spyhunter 4 entfernen

friedrich23 · 24.01.2013, 17:03

hey. ich habe mir spyhunter 4 eingefangen:

malwarebytes anti malware scan:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.24.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
friedrich :: COMPUTER [limited]

Protection: Enabled

24.01.2013 15:35:34
mbam-log-2013-01-24 (15-35-34).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386756
Time elapsed: 48 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Delete on reboot.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: hxxp://searchfunmoods.com/?f=2&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL scan:

Code:

ATTFilter

OTL logfile created on: 24.01.2013 16:24:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\olotu\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 56,40% Memory free
6,73 Gb Paging File | 5,24 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 15,99 Gb Free Space | 16,37% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.24 16:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\friedrich\Downloads\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.14 19:40:44 | 000,093,184 | ---- | M] () -- C:\Windows\System32\GFilterSvc.exe
PRC - [2012.11.14 19:40:42 | 000,067,584 | ---- | M] () -- C:\Windows\System32\MUILbnguageCleanup.exe
PRC - [2012.10.16 08:48:00 | 002,360,864 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.08 19:21:22 | 000,766,400 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012.01.13 19:48:07 | 000,040,960 | ---- | M] () -- C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.08.07 18:38:18 | 000,109,056 | ---- | M] (none) -- C:\Users\root\AppData\Local\Temp\Rar$EX01.516\WLAN Optimizer.exe
PRC - [2009.01.27 15:24:00 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.15 23:51:58 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008.05.15 23:51:54 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2008.05.15 23:51:54 | 000,055,856 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\hqtray.exe
PRC - [2008.05.15 23:51:40 | 000,072,240 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008.05.15 23:51:34 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.19 08:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.04.10 20:24:26 | 000,143,360 | ---- | M] () -- C:\Programme\Vista Anti-Lag\val.exe
PRC - [2007.03.23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007.03.07 11:05:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006.10.22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005.11.11 14:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\soundman.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.11 15:23:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2013.01.11 15:23:01 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2013.01.11 15:22:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2013.01.11 15:20:36 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2013.01.11 15:20:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2010.08.09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.15 23:51:50 | 000,080,432 | ---- | M] () -- C:\Programme\VMware\VMware Workstation\zlib1.dll
MOD - [2008.05.15 23:51:38 | 000,970,288 | ---- | M] () -- C:\Programme\VMware\VMware Workstation\libxml2.dll
MOD - [2007.04.10 20:24:26 | 000,143,360 | ---- | M] () -- C:\Programme\Vista Anti-Lag\val.exe
MOD - [2002.05.14 18:22:34 | 000,122,880 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.14 19:40:44 | 000,093,184 | ---- | M] () [Auto | Running] -- C:\Windows\System32\GFilterSvc.exe -- (GFilterSvc)
SRV - [2012.11.14 19:40:42 | 000,067,584 | ---- | M] () [Auto | Running] -- C:\Windows\System32\MUILbnguageCleanup.exe -- (snmpurap)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.16 08:48:00 | 002,360,864 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2012.10.11 02:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.08 19:21:22 | 000,766,400 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012.10.05 16:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Programme\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.08 09:06:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012.01.13 19:48:07 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.01.12 09:07:32 | 000,695,640 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe -- (McAfee ScanAndRepair Svc)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.05.15 23:51:58 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008.05.15 23:51:54 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2008.05.15 23:51:34 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.30 16:23:02 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007.03.23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007.03.07 11:05:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.06.22 12:01:30 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2011.05.06 16:57:08 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.02.03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2008.05.15 23:52:18 | 000,926,000 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2008.05.15 23:52:18 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2008.05.15 23:52:18 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008.05.15 23:52:16 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008.05.15 23:51:36 | 000,015,920 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2008.05.15 23:51:08 | 000,030,768 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2008.05.15 23:51:08 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008.05.15 23:51:08 | 000,016,816 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007.11.30 16:22:16 | 000,019,248 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007.03.23 09:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007.03.12 10:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007.02.08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2007.02.08 14:45:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2006.03.24 17:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04)
DRV - [2005.11.24 12:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
DRV - [2005.11.22 14:44:00 | 003,804,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcxwdm.sys -- (ALCXWDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - SOFTWARE\Classes\CLSID\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - SOFTWARE\Classes\CLSID\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4212_1&babsrc=SP_clro&mntrId=e484c610000000000000001839049e5c
IE - HKCU\..\SearchScopes\{1B231CAF-15B3-410B-A229-06AED74DEBBA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432373336343736&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
IE - HKCU\..\SearchScopes\{CAC910EF-195B-4308-9526-8B732AE6ADFF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DFE9012D-09B6-4947-B07E-4EF158F7822F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.8.1.300
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q="
 
FF - user.js..browser.search.defaultenginename: "Google"
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.10 18:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.15 20:07:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.27 16:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.10.17 12:41:08 | 000,000,000 | ---D | M]
 
