Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira meldet Fund von EXP/2012-4681.AD

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.10.2012, 14:28   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Probier es bitte im abgesicherten Modus mit Netzwerktreibern aus
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.10.2012, 08:47   #17
DrPitbull
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Hallo Cosinus,

leider ergibt sich im abgesicherten Modus das selbe Ergebnis.

Mfg
__________________


Alt 17.10.2012, 11:08   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



du fügst 1:1 diesen Text bei OTL ein?!

Zitat:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________
__________________

Alt 18.10.2012, 08:08   #19
DrPitbull
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Hallo cosinus,

ja, habe es nochmals getestet.

Ich starte Otl.EXE als Administrator
Klicken an Scanne alle Benutzer
Kopiere den Text in das Feld unten von OTL und Scanne

Bei Getting Folder Structure kommt es dann zu dem Out of Memory Fehler.

Mfg

Alt 18.10.2012, 12:14   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Dann mach ein neues Log bitte so

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.10.2012, 21:59   #21
DrPitbull
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Hallo Cosinus,

wie gewünscht:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.10.2012 17:24:09 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gudrun\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 69,05% Memory free
5,93 Gb Paging File | 4,93 Gb Available in Paging File | 83,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 380,76 Gb Total Space | 175,95 Gb Free Space | 46,21% Space Free | Partition Type: NTFS
Drive D: | 72,00 Gb Total Space | 56,83 Gb Free Space | 78,93% Space Free | Partition Type: NTFS
 
Computer Name: GUDRUN-PC | User Name: Gudrun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gudrun\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Users\Gudrun\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater12.2.6) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 02:28:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 02:28:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 02:28:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 02:28:33 | 000,000,000 | ---D | M]
 
[2011.01.08 03:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Extensions
[2012.10.17 15:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions
[2011.03.04 22:14:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.19 16:24:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.17 15:50:04 | 000,395,926 | ---- | M] () (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\firefox\profiles\2bkmojau.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2012.10.12 02:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.12 02:28:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.12 02:28:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.12 02:28:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.12 02:28:37 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000..\Run: [Akamai NetSession Interface] C:\Users\Gudrun\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gudrun\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gudrun\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D096CB6-6E80-4267-8CDB-31064E4F6412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6126C79-D0CD-4382-80DC-95F092E57F9E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.18 17:22:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gudrun\Desktop\OTL(1).exe
[2012.10.12 19:58:40 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\Desktop\Hochzeitswalzer
[2012.10.12 07:10:16 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\Desktop\Jazz For Weddings (Jazz Club)
[2012.10.12 02:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.11 23:31:19 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\Desktop\The 99 Most Essential Pieces of Classical Music
[2012.10.11 23:31:18 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\Documents\Amazon MP3
[2012.10.11 23:31:18 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\AppData\Roaming\Amazon
[2012.10.11 23:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.10.11 23:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012.10.10 08:08:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 08:07:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.10 08:07:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.10 08:07:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 08:07:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 08:07:29 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 08:07:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.07 23:12:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.10.06 14:00:20 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\AppData\Roaming\Malwarebytes
[2012.10.06 13:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 13:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 13:59:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.06 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.26 16:45:01 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.09.21 23:14:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.21 23:13:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.21 23:13:58 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.21 23:13:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.21 23:13:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.21 23:13:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.21 23:13:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.21 23:13:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.18 17:23:57 | 000,010,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 17:23:57 | 000,010,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 17:22:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gudrun\Desktop\OTL(1).exe
[2012.10.18 17:16:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.18 17:16:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.18 17:16:18 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 21:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.17 21:36:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.13 23:13:20 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.13 23:13:20 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.13 23:13:20 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.13 23:13:20 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 21:52:07 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.08 21:52:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.07 23:12:24 | 583,044,766 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.07 09:42:16 | 000,302,592 | ---- | M] () -- C:\Users\Gudrun\Desktop\hwkj8rvb.exe
[2012.10.07 08:38:58 | 000,000,000 | ---- | M] () -- C:\Users\Gudrun\defogger_reenable
[2012.10.07 08:31:17 | 000,050,477 | ---- | M] () -- C:\Users\Gudrun\Desktop\Defogger.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.07 23:12:24 | 583,044,766 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.07 09:42:16 | 000,302,592 | ---- | C] () -- C:\Users\Gudrun\Desktop\hwkj8rvb.exe
[2012.10.07 08:38:58 | 000,000,000 | ---- | C] () -- C:\Users\Gudrun\defogger_reenable
[2012.10.07 08:31:17 | 000,050,477 | ---- | C] () -- C:\Users\Gudrun\Desktop\Defogger.exe
[2012.07.15 22:04:02 | 000,004,593 | ---- | C] () -- C:\Users\Gudrun\.recently-used.xbel
[2012.03.26 19:52:55 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.03.26 19:52:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.03.13 01:17:03 | 000,000,045 | ---- | C] () -- C:\Users\Gudrun\.gtk-bookmarks
[2011.01.28 13:32:38 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Nun noch Otl Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.10.2012 17:24:09 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gudrun\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 69,05% Memory free
5,93 Gb Paging File | 4,93 Gb Available in Paging File | 83,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 380,76 Gb Total Space | 175,95 Gb Free Space | 46,21% Space Free | Partition Type: NTFS
Drive D: | 72,00 Gb Total Space | 56,83 Gb Free Space | 78,93% Space Free | Partition Type: NTFS
 
