316	EFS             (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
17:24:48.0951 5316	EFS - ok
17:24:49.0052 5316	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:24:49.0117 5316	ehRecvr - ok
17:24:49.0152 5316	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:24:49.0173 5316	ehSched - ok
17:24:49.0260 5316	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:24:49.0302 5316	elxstor - ok
17:24:49.0327 5316	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:24:49.0362 5316	ErrDev - ok
17:24:49.0439 5316	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:24:49.0552 5316	EventSystem - ok
17:24:49.0587 5316	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:24:49.0665 5316	exfat - ok
17:24:49.0689 5316	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:24:49.0748 5316	fastfat - ok
17:24:49.0841 5316	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:24:49.0925 5316	Fax - ok
17:24:49.0948 5316	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:24:49.0982 5316	fdc - ok
17:24:50.0023 5316	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:24:50.0096 5316	fdPHost - ok
17:24:50.0115 5316	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:24:50.0177 5316	FDResPub - ok
17:24:50.0196 5316	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:24:50.0208 5316	FileInfo - ok
17:24:50.0219 5316	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:24:50.0281 5316	Filetrace - ok
17:24:50.0303 5316	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:24:50.0320 5316	flpydisk - ok
17:24:50.0366 5316	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:24:50.0402 5316	FltMgr - ok
17:24:50.0513 5316	FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
17:24:50.0628 5316	FontCache - ok
17:24:50.0730 5316	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:24:50.0749 5316	FontCache3.0.0.0 - ok
17:24:50.0805 5316	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:24:50.0824 5316	FsDepends - ok
17:24:50.0854 5316	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:24:50.0867 5316	Fs_Rec - ok
17:24:50.0912 5316	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:24:50.0943 5316	fvevol - ok
17:24:50.0958 5316	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:24:50.0974 5316	gagp30kx - ok
17:24:51.0052 5316	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:24:51.0161 5316	gpsvc - ok
17:24:51.0178 5316	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:24:51.0209 5316	hcw85cir - ok
17:24:51.0279 5316	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:24:51.0330 5316	HdAudAddService - ok
17:24:51.0367 5316	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:24:51.0411 5316	HDAudBus - ok
17:24:51.0444 5316	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:24:51.0455 5316	HECIx64 - ok
17:24:51.0479 5316	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:24:51.0514 5316	HidBatt - ok
17:24:51.0528 5316	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:24:51.0564 5316	HidBth - ok
17:24:51.0585 5316	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:24:51.0618 5316	HidIr - ok
17:24:51.0640 5316	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:24:51.0704 5316	hidserv - ok
17:24:51.0742 5316	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:24:51.0757 5316	HidUsb - ok
17:24:51.0793 5316	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:24:51.0857 5316	hkmsvc - ok
17:24:51.0902 5316	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:24:51.0941 5316	HomeGroupListener - ok
17:24:51.0981 5316	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:24:52.0021 5316	HomeGroupProvider - ok
17:24:52.0153 5316	hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:24:52.0153 5316	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:24:52.0153 5316	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:24:52.0192 5316	hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:24:52.0217 5316	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:24:52.0217 5316	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:24:52.0252 5316	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:24:52.0264 5316	HpSAMD - ok
17:24:52.0365 5316	HPSLPSVC        (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:24:52.0418 5316	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:24:52.0418 5316	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:24:52.0508 5316	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:24:52.0602 5316	HTTP - ok
17:24:52.0649 5316	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:24:52.0661 5316	hwpolicy - ok
17:24:52.0692 5316	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:24:52.0714 5316	i8042prt - ok
17:24:52.0787 5316	iaStor          (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\DRIVERS\iaStor.sys
17:24:52.0814 5316	iaStor - ok
17:24:52.0946 5316	IAStorDataMgrSvc (cc800d2d9fd467542bac7c186c4774ad) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:24:52.0960 5316	IAStorDataMgrSvc - ok
17:24:53.0027 5316	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
17:24:53.0076 5316	iaStorV - ok
17:24:53.0199 5316	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:24:53.0273 5316	idsvc - ok
17:24:53.0297 5316	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:24:53.0310 5316	iirsp - ok