[2010.05.14 17:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2012.11.14 19:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions
[2011.04.07 15:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.13 19:47:19 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.02.10 14:38:40 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.10.17 12:41:10 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\crossriderapp5060@crossrider.com
[2012.02.10 14:38:12 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@babylon.com
[2012.10.17 12:41:34 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@claro.com
[2012.11.14 19:40:34 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com
[2012.10.17 12:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode
[2012.10.13 18:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.11.15 16:51:42 | 000,002,273 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\bingp.xml
[2012.11.14 19:40:34 | 000,000,781 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\Funmoods.xml
[2012.12.13 15:49:20 | 000,003,576 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\Google.xml
[2012.01.13 19:48:10 | 000,002,077 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{9573D3C0-1EF0-4E34-A57D-69E97F8AC325}.xml
[2012.01.13 19:48:10 | 000,001,870 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{A46C1975-777F-4326-8C76-0CD708A49FEC}.xml
[2012.01.13 19:48:10 | 000,002,188 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{F4D0AF56-E566-4B71-A1D8-C2D229AFAD50}.xml
[2012.12.10 18:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.17 12:41:08 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012.10.11 02:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.19 12:14:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 09:07:32 | 000,183,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMcAfeeSRPlgn.dll
[2012.10.17 12:41:24 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMcAfeeSRPlgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: YouTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ProxTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\chakodcglgpacmjpjfaoopegbglbollk\1.1.35_0\
CHR - Extension: Google-Suche = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DealPly = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Wajam = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Skype Click to Call = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Settings Protector = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: Google Mail = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011.01.20 17:41:54 | 000,000,820 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Programme\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\root\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz0.dll File not found
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programme\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz0.dll File not found
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Programme\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files\Eazel-DE\tbEaz0.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EADM] "C:\Programme\Electronic Arts\EADM\EADMUI\EADMUI.exe" File not found
O4 - HKCU..\Run: [iPhone Explorer Launcher] C:\Program Files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7805E72A-2147-4619-B327-4D3EF8AB535A}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81EFCBE7-A49E-41E7-B7EF-FB55075F8ABF}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86A4A234-5EDE-444B-AB27-44A014E3F19F}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9E527F-645B-4E88-B8F9-253BAAE1B016}: NameServer = 213.191.74.18,213.191.74.19
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a401363f-dbf2-11dd-931b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{a401363f-dbf2-11dd-931b-005056c00008}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d11fe830-8295-11dd-9c03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d11fe830-8295-11dd-9c03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f189f69d-e62d-11dd-81ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f189f69d-e62d-11dd-81ca-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 19:24:57 | 000,000,000 | ---D | C] -- C:\WZShutdown
[2013.01.17 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Malwarebytes
[2013.01.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.17 16:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.17 16:09:37 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.17 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.16 20:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.01.15 20:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeScanAndRepair
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2013.01.15 17:22:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 16:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.24 16:02:02 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 16:02:02 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 15:14:46 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | M] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.24 14:14:37 | 000,636,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.24 14:14:37 | 000,594,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.24 14:14:37 | 000,128,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.24 14:14:37 | 000,106,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.24 14:13:49 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 14:08:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.17 18:07:13 | 480,098,425 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.17 16:09:39 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.16 19:18:59 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.16 19:18:47 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 19:10:00 | 000,399,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 18:01:50 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013.01.09 18:01:49 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.24 15:14:46 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | C] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 17:21:34 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013.01.15 17:21:34 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013.01.15 17:21:34 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013.01.11 15:03:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.01.11 15:03:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.01.11 15:03:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.11.14 19:40:44 | 000,093,184 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2012.11.14 19:40:42 | 000,067,584 | ---- | C] () -- C:\Windows\System32\MUILbnguageCleanup.exe
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.04.02 15:58:18 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012.01.13 20:39:22 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2009.10.14 13:13:49 | 000,005,632 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.14 16:27:33 | 000,002,032 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.09.05 16:15:12 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Atari
[2012.02.10 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Babylon
[2012.10.17 12:40:34 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Broad Intelligence
[2012.01.13 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DesktopIconForAmazon
[2009.01.03 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Leadertech
[2008.09.14 19:56:30 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\MAGIX
[2012.01.13 19:48:07 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\OCS
[2012.01.13 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Opera
[2012.01.14 19:19:41 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Pokemon Online
[2012.04.27 18:59:36 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\PunkBuster
[2011.12.22 16:09:51 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Software4u
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

die EXTRAS.txt datei wurde aus irgendeinem grund nicht generiert, sry.

gmer scan:

Code:

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-24 16:47:51
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502IJ rev.1AA01113 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\root\AppData\Local\Temp\kwddqpoc.sys


---- System - GMER 2.0 ----

SSDT                                                                      \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys                                            ZwCreateSection [0xA1ACF700]

---- Kernel code sections - GMER 2.0 ----

.text                                                                     ntoskrnl.exe!KeInsertQueue + 405                                                                              8307F9CC 4 Bytes  [00, F7, AC, A1]
.sfrelocÿÿÿÿsfsync04unknown last section [0x83ACA000, 0xBC6, 0x40000040]  C:\Windows\System32\drivers\sfsync04.sys                                                                      unknown last section [0x83ACA000, 0xBC6, 0x40000040]
.reloc                                                                    C:\Windows\system32\drivers\acedrv11.sys                                                                      section is executable [0xA192F480, 0x306DD, 0xE0000060]

---- User code sections - GMER 2.0 ----

?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[780] C:\Windows\system32\ntdll.dll         time/date stamp mismatch; 
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[780] ntdll.dll!NtProtectVirtualMemory      76FB85D8 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[780] C:\Windows\system32\kernel32.dll      time/date stamp mismatch; unknown module: wmdrmsdk.dll
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[780] user32.dll!GetAppCompatFlags2 + 880   76E76390 4 Bytes  [4D, 27, 8B, 69]
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3332] C:\Windows\system32\ntdll.dll        time/date stamp mismatch; 
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3332] ntdll.dll!NtProtectVirtualMemory     76FB85D8 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3332] C:\Windows\system32\kernel32.dll     time/date stamp mismatch; unknown module: wmdrmsdk.dll
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3332] user32.dll!GetAppCompatFlags2 + 880  76E76390 4 Bytes  [4D, 27, 8B, 69]

---- EOF - GMER 2.0 ----

bitte helft mir. hab gehört der virus soll echt gefährlich sein

cosinus · 24.01.2013, 17:20

Hallo und

Zitat:

Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)

Warum bitte eine Professional (Business) Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

friedrich23 · 24.01.2013, 17:27

nein das ist mein privater PC.

cosinus · 24.01.2013, 21:17

Und warum ist dann da eine Business Edition drauf von Vista?

friedrich23 · 25.01.2013, 14:56

es geht doch jetzt nicht darum, warum ich welche version benutze, sondern darum wie ich spyhunter 4 wieder entferne.
unter C/programme/enigma software group ist der ordner gespeichert.
reicht es nicht den einfach zu löschen?

cosinus · 25.01.2013, 15:48

Natürlich geht es darum!
Eine Business Edition hat man für den Privatgebrauch selten, macht da fast nie einen Sinn! Also wird man hier wohl fast mit gewerblichen Einsatz dieses Rechners rechnen können und deswegen frag ich nach warum du diese Edition drauf hast!

Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

friedrich23 · 25.01.2013, 18:50

wie schon gesagt ist das mein privater PC.
vista business habe ich mal geschenkt gekriegt und sah bisher keinen grund mir ein neues betriebssystem zu holen, da es problemlos läuft. warum sollte es denn für den privatgebrauch keinen sinn machen?

und wenn ich versuch spyhunter 4 zu löschen wird mir gesagt das ich dafür berechtigungen brauche. so einfach geht es wohl nicht.
wie kann ich das löschen?

bitte helft mir!

cosinus · 26.01.2013, 19:19

Warum erklärst du das nicht gleich anstatt dich gegen irgendwelche Fragen zu wehren?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

friedrich23 · 27.01.2013, 12:50

Nein, ich habe alles bereits gepostet

cosinus · 27.01.2013, 14:06

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

friedrich23 · 27.01.2013, 17:45

vielen dank erstmal, hat alles geklappt soweit, logfile erstellt:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.27.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
root :: COMPUTER [administrator]

27.01.2013 17:28:38
mbar-log-2013-01-27 (17-28-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30195
Time elapsed: 11 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} (PUP.Funmoods) -> Delete on reboot.