Computer Name: GUDRUN-PC | User Name: Gudrun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2694796141-4042297030-3838815509-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C064B0D-9D1F-4B85-A094-9323E04D95EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0C9DBD19-8946-46F3-9C8C-B0EA3FE8CEB6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{263B87A1-A627-4525-A4E8-5C5602845184}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2DED2B15-0481-4A88-ABD9-97889DBFE5BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3B82D07A-FCC1-4489-B165-A2CC586EAC9F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4580847C-6638-40B3-99E8-7C7FD7C01D0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{496F2B59-B2FF-46A7-8456-FA38D6E031DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{557A62A3-989D-4E9D-9FA4-0D966482BCFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56CB739A-7E7A-4805-8898-BD72C11D47F4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{57017312-5674-4505-AC73-2A5949E2DCE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5912CDC7-095A-4196-BB45-F0856AD1A3A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{607B0DC7-6423-4BEF-A8CC-68849F47A1A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{68B3969D-9229-4F98-A678-86B9049CADC6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8660DB8F-B8C3-4282-A3AA-49797CD14578}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8F1A0FF1-AE70-4158-95B2-A3758C9F353D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{98CA0AD6-18D1-4716-90BE-21360EEDA616}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9A24E270-91BB-433D-B45E-41DE60FC1AED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CAF2BB4D-E8E5-47FF-A2B0-2134D60C7059}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D28E7239-7023-4E3D-B5C4-C8F6A9CEB5D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DE5D9009-8B61-41D1-B99F-54353EA79A4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E110AC28-538A-4E20-9929-242C220B7FDC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EBC49B9B-8B0B-491A-AF00-1C3C02AA5ACC}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062D7574-8413-4C40-8803-424EEF5A0B7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BE4555D-F432-417F-B0A7-AB6D0EDBA3AC}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds ii\twoworlds2.exe | 
"{213E6FE1-4F3A-4586-9FB0-1F8DA0A7A72E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{227210BE-5D8E-4B9D-AFF6-058D57C5B68C}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | 
"{24207019-2E39-4F25-93B0-5DCB6DDB23B0}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds ii\twoworlds2.exe | 
"{2A844571-AC5A-48D4-9282-175058A34EEC}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{33F4CA3E-0AE8-4EB7-AFD6-CBDC93F3EDE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{35B4114C-F4D3-4E18-8EB1-46259B94D0DE}" = protocol=6 | dir=in | app=c:\users\gudrun\appdata\local\akamai\netsession_win.exe | 
"{3757DEEF-5B35-425B-BFAE-BC08F590FE26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3CB17FCE-1D2C-4F98-856E-3202ED1FBD81}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{479B9B14-9D45-4470-9C94-AE2DC7CAC907}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | 
"{4C79328E-AE86-403A-B715-392EAE773A1F}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{4E0FB7DA-2838-4359-820A-49A4377ED47C}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | 
"{500B896F-AE1E-4DD6-B723-812C3EA01019}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{517F2F53-B9CF-4E76-92A0-E482BC332AF7}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{5538596A-9730-49F4-BBC2-7FF6C38B8337}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | 
"{61C704CB-C484-4E99-98FE-C94D9209C554}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{679BA5B2-6E17-4438-967B-2C81517A2F65}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{6904D9DC-7615-4E49-9FC1-8FF23C57C447}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{69D8E22C-698B-4CA3-B820-B77BE546BF52}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"{7201C70E-F1FC-44D3-B612-CFAF143D1920}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{757EC3D5-18FC-4D36-A31B-23C84E0AA215}" = protocol=6 | dir=out | app=system | 
"{794E0848-0E01-4D81-8C6D-CD84082269C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7D7647EC-9778-4EA3-92F4-DD433DF02D1A}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{804C61D2-D79F-443E-9C2A-0F37659B5D76}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | 
"{875EA354-2B6E-4612-9D12-216CF7204B07}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe | 
"{909DCDF2-7AC2-490E-8400-A2FCC0FCD94E}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{96E912C4-0830-46BF-A792-46B9A5B3374C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9CF5A0E5-85D7-4237-8AB8-9C3CCF17C392}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe | 
"{9D544A07-C55A-46A7-9886-C0D76A050B9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A11ED015-B9A2-46C1-A9E0-862DCA011353}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"{AFA1D72B-35CA-46D6-85E7-265110A8B362}" = protocol=17 | dir=in | app=c:\users\gudrun\appdata\local\akamai\netsession_win.exe | 
"{B0D52236-2B8D-493F-A526-F979776BE298}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B1478444-5D61-4CEB-BF9E-39FFE565AB2C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{B630271E-C2D3-49AD-BA35-2B8CC1984C4C}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{B6B98B8A-D794-4D1F-AA88-7E161542A6B8}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe | 
"{BB1E7611-8CE0-4D84-8DAF-C4CA0B88BE0F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{C2719DA6-76F2-4216-B154-81D4E76EDCAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C63BF64E-D81B-4C8D-96D8-3E88F333EBF9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{C8C228A9-B6E2-4389-A2FD-27A0FE519EB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB3EBDF7-D36D-46FB-A0BA-5CF547B6F369}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB46DDDB-8BE8-469C-B084-540765DC2B95}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CCF81B87-1DC1-42BF-B60B-75966AE7680B}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{D0ED510F-51AE-4D0F-A7B1-1B09358ED12A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA2F0E2B-25BC-429F-89FE-6BAC6218E5B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF07A6D7-B2F6-40BE-AE50-1EB744EFC974}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe | 
"{E871081A-F5ED-4587-8A0A-8AF5D14DF472}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | 
"{EE03C361-F75B-4762-8877-AE0F2F684BE7}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{FE447DD4-1816-4A65-8415-AACDCE415F93}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"TCP Query User{2D5DBC0C-7A06-4C2D-83FE-A45E20242E5B}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe | 
"TCP Query User{306DEF67-80D6-44AD-B11A-59E02BB952C1}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{44559E22-FB79-45F8-A693-4C408F269208}C:\users\gudrun\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gudrun\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{8D8E4D20-9786-4E27-8C81-26DE69FF6223}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{95E44999-CCF7-4A38-B1AD-FC5DA00EE568}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{A770FC8C-29E7-491C-8DBB-851B51CC0E21}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{B2BF5BC9-5917-46D4-8243-B524CCB404D3}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"TCP Query User{B91126D9-1CF6-4DB5-A1EA-7B92C6ED15EB}C:\users\gudrun\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\gudrun\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{FBC70CA4-B879-46C4-9140-F97CB7F711E6}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{361B7F9F-7975-4878-BF0B-72AB7DBD9481}C:\users\gudrun\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\gudrun\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{393A4FF2-482F-4C1D-BC5D-2AEE31668DDB}C:\users\gudrun\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gudrun\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{40019207-BCD4-4771-B17B-C22D3A2DD849}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{52A13E4F-C322-4DC7-9EE5-3C13AA5058C1}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{6CC2498C-3E85-4916-91EA-B5502D792F5A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{920446AF-C447-4060-838A-57DAB4BBDFD1}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe | 
"UDP Query User{A3FE4096-8156-45D5-90D9-8F2EB3E64B17}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"UDP Query User{AC031832-24D9-41D7-A409-8BFCB36C2FAF}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{DF00FE72-0E46-4C51-AD59-E4C56682BE20}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{33C730FE-A1EC-46EA-82ED-C79C639D4F92}_is1" = SolarDemo V0.93
"{3B10321A-80CC-4B55-B9A1-A1D69F74A052}" = DruckStudio Karten
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56F53F3E-E2D5-4AB7-A2C5-2A51EE3FB2E8}" = Danfoss20120515
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{765AB753-AFC9-4352-A56F-363EB06B2601}" = Danfoss20120515
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{ED2FC50F-C1A5-40DA-B6A7-A787F7323E86}" = DanBasic V
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Drakensang_is1" = Drakensang
"easy-AZA Version 12.03_is1" = easy-AZA Version 12.03 (06.07.2012)
"easy-AZK Version 12.02_is1" = easy-AZK Version 12.02 (11.05.2012)
"Free Studio_is1" = Free Studio version 5.6.1.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"freeocr_is1" = FreeOCR v4.2
"GIMP-2_is1" = GIMP 2.8.0
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"KaloMa_is1" = KaloMa 4.77
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"StarCraft II" = StarCraft II
"Two Worlds II" = Two Worlds II
"Update Engine" = Sony Ericsson Update Engine
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR
"Workrave_is1" = Workrave 1.9.4
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2694796141-4042297030-3838815509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.02.2012 22:17:30 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 29.02.2012 23:17:12 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 29.02.2012 23:17:17 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 29.02.2012 23:17:24 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 29.02.2012 23:17:30 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 01.03.2012 11:48:42 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 02.03.2012 13:35:14 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 03.03.2012 09:00:01 | Computer Name = GUDRUN-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x71e861bc]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 03.03.2012 09:57:17 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 04.03.2012 17:12:20 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
[ System Events ]
Error - 17.10.2012 16:28:40 | Computer Name = GUDRUN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.10.2012 16:28:41 | Computer Name = GUDRUN-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.10.2012 16:28:43 | Computer Name = GUDRUN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.10.2012 16:28:43 | Computer Name = GUDRUN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.10.2012 16:28:43 | Computer Name = GUDRUN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.10.2012 16:28:43 | Computer Name = GUDRUN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.10.2012 16:28:45 | Computer Name = GUDRUN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.10.2012 16:28:45 | Computer Name = GUDRUN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.10.2012 11:16:27 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.10.2012 11:16:27 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---