17:24:53.0404 5316	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:24:53.0518 5316	IKEEXT - ok
17:24:53.0754 5316	IntcAzAudAddService (0f144e5f46cb9043004b5e84aa4bca6a) C:\Windows\system32\drivers\RTKVHD64.sys
17:24:53.0854 5316	IntcAzAudAddService - ok
17:24:53.0983 5316	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:24:54.0002 5316	intelide - ok
17:24:54.0046 5316	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:24:54.0087 5316	intelppm - ok
17:24:54.0142 5316	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:24:54.0234 5316	IPBusEnum - ok
17:24:54.0257 5316	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:24:54.0318 5316	IpFilterDriver - ok
17:24:54.0380 5316	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:24:54.0455 5316	iphlpsvc - ok
17:24:54.0480 5316	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:24:54.0506 5316	IPMIDRV - ok
17:24:54.0538 5316	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:24:54.0595 5316	IPNAT - ok
17:24:54.0627 5316	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:24:54.0664 5316	IRENUM - ok
17:24:54.0706 5316	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:24:54.0717 5316	isapnp - ok
17:24:54.0765 5316	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:24:54.0806 5316	iScsiPrt - ok
17:24:54.0844 5316	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:24:54.0857 5316	kbdclass - ok
17:24:54.0898 5316	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:24:54.0932 5316	kbdhid - ok
17:24:54.0960 5316	KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:24:54.0980 5316	KeyIso - ok
17:24:55.0016 5316	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:24:55.0030 5316	KSecDD - ok
17:24:55.0054 5316	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:24:55.0069 5316	KSecPkg - ok
17:24:55.0117 5316	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:24:55.0178 5316	ksthunk - ok
17:24:55.0228 5316	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:24:55.0315 5316	KtmRm - ok
17:24:55.0359 5316	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:24:55.0448 5316	LanmanServer - ok
17:24:55.0476 5316	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:24:55.0558 5316	LanmanWorkstation - ok
17:24:55.0612 5316	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:24:55.0687 5316	lltdio - ok
17:24:55.0725 5316	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:24:55.0812 5316	lltdsvc - ok
17:24:55.0844 5316	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:24:55.0889 5316	lmhosts - ok
17:24:55.0997 5316	LMS             (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:24:56.0026 5316	LMS - ok
17:24:56.0076 5316	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:24:56.0098 5316	LSI_FC - ok
17:24:56.0128 5316	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:24:56.0142 5316	LSI_SAS - ok
17:24:56.0154 5316	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:24:56.0168 5316	LSI_SAS2 - ok
17:24:56.0194 5316	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:24:56.0210 5316	LSI_SCSI - ok
17:24:56.0233 5316	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:24:56.0299 5316	luafv - ok
17:24:56.0328 5316	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:24:56.0364 5316	Mcx2Svc - ok
17:24:56.0389 5316	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:24:56.0401 5316	megasas - ok
17:24:56.0429 5316	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:24:56.0474 5316	MegaSR - ok
17:24:56.0509 5316	Microsoft SharePoint Workspace Audit Service - ok
17:24:56.0566 5316	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:24:56.0643 5316	MMCSS - ok
17:24:56.0674 5316	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:24:56.0754 5316	Modem - ok
17:24:56.0781 5316	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:24:56.0815 5316	monitor - ok
17:24:56.0846 5316	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:24:56.0862 5316	mouclass - ok
17:24:56.0909 5316	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:24:56.0940 5316	mouhid - ok
17:24:56.0971 5316	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:24:56.0987 5316	mountmgr - ok
17:24:57.0018 5316	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:24:57.0038 5316	mpio - ok
17:24:57.0056 5316	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:24:57.0117 5316	mpsdrv - ok
17:24:57.0202 5316	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:24:57.0304 5316	MpsSvc - ok
17:24:57.0329 5316	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:24:57.0363 5316	MRxDAV - ok
17:24:57.0409 5316	mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:24:57.0481 5316	mrxsmb - ok
17:24:57.0537 5316	mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:24:57.0630 5316	mrxsmb10 - ok
17:24:57.0661 5316	mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:24:57.0709 5316	mrxsmb20 - ok
17:24:57.0733 5316	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:24:57.0745 5316	msahci - ok
17:24:57.0786 5316	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:24:57.0802 5316	msdsm - ok
17:24:57.0837 5316	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:24:57.0895 5316	MSDTC - ok