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs (PUP.FunMoods) -> Data: hxxp://searchfunmoods.com/?f=2&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

beim zweiten scan hat er nichts gefunden.

cosinus · 28.01.2013, 11:50

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

friedrich23 · 28.01.2013, 14:39

aswMBR log:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-28 14:00:19
-----------------------------
14:00:19.917    OS Version: Windows 6.0.6001 Service Pack 1
14:00:19.917    Number of processors: 2 586 0xF0D
14:00:19.917    ComputerName: COMPUTER  UserName: root
14:00:51.107    Initialize success
14:18:31.437    AVAST engine defs: 13012800
14:20:37.958    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
14:20:37.966    Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
14:20:37.974    Disk 0 MBR read successfully
14:20:37.981    Disk 0 MBR scan
14:20:37.989    Disk 0 Windows 7 default MBR code
14:20:38.015    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       100000 MB offset 2048
14:20:38.038    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       250000 MB offset 204802048
14:20:38.063    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       126937 MB offset 716802048
14:20:38.071    Disk 0 scanning sectors +976769024
14:20:38.136    Disk 0 scanning C:\Windows\system32\drivers
14:20:50.608    Service scanning
14:21:08.124    Service snmpurap C:\Windows\system32\MUILbnguageCleanup.exe **INFECTED** Win32:Agent-AQRH [Trj]
14:21:14.909    Modules scanning
14:21:20.173    Disk 0 trace - called modules:
14:21:20.196    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync04.sys sfsync02.sys ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
14:21:20.204    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863cc330]
14:21:20.212    3 CLASSPNP.SYS[8bc7f745] -> nt!IofCallDriver -> [0x86181020]
14:21:20.220    5 acpi.sys[83a3d6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8619bba0]
14:21:20.227    \Driver\atapi[0x861848d0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync04.sys[0x83ac3a7c]
14:21:20.751    AVAST engine scan C:\Windows
14:21:23.106    AVAST engine scan C:\Windows\system32
14:22:32.110    File: C:\Windows\system32\MUILbnguageCleanup.exe  **INFECTED** Win32:Agent-AQRH [Trj]
14:24:22.360    AVAST engine scan C:\Windows\system32\drivers
14:24:35.268    AVAST engine scan C:\Users\root
14:26:40.565    AVAST engine scan C:\ProgramData
14:35:00.857    Scan finished successfully
14:39:08.154    Disk 0 MBR has been saved successfully to "C:\Users\friedrich\Desktop\MBR.dat"
14:39:08.162    The log file has been saved successfully to "C:\Users\friedrich\Desktop\aswMBR.txt"

Code:

ATTFilter

14:42:36.0357 5832  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:42:36.0769 5832  ============================================================
14:42:36.0769 5832  Current date / time: 2013/01/28 14:42:36.0769
14:42:36.0769 5832  SystemInfo:
14:42:36.0769 5832  
14:42:36.0769 5832  OS Version: 6.0.6001 ServicePack: 1.0
14:42:36.0769 5832  Product type: Workstation
14:42:36.0769 5832  ComputerName: COMPUTER
14:42:36.0769 5832  UserName: root
14:42:36.0769 5832  Windows directory: C:\Windows
14:42:36.0769 5832  System windows directory: C:\Windows
14:42:36.0769 5832  Processor architecture: Intel x86
14:42:36.0769 5832  Number of processors: 2
14:42:36.0769 5832  Page size: 0x1000
14:42:36.0769 5832  Boot type: Normal boot
14:42:36.0769 5832  ============================================================
14:42:37.0765 5832  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:42:37.0788 5832  ============================================================
14:42:37.0788 5832  \Device\Harddisk0\DR0:
14:42:37.0788 5832  MBR partitions:
14:42:37.0788 5832  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
14:42:37.0788 5832  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x1E848000
14:42:37.0788 5832  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AB98800, BlocksNum 0xF7EC800
14:42:37.0788 5832  ============================================================
14:42:37.0827 5832  C: <-> \Device\Harddisk0\DR0\Partition1
14:42:37.0868 5832  D: <-> \Device\Harddisk0\DR0\Partition2
14:42:37.0907 5832  E: <-> \Device\Harddisk0\DR0\Partition3
14:42:37.0907 5832  ============================================================
14:42:37.0907 5832  Initialize success
14:42:37.0907 5832  ============================================================
14:43:19.0331 5448  ============================================================
14:43:19.0331 5448  Scan started
14:43:19.0331 5448  Mode: Manual; SigCheck; TDLFS; 
14:43:19.0331 5448  ============================================================
14:43:19.0857 5448  ================ Scan system memory ========================
14:43:19.0857 5448  System memory - ok
14:43:19.0857 5448  ================ Scan services =============================
14:43:20.0017 5448  [ 66DC3740111238C91B875D8A0021834D ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
14:43:20.0235 5448  acedrv11 - ok
14:43:20.0259 5448  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:43:20.0274 5448  ACPI - ok
14:43:20.0306 5448  [ F35B5D0CC142B87E687FC504BAA69D82 ] ActionReplayDS  C:\Windows\system32\Drivers\ActionReplayDS.sys
14:43:20.0339 5448  ActionReplayDS - ok
14:43:20.0370 5448  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:43:20.0403 5448  adp94xx - ok
14:43:20.0419 5448  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:43:20.0441 5448  adpahci - ok
14:43:20.0476 5448  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:43:20.0483 5448  adpu160m - ok
14:43:20.0507 5448  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:43:20.0513 5448  adpu320 - ok
14:43:20.0552 5448  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:43:20.0605 5448  AeLookupSvc - ok
14:43:20.0636 5448  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
14:43:20.0685 5448  AFD - ok
14:43:20.0700 5448  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
14:43:20.0716 5448  agp440 - ok
14:43:20.0739 5448  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:43:20.0747 5448  aic78xx - ok
14:43:20.0851 5448  [ 17EB1CA007F0E3C6A1CBB205AB93E193 ] ALCXWDM         C:\Windows\system32\drivers\ALCXWDM.SYS
14:43:21.0062 5448  ALCXWDM - ok
14:43:21.0095 5448  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
14:43:21.0151 5448  ALG - ok
14:43:21.0175 5448  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:43:21.0191 5448  aliide - ok
14:43:21.0212 5448  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:43:21.0220 5448  amdagp - ok
14:43:21.0243 5448  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
14:43:21.0251 5448  amdide - ok
14:43:21.0259 5448  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
14:43:21.0323 5448  AmdK7 - ok
14:43:21.0339 5448  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:43:21.0419 5448  AmdK8 - ok
14:43:21.0452 5448  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
14:43:21.0483 5448  Appinfo - ok
14:43:21.0589 5448  [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:43:21.0597 5448  Apple Mobile Device - ok
14:43:21.0605 5448  [ C56DED3FE618C8BAE1AAAF4E801CCB3E ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:43:21.0646 5448  AppMgmt - ok
14:43:21.0653 5448  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
14:43:21.0669 5448  arc - ok
14:43:21.0700 5448  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:43:21.0718 5448  arcsas - ok
14:43:21.0741 5448  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:21.0790 5448  AsyncMac - ok
14:43:21.0829 5448  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:43:21.0837 5448  atapi - ok
14:43:21.0870 5448  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:43:21.0925 5448  AudioEndpointBuilder - ok
14:43:21.0941 5448  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:43:21.0997 5448  Audiosrv - ok
14:43:22.0036 5448  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:43:22.0093 5448  Beep - ok
14:43:22.0124 5448  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
14:43:22.0196 5448  BFE - ok
14:43:22.0237 5448  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
14:43:22.0310 5448  BITS - ok
14:43:22.0314 5448  blbdrive - ok
14:43:22.0364 5448  [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:43:22.0388 5448  Bonjour Service - ok
14:43:22.0419 5448  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:43:22.0454 5448  bowser - ok
14:43:22.0495 5448  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:43:22.0526 5448  BrFiltLo - ok
14:43:22.0552 5448  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:43:22.0632 5448  BrFiltUp - ok
14:43:22.0671 5448  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
14:43:22.0728 5448  Browser - ok
14:43:22.0860 5448  [ 07B19ACAE32C01D545E253FDE99600DC ] Browser Manager C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
14:43:22.0995 5448  Browser Manager - ok
14:43:23.0021 5448  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:43:23.0099 5448  Brserid - ok
14:43:23.0116 5448  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:43:23.0220 5448  BrSerWdm - ok
14:43:23.0255 5448  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:43:23.0343 5448  BrUsbMdm - ok
14:43:23.0358 5448  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:43:23.0431 5448  BrUsbSer - ok
14:43:23.0458 5448  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:43:23.0523 5448  BTHMODEM - ok
14:43:23.0554 5448  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:43:23.0595 5448  cdfs - ok
14:43:23.0626 5448  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:43:23.0649 5448  cdrom - ok
14:43:23.0683 5448  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
14:43:23.0714 5448  CertPropSvc - ok
14:43:23.0730 5448  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:43:23.0812 5448  circlass - ok
14:43:23.0876 5448  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
14:43:23.0892 5448  CLFS - ok
14:43:23.0958 5448  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:43:23.0974 5448  clr_optimization_v2.0.50727_32 - ok
14:43:23.0991 5448  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:43:23.0999 5448  cmdide - ok
14:43:24.0007 5448  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:43:24.0023 5448  Compbatt - ok
14:43:24.0030 5448  COMSysApp - ok
14:43:24.0056 5448  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:43:24.0064 5448  crcdisk - ok
14:43:24.0095 5448  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:43:24.0175 5448  Crusoe - ok
14:43:24.0198 5448  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:43:24.0245 5448  CryptSvc - ok
14:43:24.0276 5448  [ 9A5434125C3DFE42393DE4BBB791BD19 ] CSC             C:\Windows\system32\drivers\csc.sys
14:43:24.0333 5448  CSC - ok
14:43:24.0366 5448  [ CB1D480676229A09EEF1DD4D23C5EDF3 ] CscService      C:\Windows\System32\cscsvc.dll
14:43:24.0413 5448  CscService - ok
14:43:24.0452 5448  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:43:24.0493 5448  DcomLaunch - ok
14:43:24.0542 5448  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:43:24.0573 5448  DfsC - ok
14:43:24.0644 5448  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
14:43:24.0739 5448  DFSR - ok
14:43:24.0780 5448  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:43:24.0827 5448  Dhcp - ok
14:43:24.0847 5448  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
14:43:24.0862 5448  disk - ok
14:43:24.0884 5448  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:43:24.0923 5448  Dnscache - ok
14:43:24.0964 5448  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:43:25.0011 5448  dot3svc - ok
14:43:25.0015 5448  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
14:43:25.0077 5448  DPS - ok
14:43:25.0118 5448  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:43:25.0149 5448  drmkaud - ok
14:43:25.0189 5448  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:43:25.0230 5448  DXGKrnl - ok