Mfg

Alt 19.10.2012, 09:45   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Das Log ist unauffällig.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.10.2012, 20:36   #23
DrPitbull
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Hallo Cosinus,

hier wie gewünscht der Log (1 Fund):

Code:
ATTFilter
21:27:31.0901 3584  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:27:32.0167 3584  ============================================================
21:27:32.0167 3584  Current date / time: 2012/10/19 21:27:32.0167
21:27:32.0167 3584  SystemInfo:
21:27:32.0167 3584  
21:27:32.0167 3584  OS Version: 6.1.7601 ServicePack: 1.0
21:27:32.0167 3584  Product type: Workstation
21:27:32.0168 3584  ComputerName: GUDRUN-PC
21:27:32.0168 3584  UserName: Gudrun
21:27:32.0168 3584  Windows directory: C:\Windows
21:27:32.0168 3584  System windows directory: C:\Windows
21:27:32.0168 3584  Processor architecture: Intel x86
21:27:32.0168 3584  Number of processors: 2
21:27:32.0168 3584  Page size: 0x1000
21:27:32.0168 3584  Boot type: Normal boot
21:27:32.0168 3584  ============================================================
21:27:33.0532 3584  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:27:33.0534 3584  ============================================================
21:27:33.0534 3584  \Device\Harddisk0\DR0:
21:27:33.0535 3584  MBR partitions:
21:27:33.0535 3584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x2F984000
21:27:33.0535 3584  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x31384800, BlocksNum 0x9001000
21:27:33.0535 3584  ============================================================
21:27:33.0557 3584  C: <-> \Device\Harddisk0\DR0\Partition1
21:27:33.0604 3584  D: <-> \Device\Harddisk0\DR0\Partition2
21:27:33.0604 3584  ============================================================
21:27:33.0604 3584  Initialize success
21:27:33.0604 3584  ============================================================
21:28:19.0013 2864  ============================================================
21:28:19.0013 2864  Scan started
21:28:19.0013 2864  Mode: Manual; SigCheck; TDLFS; 
21:28:19.0013 2864  ============================================================
21:28:19.0754 2864  ================ Scan system memory ========================
21:28:19.0754 2864  System memory - ok
21:28:19.0754 2864  ================ Scan services =============================
21:28:19.0944 2864  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:28:20.0054 2864  1394ohci - ok
21:28:20.0144 2864  [ DA115C33158E4ED1CCE74221F320B6B3 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
21:28:20.0164 2864  acedrv11 - ok
21:28:20.0214 2864  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:28:20.0264 2864  ACPI - ok
21:28:20.0334 2864  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:28:20.0414 2864  AcpiPmi - ok
21:28:20.0594 2864  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:28:20.0614 2864  AdobeARMservice - ok
21:28:20.0734 2864  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:20.0754 2864  AdobeFlashPlayerUpdateSvc - ok
21:28:20.0824 2864  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:20.0854 2864  adp94xx - ok
21:28:20.0904 2864  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:28:20.0934 2864  adpahci - ok
21:28:20.0964 2864  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:28:20.0984 2864  adpu320 - ok
21:28:21.0034 2864  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:28:21.0074 2864  AeLookupSvc - ok
21:28:21.0146 2864  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:28:21.0224 2864  AFD - ok
21:28:21.0255 2864  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:28:21.0271 2864  agp440 - ok
21:28:21.0318 2864  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:28:21.0333 2864  aic78xx - ok
21:28:21.0552 2864  [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai          c:\program files\common files\akamai/netsession_win_5891ae0.dll
21:28:21.0552 2864  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
21:28:21.0567 2864  Akamai ( HiddenFile.Multi.Generic ) - warning
21:28:21.0567 2864  Akamai - detected HiddenFile.Multi.Generic (1)
21:28:21.0627 2864  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:28:21.0707 2864  ALG - ok
21:28:21.0757 2864  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:28:21.0777 2864  aliide - ok
21:28:21.0837 2864  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:28:21.0907 2864  AMD External Events Utility - ok
21:28:21.0927 2864  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:28:21.0947 2864  amdagp - ok
21:28:21.0977 2864  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:28:21.0997 2864  amdide - ok
21:28:22.0087 2864  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:28:22.0157 2864  AmdK8 - ok
21:28:22.0267 2864  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:28:22.0337 2864  AmdPPM - ok
21:28:22.0397 2864  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:28:22.0417 2864  amdsata - ok
21:28:22.0477 2864  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:22.0497 2864  amdsbs - ok
21:28:22.0547 2864  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:28:22.0567 2864  amdxata - ok
21:28:22.0667 2864  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:28:22.0697 2864  AntiVirSchedulerService - ok
21:28:22.0757 2864  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:28:22.0777 2864  AntiVirService - ok
21:28:22.0837 2864  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:28:22.0967 2864  AppID - ok
21:28:23.0017 2864  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:28:23.0077 2864  AppIDSvc - ok
21:28:23.0147 2864  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:28:23.0207 2864  Appinfo - ok
21:28:23.0267 2864  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:28:23.0277 2864  arc - ok
21:28:23.0287 2864  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:28:23.0307 2864  arcsas - ok
21:28:23.0327 2864  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:23.0437 2864  AsyncMac - ok
21:28:23.0457 2864  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:28:23.0467 2864  atapi - ok
21:28:23.0527 2864  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:28:23.0637 2864  athr - ok
21:28:23.0797 2864  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:28:23.0957 2864  atikmdag - ok
21:28:24.0037 2864  [ 70F72C50D39F5AFA76C17F86223A7C4F ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
21:28:24.0057 2864  atksgt - ok
21:28:24.0127 2864  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:24.0197 2864  AudioEndpointBuilder - ok
21:28:24.0207 2864  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:28:24.0237 2864  Audiosrv - ok
21:28:24.0287 2864  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:28:24.0297 2864  avgntflt - ok
21:28:24.0367 2864  [ 3001E24F340D400BFF85935E5777FC5B ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
21:28:24.0387 2864  avgtp - ok
21:28:24.0447 2864  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:28:24.0467 2864  avipbb - ok
21:28:24.0497 2864  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:28:24.0507 2864  avkmgr - ok
21:28:24.0547 2864  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:28:24.0627 2864  AxInstSV - ok
21:28:24.0687 2864  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:28:24.0767 2864  b06bdrv - ok
21:28:24.0827 2864  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:28:24.0847 2864  b57nd60x - ok
21:28:24.0907 2864  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:28:24.0977 2864  BDESVC - ok
21:28:24.0987 2864  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:28:25.0057 2864  Beep - ok
21:28:25.0097 2864  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:28:25.0157 2864  BFE - ok
21:28:25.0207 2864  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:28:25.0287 2864  BITS - ok
21:28:25.0327 2864  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:25.0337 2864  blbdrive - ok
21:28:25.0387 2864  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:28:25.0447 2864  bowser - ok
21:28:25.0467 2864  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:25.0497 2864  BrFiltLo - ok
21:28:25.0517 2864  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:25.0557 2864  BrFiltUp - ok
21:28:25.0597 2864  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:28:25.0667 2864  Browser - ok
21:28:25.0717 2864  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:28:25.0757 2864  Brserid - ok
21:28:25.0777 2864  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:25.0827 2864  BrSerWdm - ok
21:28:25.0847 2864  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:25.0897 2864  BrUsbMdm - ok
21:28:25.0927 2864  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:25.0987 2864  BrUsbSer - ok
21:28:26.0017 2864  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:26.0067 2864  BTHMODEM - ok
21:28:26.0127 2864  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:28:26.0187 2864  bthserv - ok
21:28:26.0247 2864  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:28:26.0327 2864  cdfs - ok
21:28:26.0397 2864  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:28:26.0447 2864  cdrom - ok