17:24:57.0932 5316	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:24:57.0985 5316	Msfs - ok
17:24:58.0007 5316	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:24:58.0057 5316	mshidkmdf - ok
17:24:58.0072 5316	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:24:58.0088 5316	msisadrv - ok
17:24:58.0119 5316	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:24:58.0211 5316	MSiSCSI - ok
17:24:58.0214 5316	msiserver - ok
17:24:58.0245 5316	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:24:58.0299 5316	MSKSSRV - ok
17:24:58.0319 5316	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:24:58.0381 5316	MSPCLOCK - ok
17:24:58.0401 5316	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:24:58.0465 5316	MSPQM - ok
17:24:58.0502 5316	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:24:58.0539 5316	MsRPC - ok
17:24:58.0572 5316	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:24:58.0583 5316	mssmbios - ok
17:24:58.0629 5316	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:24:58.0701 5316	MSTEE - ok
17:24:58.0720 5316	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:24:58.0744 5316	MTConfig - ok
17:24:58.0775 5316	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:24:58.0798 5316	Mup - ok
17:24:58.0895 5316	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:24:59.0002 5316	napagent - ok
17:24:59.0076 5316	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:24:59.0125 5316	NativeWifiP - ok
17:24:59.0220 5316	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:24:59.0267 5316	NDIS - ok
17:24:59.0314 5316	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:24:59.0361 5316	NdisCap - ok
17:24:59.0392 5316	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:24:59.0448 5316	NdisTapi - ok
17:24:59.0467 5316	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:24:59.0525 5316	Ndisuio - ok
17:24:59.0550 5316	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:24:59.0627 5316	NdisWan - ok
17:24:59.0659 5316	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:24:59.0715 5316	NDProxy - ok
17:24:59.0756 5316	Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
17:24:59.0770 5316	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:24:59.0770 5316	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:24:59.0802 5316	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:24:59.0868 5316	NetBIOS - ok
17:24:59.0919 5316	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:24:59.0993 5316	NetBT - ok
17:25:00.0011 5316	Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:25:00.0026 5316	Netlogon - ok
17:25:00.0097 5316	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:25:00.0198 5316	Netman - ok
17:25:00.0243 5316	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:25:00.0345 5316	netprofm - ok
17:25:00.0446 5316	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:25:00.0462 5316	NetTcpPortSharing - ok
17:25:00.0493 5316	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:25:00.0509 5316	nfrd960 - ok
17:25:00.0571 5316	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:25:00.0680 5316	NlaSvc - ok
17:25:00.0698 5316	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:25:00.0744 5316	Npfs - ok
17:25:00.0766 5316	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:25:00.0828 5316	nsi - ok
17:25:00.0860 5316	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:25:00.0922 5316	nsiproxy - ok
17:25:01.0075 5316	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
17:25:01.0165 5316	Ntfs - ok
17:25:01.0300 5316	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:25:01.0375 5316	Null - ok
17:25:01.0426 5316	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
17:25:01.0442 5316	nvraid - ok
17:25:01.0463 5316	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
17:25:01.0480 5316	nvstor - ok
17:25:01.0527 5316	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:25:01.0544 5316	nv_agp - ok
17:25:01.0560 5316	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:25:01.0589 5316	ohci1394 - ok
17:25:01.0641 5316	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:25:01.0673 5316	ose - ok
17:25:02.0080 5316	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:25:02.0269 5316	osppsvc - ok
17:25:02.0401 5316	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:25:02.0467 5316	p2pimsvc - ok
17:25:02.0515 5316	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:25:02.0562 5316	p2psvc - ok
17:25:02.0615 5316	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:25:02.0641 5316	Parport - ok
17:25:02.0676 5316	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:25:02.0701 5316	partmgr - ok
17:25:02.0737 5316	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:25:02.0774 5316	PcaSvc - ok
17:25:02.0821 5316	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:25:02.0852 5316	pci - ok
17:25:02.0867 5316	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:25:02.0883 5316	pciide - ok
17:25:02.0914 5316	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:25:02.0930 5316	pcmcia - ok
17:25:02.0945 5316	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:25:02.0975 5316	pcw - ok
17:25:03.0035 5316	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:25:03.0116 5316	PEAUTH - ok