14:43:25.0276 5448  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:43:25.0349 5448  E1G60 - ok
14:43:25.0390 5448  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
14:43:25.0421 5448  EapHost - ok
14:43:25.0437 5448  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:43:25.0444 5448  Ecache - ok
14:43:25.0468 5448  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:43:25.0483 5448  elxstor - ok
14:43:25.0526 5448  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:43:25.0577 5448  EMDMgmt - ok
14:43:25.0616 5448  esgiguard - ok
14:43:25.0655 5448  [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner      C:\Windows\system32\DRIVERS\EsgScanner.sys
14:43:25.0671 5448  EsgScanner - ok
14:43:25.0702 5448  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
14:43:25.0728 5448  EventSystem - ok
14:43:25.0753 5448  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
14:43:25.0792 5448  exfat - ok
14:43:25.0831 5448  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:43:25.0903 5448  fastfat - ok
14:43:25.0952 5448  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
14:43:25.0993 5448  Fax - ok
14:43:26.0036 5448  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:43:26.0073 5448  fdc - ok
14:43:26.0097 5448  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:43:26.0138 5448  fdPHost - ok
14:43:26.0153 5448  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:43:26.0249 5448  FDResPub - ok
14:43:26.0273 5448  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:43:26.0280 5448  FileInfo - ok
14:43:26.0306 5448  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:43:26.0360 5448  Filetrace - ok
14:43:26.0392 5448  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:43:26.0433 5448  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:43:26.0433 5448  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:43:26.0472 5448  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:26.0526 5448  flpydisk - ok
14:43:26.0534 5448  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:43:26.0567 5448  FltMgr - ok
14:43:26.0632 5448  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:43:26.0648 5448  FontCache3.0.0.0 - ok
14:43:26.0665 5448  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:43:26.0720 5448  Fs_Rec - ok
14:43:26.0749 5448  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:43:26.0757 5448  gagp30kx - ok
14:43:26.0780 5448  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:43:26.0796 5448  GEARAspiWDM - ok
14:43:26.0827 5448  [ 33E1E2395700C629714E63C119B86FBB ] GFilterSvc      C:\Windows\System32\GFilterSvc.exe
14:43:26.0843 5448  GFilterSvc ( UnsignedFile.Multi.Generic ) - warning
14:43:26.0843 5448  GFilterSvc - detected UnsignedFile.Multi.Generic (1)
14:43:26.0849 5448  GMSIPCI - ok
14:43:26.0884 5448  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
14:43:26.0980 5448  gpsvc - ok
14:43:27.0036 5448  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:43:27.0052 5448  gupdate - ok
14:43:27.0052 5448  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:43:27.0067 5448  gupdatem - ok
14:43:27.0099 5448  [ D764549E7BD95EEB15C6BCF42880A262 ] hcmon           C:\Windows\system32\Drivers\hcmon.sys
14:43:27.0107 5448  hcmon - ok
14:43:27.0138 5448  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:43:27.0220 5448  HdAudAddService - ok
14:43:27.0251 5448  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:43:27.0292 5448  HDAudBus - ok
14:43:27.0300 5448  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:43:27.0364 5448  HidBth - ok
14:43:27.0380 5448  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:43:27.0437 5448  HidIr - ok
14:43:27.0468 5448  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
14:43:27.0521 5448  hidserv - ok
14:43:27.0544 5448  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:43:27.0585 5448  HidUsb - ok
14:43:27.0608 5448  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:43:27.0665 5448  hkmsvc - ok
14:43:27.0681 5448  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:43:27.0692 5448  HpCISSs - ok
14:43:27.0739 5448  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:43:27.0780 5448  HTTP - ok
14:43:27.0796 5448  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:43:27.0804 5448  i2omp - ok
14:43:27.0837 5448  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:43:27.0876 5448  i8042prt - ok
14:43:27.0899 5448  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:43:27.0915 5448  iaStorV - ok
14:43:27.0972 5448  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:43:27.0987 5448  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:43:27.0987 5448  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:43:28.0052 5448  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:43:28.0099 5448  idsvc - ok
14:43:28.0155 5448  [ 074C20F1BD3170CE34FF02C1E2424805 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:43:28.0253 5448  igfx - ok
14:43:28.0276 5448  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:43:28.0284 5448  iirsp - ok
14:43:28.0317 5448  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
14:43:28.0370 5448  IKEEXT - ok
14:43:28.0466 5448  [ 2F8EAE7D84ED905FFD19ED93BDAAFE51 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:43:28.0585 5448  IntcAzAudAddService - ok
14:43:28.0634 5448  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:43:28.0649 5448  intelide - ok
14:43:28.0665 5448  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:43:28.0722 5448  intelppm - ok
14:43:28.0753 5448  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:43:28.0817 5448  IPBusEnum - ok
14:43:28.0841 5448  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:28.0884 5448  IpFilterDriver - ok
14:43:28.0907 5448  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:43:28.0933 5448  iphlpsvc - ok
14:43:28.0933 5448  IpInIp - ok
14:43:28.0972 5448  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:43:29.0052 5448  IPMIDRV - ok
14:43:29.0101 5448  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:43:29.0157 5448  IPNAT - ok
14:43:29.0196 5448  [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:43:29.0265 5448  iPod Service - ok
14:43:29.0323 5448  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:43:29.0394 5448  IRENUM - ok
14:43:29.0427 5448  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:43:29.0442 5448  isapnp - ok
14:43:29.0466 5448  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:43:29.0482 5448  iScsiPrt - ok
14:43:29.0489 5448  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:43:29.0507 5448  iteatapi - ok
14:43:29.0517 5448  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:43:29.0538 5448  iteraid - ok
14:43:29.0562 5448  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:29.0577 5448  kbdclass - ok
14:43:29.0593 5448  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:29.0626 5448  kbdhid - ok
14:43:29.0649 5448  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
14:43:29.0683 5448  KeyIso - ok
14:43:29.0706 5448  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:43:29.0761 5448  KSecDD - ok
14:43:29.0833 5448  [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS             C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
14:43:29.0851 5448  KSS - ok
14:43:29.0911 5448  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:43:30.0005 5448  KtmRm - ok
14:43:30.0040 5448  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:43:30.0079 5448  LanmanServer - ok
14:43:30.0114 5448  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:43:30.0153 5448  LanmanWorkstation - ok
14:43:30.0185 5448  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:43:30.0235 5448  lltdio - ok
14:43:30.0286 5448  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:43:30.0355 5448  lltdsvc - ok
14:43:30.0382 5448  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:43:30.0468 5448  lmhosts - ok
14:43:30.0499 5448  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:43:30.0507 5448  LSI_FC - ok
14:43:30.0519 5448  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:43:30.0542 5448  LSI_SAS - ok
14:43:30.0566 5448  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:43:30.0573 5448  LSI_SCSI - ok
14:43:30.0608 5448  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
14:43:30.0640 5448  luafv - ok
14:43:30.0681 5448  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:43:30.0689 5448  MBAMProtector - ok
14:43:30.0728 5448  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:43:30.0759 5448  MBAMScheduler - ok
14:43:30.0784 5448  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:43:30.0817 5448  MBAMService - ok
14:43:30.0882 5448  [ B6C7DCB1E8B8DA4AC3949D90CF123926 ] McAfee ScanAndRepair Svc C:\Program Files\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe
14:43:30.0929 5448  McAfee ScanAndRepair Svc - ok
14:43:30.0993 5448  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
14:43:31.0009 5448  McComponentHostService - ok
14:43:31.0066 5448  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:43:31.0087 5448  MDM - ok
14:43:31.0116 5448  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
14:43:31.0130 5448  megasas - ok
14:43:31.0167 5448  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