21:28:26.0507 2864  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:28:26.0577 2864  CertPropSvc - ok
21:28:26.0637 2864  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:28:26.0687 2864  circlass - ok
21:28:26.0727 2864  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:28:26.0757 2864  CLFS - ok
21:28:26.0877 2864  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:26.0897 2864  clr_optimization_v2.0.50727_32 - ok
21:28:26.0997 2864  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:27.0017 2864  clr_optimization_v4.0.30319_32 - ok
21:28:27.0067 2864  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:27.0107 2864  CmBatt - ok
21:28:27.0137 2864  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:28:27.0167 2864  cmdide - ok
21:28:27.0217 2864  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:28:27.0257 2864  CNG - ok
21:28:27.0347 2864  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:28:27.0367 2864  Compbatt - ok
21:28:27.0397 2864  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:28:27.0437 2864  CompositeBus - ok
21:28:27.0457 2864  COMSysApp - ok
21:28:27.0477 2864  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:28:27.0487 2864  crcdisk - ok
21:28:27.0537 2864  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:28:27.0617 2864  CryptSvc - ok
21:28:27.0717 2864  [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc    C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
21:28:27.0737 2864  DAUpdaterSvc - ok
21:28:27.0777 2864  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:28:27.0827 2864  DcomLaunch - ok
21:28:27.0857 2864  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:28:27.0927 2864  defragsvc - ok
21:28:27.0987 2864  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:28:28.0057 2864  DfsC - ok
21:28:28.0117 2864  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:28:28.0177 2864  Dhcp - ok
21:28:28.0237 2864  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:28:28.0297 2864  discache - ok
21:28:28.0337 2864  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:28:28.0347 2864  Disk - ok
21:28:28.0407 2864  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:28:28.0427 2864  Dnscache - ok
21:28:28.0467 2864  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:28:28.0537 2864  dot3svc - ok
21:28:28.0577 2864  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:28:28.0647 2864  DPS - ok
21:28:28.0707 2864  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:28:28.0757 2864  drmkaud - ok
21:28:28.0807 2864  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:28:28.0847 2864  DXGKrnl - ok
21:28:28.0917 2864  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:28:28.0987 2864  EapHost - ok
21:28:29.0117 2864  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:28:29.0227 2864  ebdrv - ok
21:28:29.0277 2864  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:28:29.0307 2864  EFS - ok
21:28:29.0387 2864  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:28:29.0437 2864  ehRecvr - ok
21:28:29.0477 2864  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:28:29.0517 2864  ehSched - ok
21:28:29.0587 2864  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:28:29.0617 2864  elxstor - ok
21:28:29.0637 2864  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:28:29.0667 2864  ErrDev - ok
21:28:29.0747 2864  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:28:29.0807 2864  EventSystem - ok
21:28:29.0847 2864  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:28:29.0907 2864  exfat - ok
21:28:29.0947 2864  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:28:30.0007 2864  fastfat - ok
21:28:30.0077 2864  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:28:30.0137 2864  Fax - ok
21:28:30.0177 2864  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:28:30.0217 2864  fdc - ok
21:28:30.0267 2864  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:28:30.0327 2864  fdPHost - ok
21:28:30.0347 2864  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:28:30.0397 2864  FDResPub - ok
21:28:30.0427 2864  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:28:30.0437 2864  FileInfo - ok
21:28:30.0447 2864  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:28:30.0517 2864  Filetrace - ok
21:28:30.0567 2864  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:30.0587 2864  flpydisk - ok
21:28:30.0627 2864  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:28:30.0647 2864  FltMgr - ok
21:28:30.0697 2864  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:28:30.0777 2864  FontCache - ok
21:28:30.0857 2864  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:30.0867 2864  FontCache3.0.0.0 - ok
21:28:30.0917 2864  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:28:30.0937 2864  FsDepends - ok
21:28:30.0977 2864  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:28:30.0987 2864  Fs_Rec - ok
21:28:31.0037 2864  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:28:31.0057 2864  fvevol - ok
21:28:31.0077 2864  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:28:31.0097 2864  gagp30kx - ok
21:28:31.0157 2864  [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
21:28:31.0167 2864  ggflt - ok
21:28:31.0217 2864  [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
21:28:31.0237 2864  ggsemc - ok
21:28:31.0287 2864  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:28:31.0363 2864  gpsvc - ok
21:28:31.0457 2864  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:31.0472 2864  gupdate - ok
21:28:31.0504 2864  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:31.0535 2864  gupdatem - ok
21:28:31.0566 2864  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:28:31.0597 2864  hcw85cir - ok
21:28:31.0660 2864  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:28:31.0691 2864  HdAudAddService - ok
21:28:31.0753 2864  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:28:31.0800 2864  HDAudBus - ok
21:28:31.0831 2864  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:31.0878 2864  HidBatt - ok
21:28:31.0909 2864  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:28:31.0956 2864  HidBth - ok
21:28:31.0987 2864  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:28:32.0018 2864  HidIr - ok
21:28:32.0065 2864  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:28:32.0128 2864  hidserv - ok
21:28:32.0190 2864  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:28:32.0237 2864  HidUsb - ok
21:28:32.0284 2864  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:28:32.0315 2864  hkmsvc - ok
21:28:32.0330 2864  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:28:32.0377 2864  HomeGroupListener - ok
21:28:32.0424 2864  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:28:32.0471 2864  HomeGroupProvider - ok
21:28:32.0533 2864  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:28:32.0549 2864  HpSAMD - ok
21:28:32.0596 2864  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:28:32.0642 2864  HTTP - ok
21:28:32.0689 2864  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:28:32.0705 2864  hwpolicy - ok
21:28:32.0752 2864  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:28:32.0783 2864  i8042prt - ok
21:28:32.0814 2864  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:28:32.0845 2864  iaStorV - ok
21:28:32.0908 2864  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:28:32.0970 2864  idsvc - ok
21:28:33.0017 2864  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:28:33.0048 2864  iirsp - ok
21:28:33.0095 2864  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:28:33.0173 2864  IKEEXT - ok
21:28:33.0220 2864  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:28:33.0235 2864  intelide - ok
21:28:33.0282 2864  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:28:33.0313 2864  intelppm - ok
21:28:33.0391 2864  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:28:33.0454 2864  IPBusEnum - ok
21:28:33.0485 2864  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:33.0532 2864  IpFilterDriver - ok
21:28:33.0610 2864  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:28:33.0656 2864  iphlpsvc - ok
21:28:33.0688 2864  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:28:33.0703 2864  IPMIDRV - ok
21:28:33.0750 2864  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:28:33.0797 2864  IPNAT - ok
21:28:33.0844 2864  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:28:33.0890 2864  IRENUM - ok
21:28:33.0906 2864  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:28:33.0922 2864  isapnp - ok
21:28:33.0937 2864  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:28:33.0953 2864  iScsiPrt - ok
21:28:33.0984 2864  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:28:34.0000 2864  kbdclass - ok
21:28:34.0031 2864  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:28:34.0046 2864  kbdhid - ok
21:28:34.0109 2864  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:28:34.0140 2864  KeyIso - ok
21:28:34.0187 2864  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:28:34.0202 2864  KSecDD - ok
21:28:34.0218 2864  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:28:34.0234 2864  KSecPkg - ok
21:28:34.0284 2864  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:28:34.0364 2864  KtmRm - ok