17:25:03.0238 5316	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:25:03.0340 5316	PeerDistSvc - ok
17:25:03.0425 5316	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:25:03.0458 5316	PerfHost - ok
17:25:03.0681 5316	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:25:03.0857 5316	pla - ok
17:25:03.0922 5316	PlugPlay        (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
17:25:04.0031 5316	PlugPlay - ok
17:25:04.0093 5316	Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
17:25:04.0125 5316	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:25:04.0125 5316	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:25:04.0156 5316	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:25:04.0202 5316	PNRPAutoReg - ok
17:25:04.0237 5316	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:25:04.0265 5316	PNRPsvc - ok
17:25:04.0333 5316	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:25:04.0437 5316	PolicyAgent - ok
17:25:04.0470 5316	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:25:04.0539 5316	Power - ok
17:25:04.0621 5316	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:25:04.0689 5316	PptpMiniport - ok
17:25:04.0714 5316	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:25:04.0737 5316	Processor - ok
17:25:04.0794 5316	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:25:04.0886 5316	ProfSvc - ok
17:25:04.0908 5316	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:25:04.0923 5316	ProtectedStorage - ok
17:25:04.0964 5316	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:25:05.0020 5316	Psched - ok
17:25:05.0118 5316	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:25:05.0181 5316	ql2300 - ok
17:25:05.0320 5316	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:25:05.0345 5316	ql40xx - ok
17:25:05.0384 5316	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:25:05.0428 5316	QWAVE - ok
17:25:05.0443 5316	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:25:05.0474 5316	QWAVEdrv - ok
17:25:05.0492 5316	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:25:05.0560 5316	RasAcd - ok
17:25:05.0600 5316	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:25:05.0645 5316	RasAgileVpn - ok
17:25:05.0670 5316	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:25:05.0719 5316	RasAuto - ok
17:25:05.0757 5316	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:25:05.0815 5316	Rasl2tp - ok
17:25:05.0849 5316	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:25:05.0923 5316	RasMan - ok
17:25:05.0948 5316	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:25:06.0005 5316	RasPppoe - ok
17:25:06.0024 5316	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:25:06.0078 5316	RasSstp - ok
17:25:06.0122 5316	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:25:06.0228 5316	rdbss - ok
17:25:06.0247 5316	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:25:06.0272 5316	rdpbus - ok
17:25:06.0292 5316	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:25:06.0354 5316	RDPCDD - ok
17:25:06.0370 5316	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:25:06.0385 5316	RDPDR - ok
17:25:06.0432 5316	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:25:06.0498 5316	RDPENCDD - ok
17:25:06.0518 5316	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:25:06.0561 5316	RDPREFMP - ok
17:25:06.0597 5316	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:25:06.0621 5316	RdpVideoMiniport - ok
17:25:06.0654 5316	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:25:06.0713 5316	RDPWD - ok
17:25:06.0775 5316	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:25:06.0818 5316	rdyboost - ok
17:25:06.0851 5316	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:25:06.0919 5316	RemoteAccess - ok
17:25:06.0960 5316	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:25:07.0029 5316	RemoteRegistry - ok
17:25:07.0073 5316	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:25:07.0102 5316	RFCOMM - ok
17:25:07.0132 5316	rimspci         (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\DRIVERS\rimssne64.sys
17:25:07.0157 5316	rimspci - ok
17:25:07.0203 5316	risdsnpe        (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\DRIVERS\risdsne64.sys
17:25:07.0227 5316	risdsnpe - ok
17:25:07.0265 5316	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:25:07.0333 5316	RpcEptMapper - ok
17:25:07.0357 5316	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:25:07.0385 5316	RpcLocator - ok
17:25:07.0449 5316	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:25:07.0514 5316	RpcSs - ok
17:25:07.0569 5316	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:25:07.0630 5316	rspndr - ok
17:25:07.0682 5316	RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
17:25:07.0703 5316	RTHDMIAzAudService - ok
17:25:07.0728 5316	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:25:07.0768 5316	s3cap - ok
17:25:07.0793 5316	SamSs           (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:25:07.0812 5316	SamSs - ok
17:25:07.0834 5316	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:25:07.0850 5316	sbp2port - ok
17:25:07.0881 5316	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:25:07.0941 5316	SCardSvr - ok
17:25:07.0972 5316	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:25:08.0015 5316	scfilter - ok