14:43:31.0208 5448  MMCSS - ok
14:43:31.0224 5448  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
14:43:31.0286 5448  Modem - ok
14:43:31.0314 5448  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:43:31.0366 5448  monitor - ok
14:43:31.0394 5448  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:43:31.0407 5448  mouclass - ok
14:43:31.0468 5448  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:43:31.0515 5448  mouhid - ok
14:43:31.0538 5448  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:43:31.0550 5448  MountMgr - ok
14:43:31.0587 5448  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:43:31.0599 5448  MozillaMaintenance - ok
14:43:31.0614 5448  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:43:31.0630 5448  mpio - ok
14:43:31.0671 5448  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:43:31.0726 5448  mpsdrv - ok
14:43:31.0741 5448  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:43:31.0800 5448  MpsSvc - ok
14:43:31.0823 5448  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:43:31.0839 5448  Mraid35x - ok
14:43:31.0870 5448  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:43:31.0894 5448  MRxDAV - ok
14:43:31.0933 5448  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:31.0950 5448  mrxsmb - ok
14:43:31.0972 5448  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:32.0001 5448  mrxsmb10 - ok
14:43:32.0003 5448  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:32.0042 5448  mrxsmb20 - ok
14:43:32.0065 5448  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:43:32.0073 5448  msahci - ok
14:43:32.0099 5448  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:43:32.0114 5448  msdsm - ok
14:43:32.0130 5448  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
14:43:32.0181 5448  MSDTC - ok
14:43:32.0196 5448  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:43:32.0237 5448  Msfs - ok
14:43:32.0253 5448  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:43:32.0261 5448  msisadrv - ok
14:43:32.0286 5448  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:43:32.0325 5448  MSiSCSI - ok
14:43:32.0333 5448  msiserver - ok
14:43:32.0358 5448  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:43:32.0390 5448  MSKSSRV - ok
14:43:32.0407 5448  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:32.0431 5448  MSPCLOCK - ok
14:43:32.0446 5448  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:43:32.0489 5448  MSPQM - ok
14:43:32.0497 5448  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:43:32.0513 5448  MsRPC - ok
14:43:32.0556 5448  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:43:32.0564 5448  mssmbios - ok
14:43:32.0587 5448  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:43:32.0628 5448  MSTEE - ok
14:43:32.0644 5448  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
14:43:32.0651 5448  Mup - ok
14:43:32.0675 5448  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
14:43:32.0730 5448  napagent - ok
14:43:32.0761 5448  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:43:32.0784 5448  NativeWifiP - ok
14:43:32.0823 5448  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:43:32.0858 5448  NDIS - ok
14:43:32.0888 5448  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:32.0954 5448  NdisTapi - ok
14:43:32.0982 5448  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:33.0038 5448  Ndisuio - ok
14:43:33.0064 5448  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:33.0099 5448  NdisWan - ok
14:43:33.0128 5448  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:43:33.0181 5448  NDProxy - ok
14:43:33.0196 5448  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:43:33.0245 5448  NetBIOS - ok
14:43:33.0304 5448  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:43:33.0353 5448  netbt - ok
14:43:33.0368 5448  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
14:43:33.0392 5448  Netlogon - ok
14:43:33.0409 5448  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:43:33.0468 5448  Netman - ok
14:43:33.0515 5448  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:43:33.0560 5448  netprofm - ok
14:43:33.0597 5448  [ 757F999AA72B55780EE810D4CD1BDD47 ] netr73          C:\Windows\system32\DRIVERS\WUSB54GCx86.sys
14:43:33.0630 5448  netr73 - ok
14:43:33.0681 5448  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:43:33.0689 5448  NetTcpPortSharing - ok
14:43:33.0728 5448  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:43:33.0745 5448  nfrd960 - ok
14:43:33.0776 5448  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:43:33.0833 5448  NlaSvc - ok
14:43:33.0872 5448  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:43:33.0911 5448  Npfs - ok
14:43:33.0935 5448  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
14:43:33.0997 5448  nsi - ok
14:43:34.0021 5448  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:43:34.0067 5448  nsiproxy - ok
14:43:34.0075 5448  NTACCESS - ok
14:43:34.0132 5448  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:43:34.0189 5448  Ntfs - ok
14:43:34.0204 5448  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
14:43:34.0314 5448  ntrigdigi - ok
14:43:34.0376 5448  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
14:43:34.0394 5448  NuidFltr - ok
14:43:34.0440 5448  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:43:34.0472 5448  Null - ok
14:43:34.0730 5448  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:43:35.0251 5448  nvlddmkm - ok
14:43:35.0288 5448  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:43:35.0312 5448  nvraid - ok
14:43:35.0337 5448  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:43:35.0355 5448  nvstor - ok
14:43:35.0403 5448  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:43:35.0450 5448  nvsvc - ok
14:43:35.0523 5448  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:43:35.0583 5448  nvUpdatusService - ok
14:43:35.0624 5448  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:43:35.0640 5448  nv_agp - ok
14:43:35.0648 5448  NwlnkFlt - ok
14:43:35.0655 5448  NwlnkFwd - ok
14:43:35.0690 5448  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:43:35.0763 5448  ohci1394 - ok
14:43:35.0786 5448  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:43:35.0794 5448  ose - ok
14:43:35.0835 5448  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:43:35.0876 5448  p2pimsvc - ok
14:43:35.0892 5448  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:43:35.0935 5448  p2psvc - ok
14:43:35.0966 5448  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:43:36.0015 5448  Parport - ok
14:43:36.0056 5448  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:43:36.0064 5448  partmgr - ok
14:43:36.0079 5448  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:43:36.0136 5448  Parvdm - ok
14:43:36.0169 5448  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:43:36.0200 5448  PcaSvc - ok
14:43:36.0208 5448  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
14:43:36.0224 5448  pci - ok
14:43:36.0245 5448  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:43:36.0261 5448  pciide - ok
14:43:36.0276 5448  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:43:36.0292 5448  pcmcia - ok
14:43:36.0323 5448  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:43:36.0429 5448  PEAUTH - ok
14:43:36.0513 5448  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
14:43:36.0616 5448  pla - ok
14:43:36.0649 5448  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:43:36.0696 5448  PlugPlay - ok
14:43:36.0782 5448  [ 1713D9DE407313138118D501B0E3C05B ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
14:43:36.0790 5448  PnkBstrA - ok
14:43:36.0814 5448  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:43:36.0862 5448  PNRPAutoReg - ok
14:43:36.0878 5448  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:43:36.0917 5448  PNRPsvc - ok
14:43:36.0944 5448  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:43:36.0991 5448  PolicyAgent - ok
14:43:37.0019 5448  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:43:37.0065 5448  PptpMiniport - ok
14:43:37.0091 5448  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
14:43:37.0173 5448  Processor - ok
14:43:37.0189 5448  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:43:37.0253 5448  ProfSvc - ok
14:43:37.0278 5448  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:43:37.0310 5448  ProtectedStorage - ok
14:43:37.0335 5448  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:43:37.0366 5448  PSched - ok
14:43:37.0415 5448  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:43:37.0462 5448  ql2300 - ok
14:43:37.0480 5448  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:43:37.0495 5448  ql40xx - ok
14:43:37.0528 5448  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
14:43:37.0552 5448  QWAVE - ok
14:43:37.0581 5448  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:43:37.0603 5448  QWAVEdrv - ok
14:43:37.0634 5448  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:43:37.0673 5448  RasAcd - ok
14:43:37.0702 5448  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
14:43:37.0749 5448  RasAuto - ok
14:43:37.0790 5448  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:37.0829 5448  Rasl2tp - ok
14:43:37.0860 5448  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