21:28:34.0424 2864  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:28:34.0474 2864  LanmanServer - ok
21:28:34.0514 2864  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:28:34.0554 2864  LanmanWorkstation - ok
21:28:34.0634 2864  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
21:28:34.0654 2864  lirsgt - ok
21:28:34.0724 2864  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:28:34.0784 2864  lltdio - ok
21:28:34.0834 2864  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:28:34.0894 2864  lltdsvc - ok
21:28:34.0914 2864  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:28:34.0984 2864  lmhosts - ok
21:28:35.0024 2864  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:28:35.0034 2864  LSI_FC - ok
21:28:35.0084 2864  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:28:35.0094 2864  LSI_SAS - ok
21:28:35.0114 2864  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:28:35.0134 2864  LSI_SAS2 - ok
21:28:35.0154 2864  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:28:35.0164 2864  LSI_SCSI - ok
21:28:35.0184 2864  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:28:35.0234 2864  luafv - ok
21:28:35.0284 2864  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:28:35.0294 2864  Mcx2Svc - ok
21:28:35.0304 2864  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:28:35.0324 2864  megasas - ok
21:28:35.0344 2864  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:28:35.0364 2864  MegaSR - ok
21:28:35.0404 2864  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:28:35.0434 2864  MMCSS - ok
21:28:35.0454 2864  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:28:35.0504 2864  Modem - ok
21:28:35.0534 2864  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:28:35.0574 2864  monitor - ok
21:28:35.0624 2864  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:28:35.0634 2864  mouclass - ok
21:28:35.0654 2864  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:28:35.0684 2864  mouhid - ok
21:28:35.0724 2864  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:28:35.0744 2864  mountmgr - ok
21:28:35.0824 2864  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:28:35.0844 2864  MozillaMaintenance - ok
21:28:35.0864 2864  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:28:35.0874 2864  mpio - ok
21:28:35.0914 2864  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:28:35.0984 2864  mpsdrv - ok
21:28:36.0104 2864  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:28:36.0204 2864  MpsSvc - ok
21:28:36.0224 2864  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:28:36.0264 2864  MRxDAV - ok
21:28:36.0334 2864  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:36.0394 2864  mrxsmb - ok
21:28:36.0454 2864  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:36.0474 2864  mrxsmb10 - ok
21:28:36.0514 2864  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:36.0544 2864  mrxsmb20 - ok
21:28:36.0594 2864  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:28:36.0614 2864  msahci - ok
21:28:36.0664 2864  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:28:36.0684 2864  msdsm - ok
21:28:36.0714 2864  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:28:36.0754 2864  MSDTC - ok
21:28:36.0794 2864  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:28:36.0864 2864  Msfs - ok
21:28:36.0884 2864  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:28:36.0964 2864  mshidkmdf - ok
21:28:37.0024 2864  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:28:37.0044 2864  msisadrv - ok
21:28:37.0144 2864  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:28:37.0194 2864  MSiSCSI - ok
21:28:37.0194 2864  msiserver - ok
21:28:37.0334 2864  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:28:37.0394 2864  MSKSSRV - ok
21:28:37.0434 2864  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:37.0494 2864  MSPCLOCK - ok
21:28:37.0514 2864  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:28:37.0544 2864  MSPQM - ok
21:28:37.0564 2864  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:28:37.0584 2864  MsRPC - ok
21:28:37.0624 2864  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:28:37.0634 2864  mssmbios - ok
21:28:37.0644 2864  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:28:37.0674 2864  MSTEE - ok
21:28:37.0694 2864  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:28:37.0734 2864  MTConfig - ok
21:28:37.0764 2864  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:28:37.0774 2864  Mup - ok
21:28:37.0824 2864  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:28:37.0864 2864  napagent - ok
21:28:37.0934 2864  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:28:37.0964 2864  NativeWifiP - ok
21:28:38.0024 2864  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:28:38.0074 2864  NDIS - ok
21:28:38.0084 2864  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:38.0124 2864  NdisCap - ok
21:28:38.0154 2864  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:38.0214 2864  NdisTapi - ok
21:28:38.0254 2864  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:38.0314 2864  Ndisuio - ok
21:28:38.0344 2864  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:38.0404 2864  NdisWan - ok
21:28:38.0424 2864  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:28:38.0494 2864  NDProxy - ok
21:28:38.0564 2864  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:28:38.0604 2864  NetBIOS - ok
21:28:38.0644 2864  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:28:38.0704 2864  NetBT - ok
21:28:38.0724 2864  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:28:38.0744 2864  Netlogon - ok
21:28:38.0814 2864  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:28:38.0874 2864  Netman - ok
21:28:38.0914 2864  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:28:38.0974 2864  netprofm - ok
21:28:39.0024 2864  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:28:39.0044 2864  NetTcpPortSharing - ok
21:28:39.0094 2864  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:28:39.0114 2864  nfrd960 - ok
21:28:39.0164 2864  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:28:39.0234 2864  NlaSvc - ok
21:28:39.0264 2864  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:28:39.0304 2864  Npfs - ok
21:28:39.0344 2864  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:28:39.0374 2864  nsi - ok
21:28:39.0414 2864  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:28:39.0484 2864  nsiproxy - ok
21:28:39.0554 2864  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:28:39.0634 2864  Ntfs - ok
21:28:39.0644 2864  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:28:39.0694 2864  Null - ok
21:28:39.0734 2864  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:28:39.0754 2864  nvraid - ok
21:28:39.0814 2864  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:28:39.0834 2864  nvstor - ok
21:28:39.0844 2864  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:28:39.0854 2864  nv_agp - ok
21:28:39.0894 2864  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:28:39.0934 2864  ohci1394 - ok
21:28:40.0014 2864  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:40.0044 2864  ose - ok
21:28:40.0204 2864  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:28:40.0354 2864  osppsvc - ok
21:28:40.0394 2864  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:28:40.0464 2864  p2pimsvc - ok
21:28:40.0494 2864  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:28:40.0524 2864  p2psvc - ok
21:28:40.0564 2864  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:28:40.0574 2864  Parport - ok
21:28:40.0624 2864  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:28:40.0634 2864  partmgr - ok
21:28:40.0654 2864  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:28:40.0684 2864  Parvdm - ok
21:28:40.0724 2864  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:28:40.0744 2864  PcaSvc - ok
21:28:40.0794 2864  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:28:40.0824 2864  pci - ok
21:28:40.0834 2864  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:28:40.0844 2864  pciide - ok
21:28:40.0884 2864  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:40.0904 2864  pcmcia - ok
21:28:40.0944 2864  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:28:40.0954 2864  pcw - ok
21:28:40.0984 2864  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:28:41.0044 2864  PEAUTH - ok
21:28:41.0114 2864  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:28:41.0224 2864  pla - ok
21:28:41.0274 2864  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:28:41.0304 2864  PlugPlay - ok
21:28:41.0334 2864  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:28:41.0374 2864  PNRPAutoReg - ok
21:28:41.0404 2864  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:28:41.0424 2864  PNRPsvc - ok
21:28:41.0474 2864  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:28:41.0504 2864  PolicyAgent - ok
21:28:41.0544 2864  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:28:41.0614 2864  Power - ok
21:28:41.0674 2864  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:28:41.0744 2864  PptpMiniport - ok