17:25:08.0112 5316	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:25:08.0227 5316	Schedule - ok
17:25:08.0258 5316	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:25:08.0303 5316	SCPolicySvc - ok
17:25:08.0331 5316	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:25:08.0365 5316	sdbus - ok
17:25:08.0406 5316	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:25:08.0447 5316	SDRSVC - ok
17:25:08.0486 5316	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:25:08.0548 5316	secdrv - ok
17:25:08.0565 5316	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:25:08.0639 5316	seclogon - ok
17:25:08.0665 5316	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:25:08.0727 5316	SENS - ok
17:25:08.0746 5316	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:25:08.0777 5316	SensrSvc - ok
17:25:08.0812 5316	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:25:08.0846 5316	Serenum - ok
17:25:08.0872 5316	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:25:08.0901 5316	Serial - ok
17:25:08.0941 5316	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:25:08.0963 5316	sermouse - ok
17:25:09.0004 5316	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:25:09.0085 5316	SessionEnv - ok
17:25:09.0131 5316	SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
17:25:09.0164 5316	SFEP - ok
17:25:09.0197 5316	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:25:09.0241 5316	sffdisk - ok
17:25:09.0247 5316	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:25:09.0271 5316	sffp_mmc - ok
17:25:09.0276 5316	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:25:09.0304 5316	sffp_sd - ok
17:25:09.0330 5316	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:25:09.0361 5316	sfloppy - ok
17:25:09.0416 5316	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:25:09.0528 5316	SharedAccess - ok
17:25:09.0586 5316	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:25:09.0675 5316	ShellHWDetection - ok
17:25:09.0693 5316	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:25:09.0704 5316	SiSRaid2 - ok
17:25:09.0736 5316	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:25:09.0748 5316	SiSRaid4 - ok
17:25:09.0784 5316	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:25:09.0835 5316	Smb - ok
17:25:09.0874 5316	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:25:09.0909 5316	SNMPTRAP - ok
17:25:09.0937 5316	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:25:09.0950 5316	spldr - ok
17:25:10.0010 5316	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:25:10.0095 5316	Spooler - ok
17:25:10.0378 5316	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:25:10.0557 5316	sppsvc - ok
17:25:10.0665 5316	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:25:10.0764 5316	sppuinotify - ok
17:25:10.0859 5316	srv             (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
17:25:10.0951 5316	srv - ok
17:25:11.0005 5316	srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
17:25:11.0077 5316	srv2 - ok
17:25:11.0112 5316	srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
17:25:11.0167 5316	srvnet - ok
17:25:11.0214 5316	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:25:11.0277 5316	SSDPSRV - ok
17:25:11.0291 5316	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:25:11.0339 5316	SstpSvc - ok
17:25:11.0356 5316	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:25:11.0367 5316	stexstor - ok
17:25:11.0449 5316	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:25:11.0529 5316	stisvc - ok
17:25:11.0561 5316	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:25:11.0577 5316	storflt - ok
17:25:11.0592 5316	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:25:11.0604 5316	storvsc - ok
17:25:11.0636 5316	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:25:11.0648 5316	swenum - ok
17:25:11.0702 5316	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:25:11.0789 5316	swprv - ok
17:25:11.0805 5316	Synth3dVsc - ok
17:25:11.0871 5316	SynTP           (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\DRIVERS\SynTP.sys
17:25:11.0905 5316	SynTP - ok
17:25:12.0061 5316	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:25:12.0167 5316	SysMain - ok
17:25:12.0300 5316	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:25:12.0362 5316	TabletInputService - ok
17:25:12.0414 5316	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:25:12.0510 5316	TapiSrv - ok
17:25:12.0543 5316	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:25:12.0601 5316	TBS - ok
17:25:12.0796 5316	Tcpip           (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
17:25:12.0899 5316	Tcpip - ok
17:25:13.0123 5316	TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
17:25:13.0167 5316	TCPIP6 - ok
17:25:13.0254 5316	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:25:13.0319 5316	tcpipreg - ok
17:25:13.0350 5316	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:25:13.0403 5316	TDPIPE - ok
17:25:13.0420 5316	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:25:13.0471 5316	TDTCP - ok
17:25:13.0520 5316	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:25:13.0571 5316	tdx - ok
17:25:13.0600 5316	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:25:13.0612 5316	TermDD - ok