14:43:37.0907 5448  RasMan - ok
14:43:37.0923 5448  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:37.0964 5448  RasPppoe - ok
14:43:37.0987 5448  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:43:38.0019 5448  RasSstp - ok
14:43:38.0038 5448  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:43:38.0085 5448  rdbss - ok
14:43:38.0112 5448  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:38.0146 5448  RDPCDD - ok
14:43:38.0161 5448  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
14:43:38.0208 5448  rdpdr - ok
14:43:38.0224 5448  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:43:38.0249 5448  RDPENCDD - ok
14:43:38.0288 5448  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:43:38.0329 5448  RDPWD - ok
14:43:38.0360 5448  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:43:38.0401 5448  RemoteAccess - ok
14:43:38.0425 5448  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:43:38.0474 5448  RemoteRegistry - ok
14:43:38.0505 5448  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:43:38.0538 5448  RpcLocator - ok
14:43:38.0562 5448  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
14:43:38.0595 5448  RpcSs - ok
14:43:38.0642 5448  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:43:38.0698 5448  rspndr - ok
14:43:38.0722 5448  [ 7436BFD3A542CF6FF55097200031B293 ] RT73            C:\Windows\system32\DRIVERS\rt73.sys
14:43:38.0737 5448  RT73 - ok
14:43:38.0753 5448  [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
14:43:38.0841 5448  RTL8169 - ok
14:43:38.0876 5448  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
14:43:38.0899 5448  SamSs - ok
14:43:38.0931 5448  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:43:38.0939 5448  sbp2port - ok
14:43:38.0956 5448  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:43:39.0011 5448  SCardSvr - ok
14:43:39.0060 5448  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
14:43:39.0132 5448  Schedule - ok
14:43:39.0148 5448  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:43:39.0173 5448  SCPolicySvc - ok
14:43:39.0196 5448  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:43:39.0212 5448  SDRSVC - ok
14:43:39.0288 5448  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
14:43:39.0304 5448  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
14:43:39.0304 5448  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
14:43:39.0319 5448  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:43:39.0378 5448  secdrv - ok
14:43:39.0419 5448  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:43:39.0450 5448  seclogon - ok
14:43:39.0462 5448  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
14:43:39.0515 5448  SENS - ok
14:43:39.0540 5448  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:43:39.0606 5448  Serenum - ok
14:43:39.0640 5448  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:43:39.0698 5448  Serial - ok
14:43:39.0722 5448  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:43:39.0769 5448  sermouse - ok
14:43:39.0817 5448  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:43:39.0870 5448  SessionEnv - ok
14:43:39.0878 5448  SetupNTGLM7X - ok
14:43:39.0901 5448  [ B7018644E132A8DFB12ED90106E06739 ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
14:43:39.0921 5448  sfdrv01 - ok
14:43:39.0935 5448  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:43:40.0064 5448  sffdisk - ok
14:43:40.0079 5448  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:43:40.0138 5448  sffp_mmc - ok
14:43:40.0149 5448  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:43:40.0267 5448  sffp_sd - ok
14:43:40.0312 5448  [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
14:43:40.0325 5448  sfhlp02 - ok
14:43:40.0349 5448  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:43:40.0427 5448  sfloppy - ok
14:43:40.0442 5448  [ 6DC03269F4C71E4AB313C3597F42A340 ] sfsync02        C:\Windows\system32\drivers\sfsync02.sys
14:43:40.0450 5448  sfsync02 - ok
14:43:40.0468 5448  [ 05E3038180CD846B0BCA0E915163606A ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
14:43:40.0483 5448  sfsync04 ( UnsignedFile.Multi.Generic ) - warning
14:43:40.0483 5448  sfsync04 - detected UnsignedFile.Multi.Generic (1)
14:43:40.0491 5448  [ 197CEF62EB4BC043E1578529FA2B9A48 ] sfvfs02         C:\Windows\system32\drivers\sfvfs02.sys
14:43:40.0499 5448  sfvfs02 - ok
14:43:40.0540 5448  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:43:40.0571 5448  SharedAccess - ok
14:43:40.0597 5448  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:43:40.0628 5448  ShellHWDetection - ok
14:43:40.0644 5448  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:43:40.0651 5448  sisagp - ok
14:43:40.0667 5448  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:43:40.0675 5448  SiSRaid2 - ok
14:43:40.0690 5448  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:43:40.0698 5448  SiSRaid4 - ok
14:43:40.0849 5448  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:43:41.0011 5448  Skype C2C Service - ok
14:43:41.0052 5448  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:43:41.0060 5448  SkypeUpdate - ok
14:43:41.0173 5448  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
14:43:41.0384 5448  slsvc - ok
14:43:41.0476 5448  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:43:41.0534 5448  SLUINotify - ok
14:43:41.0550 5448  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:43:41.0614 5448  Smb - ok
14:43:41.0659 5448  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:43:41.0690 5448  SNMPTRAP - ok
14:43:41.0739 5448  [ A1471CD55DC1EEBCE233894352D20BF1 ] snmpurap        C:\Windows\system32\MUILbnguageCleanup.exe
14:43:41.0771 5448  snmpurap ( UnsignedFile.Multi.Generic ) - warning
14:43:41.0771 5448  snmpurap - detected UnsignedFile.Multi.Generic (1)
14:43:41.0794 5448  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
14:43:41.0808 5448  spldr - ok
14:43:41.0849 5448  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
14:43:41.0888 5448  Spooler - ok
14:43:41.0991 5448  [ B7A8148CA23C6A55712002ED317A75D9 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
14:43:42.0065 5448  SpyHunter 4 Service - ok
14:43:42.0110 5448  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:43:42.0181 5448  srv - ok
14:43:42.0224 5448  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:43:42.0259 5448  srv2 - ok
14:43:42.0274 5448  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:43:42.0292 5448  srvnet - ok
14:43:42.0323 5448  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:43:42.0380 5448  SSDPSRV - ok
14:43:42.0413 5448  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:43:42.0452 5448  SstpSvc - ok
14:43:42.0480 5448  Steam Client Service - ok
14:43:42.0532 5448  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:43:42.0577 5448  Stereo Service - ok
14:43:42.0608 5448  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
14:43:42.0677 5448  stisvc - ok
14:43:42.0720 5448  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:43:42.0745 5448  swenum - ok
14:43:42.0802 5448  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
14:43:42.0851 5448  swprv - ok
14:43:42.0868 5448  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:43:42.0886 5448  Symc8xx - ok
14:43:42.0903 5448  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:43:42.0913 5448  Sym_hi - ok
14:43:42.0950 5448  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:43:42.0958 5448  Sym_u3 - ok
14:43:43.0007 5448  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
14:43:43.0062 5448  SysMain - ok
14:43:43.0103 5448  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:43:43.0134 5448  TabletInputService - ok
14:43:43.0142 5448  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:43:43.0181 5448  TapiSrv - ok
14:43:43.0212 5448  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
14:43:43.0243 5448  TBS - ok
14:43:43.0319 5448  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:43:43.0368 5448  Tcpip - ok
14:43:43.0394 5448  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:43:43.0433 5448  Tcpip6 - ok
14:43:43.0456 5448  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:43:43.0497 5448  tcpipreg - ok
14:43:43.0530 5448  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:43:43.0562 5448  TDPIPE - ok
14:43:43.0585 5448  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:43:43.0634 5448  TDTCP - ok
14:43:43.0655 5448  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:43:43.0718 5448  tdx - ok
14:43:43.0741 5448  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:43:43.0800 5448  TermDD - ok
14:43:43.0839 5448  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
14:43:43.0923 5448  TermService - ok
14:43:43.0958 5448  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
14:43:43.0983 5448  Themes - ok
14:43:43.0999 5448  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:43:44.0040 5448  THREADORDER - ok
14:43:44.0077 5448  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:43:44.0132 5448  TrkWks - ok
14:43:44.0167 5448  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:43:44.0233 5448  TrustedInstaller - ok
14:43:44.0249 5448  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:44.0298 5448  tssecsrv - ok