21:28:41.0754 2864  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:28:41.0794 2864  Processor - ok
21:28:41.0864 2864  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:28:41.0914 2864  ProfSvc - ok
21:28:41.0944 2864  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:28:41.0954 2864  ProtectedStorage - ok
21:28:41.0984 2864  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:28:42.0054 2864  Psched - ok
21:28:42.0134 2864  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
21:28:42.0154 2864  PSI - ok
21:28:42.0234 2864  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:28:42.0304 2864  ql2300 - ok
21:28:42.0314 2864  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:28:42.0334 2864  ql40xx - ok
21:28:42.0374 2864  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:28:42.0424 2864  QWAVE - ok
21:28:42.0444 2864  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:28:42.0464 2864  QWAVEdrv - ok
21:28:42.0474 2864  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:28:42.0524 2864  RasAcd - ok
21:28:42.0554 2864  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:28:42.0624 2864  RasAgileVpn - ok
21:28:42.0654 2864  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:28:42.0694 2864  RasAuto - ok
21:28:42.0714 2864  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:42.0744 2864  Rasl2tp - ok
21:28:42.0794 2864  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:28:42.0874 2864  RasMan - ok
21:28:42.0894 2864  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:42.0954 2864  RasPppoe - ok
21:28:43.0024 2864  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:28:43.0084 2864  RasSstp - ok
21:28:43.0134 2864  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:28:43.0184 2864  rdbss - ok
21:28:43.0204 2864  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:28:43.0224 2864  rdpbus - ok
21:28:43.0264 2864  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:43.0314 2864  RDPCDD - ok
21:28:43.0354 2864  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:28:43.0384 2864  RDPENCDD - ok
21:28:43.0394 2864  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:28:43.0424 2864  RDPREFMP - ok
21:28:43.0464 2864  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:28:43.0494 2864  RDPWD - ok
21:28:43.0554 2864  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:28:43.0584 2864  rdyboost - ok
21:28:43.0624 2864  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:28:43.0684 2864  RemoteAccess - ok
21:28:43.0734 2864  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:28:43.0794 2864  RemoteRegistry - ok
21:28:43.0834 2864  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:28:43.0864 2864  RpcEptMapper - ok
21:28:43.0904 2864  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:28:43.0924 2864  RpcLocator - ok
21:28:43.0944 2864  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:28:43.0984 2864  RpcSs - ok
21:28:44.0034 2864  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:28:44.0094 2864  rspndr - ok
21:28:44.0124 2864  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:28:44.0134 2864  SamSs - ok
21:28:44.0154 2864  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:28:44.0164 2864  sbp2port - ok
21:28:44.0204 2864  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:28:44.0254 2864  SCardSvr - ok
21:28:44.0284 2864  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:28:44.0344 2864  scfilter - ok
21:28:44.0384 2864  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:28:44.0454 2864  Schedule - ok
21:28:44.0484 2864  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:28:44.0514 2864  SCPolicySvc - ok
21:28:44.0554 2864  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:28:44.0584 2864  SDRSVC - ok
21:28:44.0644 2864  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:28:44.0694 2864  secdrv - ok
21:28:44.0734 2864  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:28:44.0794 2864  seclogon - ok
21:28:44.0892 2864  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:28:44.0938 2864  Secunia PSI Agent - ok
21:28:44.0970 2864  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:28:44.0985 2864  Secunia Update Agent - ok
21:28:45.0048 2864  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:28:45.0110 2864  SENS - ok
21:28:45.0157 2864  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:28:45.0219 2864  SensrSvc - ok
21:28:45.0235 2864  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:28:45.0266 2864  Serenum - ok
21:28:45.0313 2864  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:28:45.0360 2864  Serial - ok
21:28:45.0375 2864  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:28:45.0422 2864  sermouse - ok
21:28:45.0469 2864  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:28:45.0516 2864  SessionEnv - ok
21:28:45.0562 2864  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:28:45.0578 2864  sffdisk - ok
21:28:45.0609 2864  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:28:45.0625 2864  sffp_mmc - ok
21:28:45.0640 2864  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:28:45.0672 2864  sffp_sd - ok
21:28:45.0703 2864  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:28:45.0734 2864  sfloppy - ok
21:28:45.0796 2864  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:28:45.0874 2864  SharedAccess - ok
21:28:45.0890 2864  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:28:45.0921 2864  ShellHWDetection - ok
21:28:45.0937 2864  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:28:45.0952 2864  sisagp - ok
21:28:45.0999 2864  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:28:46.0015 2864  SiSRaid2 - ok
21:28:46.0030 2864  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:28:46.0046 2864  SiSRaid4 - ok
21:28:46.0140 2864  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:28:46.0155 2864  SkypeUpdate - ok
21:28:46.0171 2864  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:28:46.0233 2864  Smb - ok
21:28:46.0296 2864  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:28:46.0327 2864  SNMPTRAP - ok
21:28:46.0452 2864  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
21:28:46.0467 2864  Sony Ericsson PCCompanion - ok
21:28:46.0514 2864  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:28:46.0514 2864  spldr - ok
21:28:46.0576 2864  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:28:46.0639 2864  Spooler - ok
21:28:46.0717 2864  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:28:46.0842 2864  sppsvc - ok
21:28:46.0873 2864  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:28:46.0935 2864  sppuinotify - ok
21:28:46.0982 2864  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:28:47.0060 2864  srv - ok
21:28:47.0091 2864  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:28:47.0138 2864  srv2 - ok
21:28:47.0185 2864  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:28:47.0232 2864  srvnet - ok
21:28:47.0263 2864  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:28:47.0325 2864  SSDPSRV - ok
21:28:47.0388 2864  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:28:47.0403 2864  ssmdrv - ok
21:28:47.0403 2864  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:28:47.0450 2864  SstpSvc - ok
21:28:47.0497 2864  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:28:47.0497 2864  stexstor - ok
21:28:47.0544 2864  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:28:47.0606 2864  StiSvc - ok
21:28:47.0637 2864  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:28:47.0653 2864  swenum - ok
21:28:47.0700 2864  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:28:47.0746 2864  swprv - ok
21:28:47.0809 2864  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:28:47.0902 2864  SysMain - ok
21:28:47.0948 2864  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:28:47.0998 2864  TabletInputService - ok
21:28:48.0038 2864  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:28:48.0118 2864  TapiSrv - ok
21:28:48.0158 2864  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:28:48.0218 2864  TBS - ok
21:28:48.0318 2864  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:28:48.0388 2864  Tcpip - ok
21:28:48.0438 2864  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:28:48.0468 2864  TCPIP6 - ok
21:28:48.0528 2864  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:28:48.0588 2864  tcpipreg - ok
21:28:48.0648 2864  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:28:48.0678 2864  TDPIPE - ok
21:28:48.0718 2864  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:28:48.0728 2864  TDTCP - ok
21:28:48.0768 2864  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:28:48.0808 2864  tdx - ok
21:28:48.0818 2864  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:28:48.0838 2864  TermDD - ok
21:28:48.0888 2864  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:28:48.0948 2864  TermService - ok
21:28:49.0008 2864  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:28:49.0058 2864  Themes - ok
21:28:49.0078 2864  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:28:49.0108 2864  THREADORDER - ok
21:28:49.0138 2864  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:28:49.0198 2864  TrkWks - ok
21:28:49.0268 2864  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:28:49.0318 2864  TrustedInstaller - ok