17:25:13.0672 5316	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:25:13.0744 5316	TermService - ok
17:25:13.0772 5316	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:25:13.0806 5316	Themes - ok
17:25:13.0843 5316	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:25:13.0886 5316	THREADORDER - ok
17:25:13.0913 5316	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:25:13.0978 5316	TrkWks - ok
17:25:14.0033 5316	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:25:14.0127 5316	TrustedInstaller - ok
17:25:14.0155 5316	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:25:14.0212 5316	tssecsrv - ok
17:25:14.0249 5316	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:25:14.0274 5316	TsUsbFlt - ok
17:25:14.0296 5316	tsusbhub - ok
17:25:14.0341 5316	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:25:14.0415 5316	tunnel - ok
17:25:14.0445 5316	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:25:14.0457 5316	uagp35 - ok
17:25:14.0495 5316	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:25:14.0592 5316	udfs - ok
17:25:14.0622 5316	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:25:14.0640 5316	UI0Detect - ok
17:25:14.0679 5316	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:25:14.0704 5316	uliagpkx - ok
17:25:14.0755 5316	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:25:14.0794 5316	umbus - ok
17:25:14.0829 5316	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:25:14.0865 5316	UmPass - ok
17:25:14.0911 5316	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:25:14.0950 5316	UmRdpService - ok
17:25:14.0995 5316	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:25:15.0093 5316	upnphost - ok
17:25:15.0142 5316	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
17:25:15.0160 5316	usbccgp - ok
17:25:15.0211 5316	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:25:15.0235 5316	usbcir - ok
17:25:15.0279 5316	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
17:25:15.0320 5316	usbehci - ok
17:25:15.0375 5316	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
17:25:15.0433 5316	usbhub - ok
17:25:15.0452 5316	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:25:15.0471 5316	usbohci - ok
17:25:15.0493 5316	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:25:15.0524 5316	usbprint - ok
17:25:15.0552 5316	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:25:15.0586 5316	usbscan - ok
17:25:15.0615 5316	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:25:15.0648 5316	USBSTOR - ok
17:25:15.0684 5316	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:25:15.0717 5316	usbuhci - ok
17:25:15.0751 5316	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:25:15.0770 5316	usbvideo - ok
17:25:15.0801 5316	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:25:15.0864 5316	UxSms - ok
17:25:15.0997 5316	VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
17:25:16.0025 5316	VAIO Event Service - ok
17:25:16.0146 5316	VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
17:25:16.0194 5316	VAIO Power Management - ok
17:25:16.0234 5316	VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:25:16.0251 5316	VaultSvc - ok
17:25:16.0291 5316	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:25:16.0304 5316	vdrvroot - ok
17:25:16.0367 5316	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:25:16.0469 5316	vds - ok
17:25:16.0510 5316	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:25:16.0542 5316	vga - ok
17:25:16.0552 5316	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:25:16.0617 5316	VgaSave - ok
17:25:16.0620 5316	VGPU - ok
17:25:16.0660 5316	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:25:16.0676 5316	vhdmp - ok
17:25:16.0714 5316	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:25:16.0725 5316	viaide - ok
17:25:16.0764 5316	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:25:16.0779 5316	vmbus - ok
17:25:16.0792 5316	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:25:16.0805 5316	VMBusHID - ok
17:25:16.0815 5316	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:25:16.0827 5316	volmgr - ok
17:25:16.0873 5316	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:25:16.0909 5316	volmgrx - ok
17:25:16.0950 5316	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:25:16.0981 5316	volsnap - ok
17:25:17.0043 5316	vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
17:25:17.0090 5316	vpcbus - ok
17:25:17.0154 5316	vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
17:25:17.0195 5316	vpcusb - ok
17:25:17.0248 5316	vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
17:25:17.0278 5316	vpcvmm - ok
17:25:17.0318 5316	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:25:17.0352 5316	vsmraid - ok
17:25:17.0495 5316	VSNService      (33655f6b36aa8702960ab1568ed82a01) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
17:25:17.0566 5316	VSNService ( UnsignedFile.Multi.Generic ) - warning
17:25:17.0566 5316	VSNService - detected UnsignedFile.Multi.Generic (1)
17:25:17.0713 5316	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:25:17.0869 5316	VSS - ok
17:25:18.0058 5316	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:25:18.0103 5316	vwifibus - ok