21:28:49.0338 2864  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:49.0358 2864  tssecsrv - ok
21:28:49.0428 2864  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:28:49.0488 2864  TsUsbFlt - ok
21:28:49.0548 2864  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:28:49.0588 2864  tunnel - ok
21:28:49.0628 2864  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:28:49.0638 2864  uagp35 - ok
21:28:49.0658 2864  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:28:49.0708 2864  udfs - ok
21:28:49.0758 2864  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:28:49.0788 2864  UI0Detect - ok
21:28:49.0838 2864  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:28:49.0858 2864  uliagpkx - ok
21:28:49.0888 2864  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:28:49.0918 2864  umbus - ok
21:28:49.0978 2864  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:28:49.0998 2864  UmPass - ok
21:28:50.0048 2864  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:28:50.0128 2864  upnphost - ok
21:28:50.0168 2864  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:50.0198 2864  usbccgp - ok
21:28:50.0238 2864  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:28:50.0288 2864  usbcir - ok
21:28:50.0318 2864  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:28:50.0328 2864  usbehci - ok
21:28:50.0358 2864  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:28:50.0378 2864  usbhub - ok
21:28:50.0388 2864  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:28:50.0438 2864  usbohci - ok
21:28:50.0468 2864  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:28:50.0518 2864  usbprint - ok
21:28:50.0538 2864  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:50.0608 2864  USBSTOR - ok
21:28:50.0658 2864  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:28:50.0708 2864  usbuhci - ok
21:28:50.0778 2864  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:28:50.0828 2864  usbvideo - ok
21:28:50.0868 2864  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:28:50.0918 2864  UxSms - ok
21:28:50.0948 2864  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:28:50.0958 2864  VaultSvc - ok
21:28:50.0978 2864  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:28:50.0998 2864  vdrvroot - ok
21:28:51.0048 2864  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:28:51.0088 2864  vds - ok
21:28:51.0128 2864  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:51.0148 2864  vga - ok
21:28:51.0158 2864  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:28:51.0188 2864  VgaSave - ok
21:28:51.0218 2864  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:28:51.0238 2864  vhdmp - ok
21:28:51.0268 2864  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:28:51.0278 2864  viaagp - ok
21:28:51.0308 2864  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:28:51.0338 2864  ViaC7 - ok
21:28:51.0368 2864  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:28:51.0378 2864  viaide - ok
21:28:51.0398 2864  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:28:51.0408 2864  volmgr - ok
21:28:51.0458 2864  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:28:51.0478 2864  volmgrx - ok
21:28:51.0498 2864  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:28:51.0508 2864  volsnap - ok
21:28:51.0548 2864  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:28:51.0568 2864  vsmraid - ok
21:28:51.0618 2864  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:28:51.0718 2864  VSS - ok
21:28:51.0858 2864  [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
21:28:51.0888 2864  vToolbarUpdater12.2.6 - ok
21:28:51.0908 2864  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:28:51.0938 2864  vwifibus - ok
21:28:51.0978 2864  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:28:51.0998 2864  vwififlt - ok
21:28:52.0048 2864  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:28:52.0088 2864  W32Time - ok
21:28:52.0098 2864  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:28:52.0138 2864  WacomPen - ok
21:28:52.0168 2864  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:28:52.0198 2864  WANARP - ok
21:28:52.0208 2864  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:28:52.0228 2864  Wanarpv6 - ok
21:28:52.0348 2864  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:28:52.0418 2864  WatAdminSvc - ok
21:28:52.0448 2864  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:28:52.0508 2864  wbengine - ok
21:28:52.0548 2864  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:28:52.0568 2864  WbioSrvc - ok
21:28:52.0608 2864  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:28:52.0668 2864  wcncsvc - ok
21:28:52.0698 2864  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:28:52.0758 2864  WcsPlugInService - ok
21:28:52.0798 2864  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:28:52.0818 2864  Wd - ok
21:28:52.0848 2864  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:28:52.0868 2864  Wdf01000 - ok
21:28:52.0878 2864  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:28:52.0898 2864  WdiServiceHost - ok
21:28:52.0908 2864  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:28:52.0928 2864  WdiSystemHost - ok
21:28:52.0968 2864  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:28:52.0998 2864  WebClient - ok
21:28:53.0038 2864  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:28:53.0068 2864  Wecsvc - ok
21:28:53.0088 2864  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:28:53.0118 2864  wercplsupport - ok
21:28:53.0138 2864  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:28:53.0188 2864  WerSvc - ok
21:28:53.0248 2864  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:28:53.0288 2864  WfpLwf - ok
21:28:53.0308 2864  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:28:53.0318 2864  WIMMount - ok
21:28:53.0395 2864  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:28:53.0473 2864  WinDefend - ok
21:28:53.0488 2864  WinHttpAutoProxySvc - ok
21:28:53.0566 2864  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:28:53.0629 2864  Winmgmt - ok
21:28:53.0691 2864  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:28:53.0769 2864  WinRM - ok
21:28:53.0863 2864  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:28:53.0925 2864  Wlansvc - ok
21:28:53.0972 2864  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:28:54.0019 2864  WmiAcpi - ok
21:28:54.0054 2864  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:28:54.0104 2864  wmiApSrv - ok
21:28:54.0224 2864  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:28:54.0284 2864  WMPNetworkSvc - ok
21:28:54.0324 2864  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:28:54.0384 2864  WPCSvc - ok
21:28:54.0424 2864  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:28:54.0474 2864  WPDBusEnum - ok
21:28:54.0504 2864  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:28:54.0544 2864  ws2ifsl - ok
21:28:54.0584 2864  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:28:54.0624 2864  wscsvc - ok
21:28:54.0624 2864  WSearch - ok
21:28:54.0704 2864  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:28:54.0794 2864  wuauserv - ok
21:28:54.0804 2864  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:28:54.0864 2864  WudfPf - ok
21:28:54.0904 2864  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:54.0934 2864  WUDFRd - ok
21:28:54.0994 2864  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:28:55.0054 2864  wudfsvc - ok
21:28:55.0094 2864  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:28:55.0134 2864  WwanSvc - ok
21:28:55.0204 2864  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
21:28:55.0224 2864  yukonw7 - ok
21:28:55.0234 2864  ================ Scan global ===============================
21:28:55.0284 2864  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:28:55.0334 2864  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:28:55.0354 2864  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:28:55.0404 2864  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:28:55.0434 2864  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:28:55.0434 2864  [Global] - ok
21:28:55.0434 2864  ================ Scan MBR ==================================
21:28:55.0454 2864  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:28:55.0854 2864  \Device\Harddisk0\DR0 - ok
21:28:55.0854 2864  ================ Scan VBR ==================================
21:28:55.0854 2864  [ 9E16E781107B13B581AD18D339F0CD57 ] \Device\Harddisk0\DR0\Partition1
21:28:55.0854 2864  \Device\Harddisk0\DR0\Partition1 - ok
21:28:55.0884 2864  [ F563F5D5679439447FAFCCDC6CA9AAA6 ] \Device\Harddisk0\DR0\Partition2
21:28:55.0884 2864  \Device\Harddisk0\DR0\Partition2 - ok
21:28:55.0884 2864  ============================================================
21:28:55.0884 2864  Scan finished
21:28:55.0884 2864  ============================================================
21:28:55.0944 3128  Detected object count: 1
21:28:55.0944 3128  Actual detected object count: 1
21:29:15.0725 3128  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:29:15.0725 3128  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
         