17:25:18.0136 5316	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:25:18.0176 5316	vwififlt - ok
17:25:18.0238 5316	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:25:18.0316 5316	W32Time - ok
17:25:18.0347 5316	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:25:18.0361 5316	WacomPen - ok
17:25:18.0412 5316	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:25:18.0491 5316	WANARP - ok
17:25:18.0494 5316	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:25:18.0535 5316	Wanarpv6 - ok
17:25:18.0690 5316	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:25:18.0776 5316	wbengine - ok
17:25:18.0887 5316	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:25:18.0941 5316	WbioSrvc - ok
17:25:18.0989 5316	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:25:19.0049 5316	wcncsvc - ok
17:25:19.0065 5316	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:25:19.0083 5316	WcsPlugInService - ok
17:25:19.0136 5316	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:25:19.0147 5316	Wd - ok
17:25:19.0194 5316	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:25:19.0236 5316	Wdf01000 - ok
17:25:19.0261 5316	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:25:19.0297 5316	WdiServiceHost - ok
17:25:19.0300 5316	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:25:19.0323 5316	WdiSystemHost - ok
17:25:19.0355 5316	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:25:19.0417 5316	WebClient - ok
17:25:19.0464 5316	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:25:19.0566 5316	Wecsvc - ok
17:25:19.0584 5316	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:25:19.0640 5316	wercplsupport - ok
17:25:19.0669 5316	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:25:19.0719 5316	WerSvc - ok
17:25:19.0778 5316	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:25:19.0821 5316	WfpLwf - ok
17:25:19.0834 5316	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:25:19.0845 5316	WIMMount - ok
17:25:19.0876 5316	WinDefend - ok
17:25:19.0883 5316	WinHttpAutoProxySvc - ok
17:25:19.0947 5316	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:25:20.0015 5316	Winmgmt - ok
17:25:20.0132 5316	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:25:20.0239 5316	WinRM - ok
17:25:20.0411 5316	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:25:20.0489 5316	Wlansvc - ok
17:25:20.0550 5316	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:25:20.0581 5316	WmiAcpi - ok
17:25:20.0643 5316	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:25:20.0706 5316	wmiApSrv - ok
17:25:20.0758 5316	WMPNetworkSvc - ok
17:25:20.0791 5316	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:25:20.0816 5316	WPCSvc - ok
17:25:20.0845 5316	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:25:20.0878 5316	WPDBusEnum - ok
17:25:20.0905 5316	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:25:20.0953 5316	ws2ifsl - ok
17:25:20.0973 5316	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:25:21.0004 5316	wscsvc - ok
17:25:21.0007 5316	WSearch - ok
17:25:21.0200 5316	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:25:21.0357 5316	wuauserv - ok
17:25:21.0494 5316	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:25:21.0569 5316	WudfPf - ok
17:25:21.0599 5316	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:25:21.0655 5316	WUDFRd - ok
17:25:21.0677 5316	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:25:21.0725 5316	wudfsvc - ok
17:25:21.0760 5316	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:25:21.0817 5316	WwanSvc - ok
17:25:21.0887 5316	yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
17:25:21.0948 5316	yukonw7 - ok
17:25:21.0985 5316	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:25:22.0232 5316	\Device\Harddisk0\DR0 - ok
17:25:22.0237 5316	Boot (0x1200)   (d35c5c6bd32c23fd7a6aaff937178346) \Device\Harddisk0\DR0\Partition0
17:25:22.0239 5316	\Device\Harddisk0\DR0\Partition0 - ok
17:25:22.0266 5316	Boot (0x1200)   (f239643afae2e1dec4446921ba65e4d2) \Device\Harddisk0\DR0\Partition1
17:25:22.0268 5316	\Device\Harddisk0\DR0\Partition1 - ok
17:25:22.0269 5316	============================================================
17:25:22.0269 5316	Scan finished
17:25:22.0269 5316	============================================================
17:25:22.0288 5904	Detected object count: 6
17:25:22.0288 5904	Actual detected object count: 6
17:25:54.0053 5904	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:25:54.0054 5904	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:25:54.0054 5904	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:25:54.0054 5904	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:25:54.0056 5904	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:25:54.0056 5904	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:25:54.0058 5904	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:25:54.0058 5904	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:25:54.0060 5904	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:25:54.0060 5904	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:25:54.0062 5904	VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
17:25:54.0062 5904	VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