MfG

Alt 21.10.2012, 11:37   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Ist auch unauffällig. Noch Probleme offen?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 20:45   #25
DrPitbull
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Hallo Cosinus,

noch zwei Dinge, die mir nicht klar sind. Beim Vollscan von Avira kam gestern,
dass der Papierkorb beschädigt sei. Nachdem ich den Papierkorb geleert habe, kam dieser Fehler heute nicht mehr.

Irgendwann während den Scans oder so sind auf dem Dektop zwei Desktop.ini
Dateien aufgetaucht, die ich nicht zuordnen kann.
Inhalt:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

und


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Ansonsten fällt mir nichts ein.
Vielen Dank für deine Hilfe.

MFG

Alt 22.10.2012, 10:16   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet Fund von  EXP/2012-4681.AD - Standard

Avira meldet Fund von EXP/2012-4681.AD



Zitat:
Irgendwann während den Scans oder so sind auf dem Dektop zwei Desktop.ini
Die sind immer da, das sind versteckte Dateien die jetzt nur eingeblendet werden siehe http://www.trojaner-board.de/59624-a...tml#post499985
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Avira meldet Fund von EXP/2012-4681.AD
akamai, avg secure search, avg security toolbar, avira, bho, cid, converter, document, error, exp/2012-4681.ad, fehler, festplatte, flash player, helper, home, iexplore.exe, install.exe, karte, logfile, mozilla, mp3, ntdll.dll, plug-in, problem, programm, registry, secunia psi, secure search, security, senden, svchost.exe, taskhost.exe, trojaner, vtoolbarupdater, windows, windows.old, wuauclt.exe




Ähnliche Themen: Avira meldet Fund von EXP/2012-4681.AD


  1. Windows 7: Avira meldet Fund
    Log-Analyse und Auswertung - 13.03.2015 (15)
  2. AVIRA meldet vermehrt Fund: PUA/DownloadSponsor.Gen
    Log-Analyse und Auswertung - 08.03.2015 (9)
  3. Avira meldet Fund, Malware bestätigt das. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2014 (15)
  4. Avira meldet Fund JS/iFrame.EB.361
    Plagegeister aller Art und deren Bekämpfung - 07.03.2014 (13)
  5. Kaspersky Internet Security meldet Fund: HEUR:Exploit.Java.CVE-2012-1723.gen
    Log-Analyse und Auswertung - 15.10.2013 (13)
  6. Win 7/ Avira Fund Enthält EXP/CVE-2012-1723.B.Gen
    Log-Analyse und Auswertung - 05.08.2013 (7)
  7. Avira meldet JAVA/Agent-Viren sowie EXP/Dldr.Java.O und EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (8)
  8. Avira meldet Fund EXP/Java.AM
    Log-Analyse und Auswertung - 23.01.2013 (31)
  9. HEUR:Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 26.11.2012 (23)
  10. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  11. HEUR:Exploit.Java.CVE-2012-4681.gen -wie entfernen
    Mülltonne - 15.11.2012 (1)
  12. HEUR:Exploit Java. CVE-2012-4681.gen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (24)
  13. Befall: EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (21)
  14. Viren-Warnung Avira: Exploit EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (1)
  15. EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden
    Log-Analyse und Auswertung - 19.09.2012 (29)
  16. EXP/2012-4681.N.1 & TR/Agent.trvv.2 erkannt. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (2)
  17. Qurantäne Datei Avira EXP/CVE-2012-4681 (unter anderem)
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (5)

Zum Thema Avira meldet Fund von EXP/2012-4681.AD - Probier es bitte im abgesicherten Modus mit Netzwerktreibern aus - Avira meldet Fund von EXP/2012-4681.AD...
Archiv
Du betrachtest: Avira meldet Fund von EXP/2012-4681.AD auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.