EDIT: habe soeben auf der Partition D meiner Festplatte, auf der ich Dateien etc aufbewahre, nun zwei neue Ordner gefunden. Und zwar $RECYCLE.BIN und System Volume Information. Ihr Erscheinen hängt wohl mit dem Ausführen einer der vorherigen Programme zusammen, nehmen ich an.

cosinus · 08.05.2012, 18:08

Ist auch unauffällig. Wenn da überhaupt ein Schädling im Spiel war, wurde er wohl rechtzeitig vom Virenscanner schon aufgehalten

Zitat:

nun zwei neue Ordner gefunden. Und zwar $RECYCLE.BIN und System Volume Information.

Das sind keine neuen Ordner - die waren schon immer da und werden dir jetzt nur angezeigt

elleas · 08.05.2012, 18:39

Okay, vielen Dank für die schnelle und kompetente Hilfe.

Eine Frage noch. Habe mir in den letzten zwei Monaten zweimal drive-by Infektionen zugezogen, wodurch ich mein System zweimal neu aufsetzen musste. Bzw lassen musste, da ich es selbst einmal versucht habe und gescheitert war.
Habe von etwas genannt 'Sandbox' gehört. Wäre dies für mich empfehlenswert? (Ich muss beruflich viel im Internet recherchieren und suchen).
Ich habe gesehen, dass es dazu in diesem Forum auch Tutorials gibt, sollte ich mir dieses also zulegen?

Für den ganzen Rest nochmal vielen Dank!

cosinus · 11.05.2012, 08:11

Zu Sandboxie gibt es da einen Artikel => http://www.trojaner-board.de/71542-a...sandboxie.html

Mit der Sandbox allein ist es aber nicht getan
Halte Dich am besten grob an diese Regeln:

Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
Führe regelmäßig Backups auf externe Medien durch
Arbeite mit eingeschränkten Rechten
Nutze sicherere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen
automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File
Finger weg von: TuneUp, Registry-Cleanern aller Art, Softonic sowie illegalen Cracks/Keygens oder anderen "Tools" um ein kommerzielles Programm ohne Lizenz nutzen zu können
dubiose Seiten bzw. Kinofilm-Streaming-Portale ebenfalls sein lassen, erstens handelt man sich dort schnell Malware ein oder kann in Abofallen geraten und zweitens bewegen sich diese Seiten in einer rechtlichen Grauzone.

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

elleas · 11.05.2012, 10:06

Okay, danke.
Die meisten der vorgeschlagenen Maßnahmen halte ich generell schon ein (zB keine Streaming sites besuchen, keine unbekannten emails öffnen oder irgendwelche unteup programme nutzen). Hatte es dennoch geschafft mir vor den BKA Trojaner einzufangen und das System neu aufsetzen müssen. Versuche daher nur alles zu tun, dass diese Gefahr minimiert wird.

Also, vielen Dank für deine Hilfe! Sind nun ja augenscheinlich mit meinem Problem durch.
Danke nochmals.

Grüße

07.05.2012, 11:44	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	JS:Redirector-OM[Trj] Seite Blockiert Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ __________________

08.05.2012, 10:44	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	JS:Redirector-OM[Trj] Seite Blockiert Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> JS:Redirector-OM[Trj] Seite Blockiert

JS:Redirector-OM[Trj] Seite Blockiert

Plagegeister aller Art und deren Bekämpfung: JS:Redirector-OM[Trj] Seite Blockiert