14:43:44.0321 5448  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:43:44.0353 5448  tunmp - ok
14:43:44.0376 5448  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:43:44.0392 5448  tunnel - ok
14:43:44.0409 5448  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:43:44.0435 5448  uagp35 - ok
14:43:44.0485 5448  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:43:44.0546 5448  udfs - ok
14:43:44.0605 5448  [ 600B573258AC4C868590936804EFE034 ] ufad-ws60       C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
14:43:44.0620 5448  ufad-ws60 - ok
14:43:44.0649 5448  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:43:44.0708 5448  UI0Detect - ok
14:43:44.0724 5448  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:43:44.0739 5448  uliagpkx - ok
14:43:44.0765 5448  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:43:44.0776 5448  uliahci - ok
14:43:44.0802 5448  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:43:44.0812 5448  UlSata - ok
14:43:44.0823 5448  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:43:44.0837 5448  ulsata2 - ok
14:43:44.0855 5448  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:43:44.0899 5448  umbus - ok
14:43:44.0931 5448  [ 909795B5B15047D9331F3D6B276B3993 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:43:44.0956 5448  UmRdpService - ok
14:43:44.0997 5448  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:43:45.0044 5448  upnphost - ok
14:43:45.0087 5448  [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:43:45.0126 5448  USBAAPL - ok
14:43:45.0157 5448  [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:43:45.0192 5448  usbaudio - ok
14:43:45.0231 5448  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:43:45.0265 5448  usbccgp - ok
14:43:45.0280 5448  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:43:45.0337 5448  usbcir - ok
14:43:45.0378 5448  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:43:45.0409 5448  usbehci - ok
14:43:45.0470 5448  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:43:45.0521 5448  usbhub - ok
14:43:45.0544 5448  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:43:45.0608 5448  usbohci - ok
14:43:45.0624 5448  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:43:45.0687 5448  usbprint - ok
14:43:45.0720 5448  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:43:45.0759 5448  USBSTOR - ok
14:43:45.0769 5448  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:43:45.0815 5448  usbuhci - ok
14:43:45.0843 5448  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
14:43:45.0901 5448  UxSms - ok
14:43:45.0939 5448  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
14:43:46.0032 5448  vds - ok
14:43:46.0058 5448  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:46.0112 5448  vga - ok
14:43:46.0153 5448  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:43:46.0200 5448  VgaSave - ok
14:43:46.0216 5448  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:43:46.0231 5448  viaagp - ok
14:43:46.0257 5448  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:43:46.0312 5448  ViaC7 - ok
14:43:46.0331 5448  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:43:46.0339 5448  viaide - ok
14:43:46.0372 5448  [ 557A2B18FE116161A6F24F0F4C5C9A85 ] VMAuthdService  C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
14:43:46.0380 5448  VMAuthdService - ok
14:43:46.0403 5448  [ 0C533B7B904979DEC18B4728841320C4 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
14:43:46.0411 5448  vmkbd - ok
14:43:46.0421 5448  [ F68C99F41C3CF6E1C3C542FADD2E20CF ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
14:43:46.0429 5448  VMnetAdapter - ok
14:43:46.0452 5448  [ 121FBDA3A14F0744A8C213D3E9F14D63 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
14:43:46.0460 5448  VMnetBridge - ok
14:43:46.0476 5448  [ 0FC048682527CA6EAB939A3A3FDFB4CD ] VMnetDHCP       C:\Windows\system32\vmnetdhcp.exe
14:43:46.0483 5448  VMnetDHCP - ok
14:43:46.0505 5448  [ FF14CEA3E0A155BC42ACB15CFAD69302 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
14:43:46.0513 5448  VMnetuserif - ok
14:43:46.0577 5448  [ 7BECF16932ABBCD71627C500E31A8BE6 ] vmount2         C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
14:43:46.0585 5448  vmount2 - ok
14:43:46.0601 5448  [ 4C92FBF4382F74984F9090D5A4146B6B ] VMparport       C:\Windows\system32\Drivers\VMparport.sys
14:43:46.0614 5448  VMparport - ok
14:43:46.0653 5448  [ CD379A617FCE2910A71A2DCCA4F6B126 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
14:43:46.0677 5448  vmusb - ok
14:43:46.0726 5448  [ 2DF4B82B45E6048935DBEAD2F2B311A4 ] VMware NAT Service C:\Windows\system32\vmnat.exe
14:43:46.0751 5448  VMware NAT Service - ok
14:43:46.0796 5448  [ 3EEB4A1E901C74AD17DB46E27495145A ] vmx86           C:\Windows\system32\Drivers\vmx86.sys
14:43:46.0862 5448  vmx86 - ok
14:43:46.0894 5448  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:43:46.0903 5448  volmgr - ok
14:43:46.0935 5448  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:43:46.0950 5448  volmgrx - ok
14:43:46.0997 5448  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:43:47.0015 5448  volsnap - ok
14:43:47.0054 5448  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:43:47.0062 5448  vsmraid - ok
14:43:47.0110 5448  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
14:43:47.0202 5448  VSS - ok
14:43:47.0218 5448  [ 9E4FF401725FE6A26D8FE492BF0EA2B1 ] vstor2          C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
14:43:47.0237 5448  vstor2 - ok
14:43:47.0263 5448  [ 256318CDEF640AD2062754871BC96BFC ] vstor2-ws60     C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
14:43:47.0271 5448  vstor2-ws60 - ok
14:43:47.0304 5448  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
14:43:47.0353 5448  W32Time - ok
14:43:47.0376 5448  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:43:47.0440 5448  WacomPen - ok
14:43:47.0472 5448  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files\Wajam\Updater\WajamUpdater.exe
14:43:47.0497 5448  WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
14:43:47.0497 5448  WajamUpdater - detected UnsignedFile.Multi.Generic (1)
14:43:47.0528 5448  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:43:47.0569 5448  Wanarp - ok
14:43:47.0577 5448  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:43:47.0610 5448  Wanarpv6 - ok
14:43:47.0661 5448  [ F0E594DD07B2163DF9F5D5B6B471DDFA ] wbengine        C:\Windows\system32\wbengine.exe
14:43:47.0718 5448  wbengine - ok
14:43:47.0751 5448  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:43:47.0817 5448  wcncsvc - ok
14:43:47.0841 5448  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:43:47.0897 5448  WcsPlugInService - ok
14:43:47.0911 5448  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
14:43:47.0927 5448  Wd - ok
14:43:47.0950 5448  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:43:48.0005 5448  Wdf01000 - ok
14:43:48.0044 5448  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:43:48.0093 5448  WdiServiceHost - ok
14:43:48.0101 5448  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:43:48.0144 5448  WdiSystemHost - ok
14:43:48.0177 5448  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
14:43:48.0200 5448  WebClient - ok
14:43:48.0228 5448  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:43:48.0278 5448  Wecsvc - ok
14:43:48.0321 5448  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:43:48.0396 5448  wercplsupport - ok
14:43:48.0427 5448  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:43:48.0468 5448  WerSvc - ok
14:43:48.0522 5448  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:43:48.0546 5448  WinDefend - ok
14:43:48.0554 5448  WinHttpAutoProxySvc - ok
14:43:48.0614 5448  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:43:48.0661 5448  Winmgmt - ok
14:43:48.0704 5448  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:43:48.0778 5448  WinRM - ok
14:43:48.0827 5448  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:43:48.0868 5448  Wlansvc - ok
14:43:48.0892 5448  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:43:48.0964 5448  WmiAcpi - ok
14:43:48.0997 5448  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:43:49.0038 5448  wmiApSrv - ok
14:43:49.0071 5448  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:43:49.0120 5448  WMPNetworkSvc - ok
14:43:49.0159 5448  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:43:49.0175 5448  WPDBusEnum - ok
14:43:49.0216 5448  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
14:43:49.0263 5448  WpdUsb - ok
14:43:49.0298 5448  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:43:49.0353 5448  ws2ifsl - ok
14:43:49.0378 5448  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
14:43:49.0401 5448  wscsvc - ok
14:43:49.0409 5448  WSearch - ok
14:43:49.0474 5448  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:43:49.0595 5448  wuauserv - ok
14:43:49.0655 5448  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:43:49.0702 5448  WUDFRd - ok
14:43:49.0718 5448  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:43:49.0778 5448  wudfsvc - ok
14:43:49.0835 5448  ================ Scan global ===============================
14:43:49.0876 5448  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:43:49.0907 5448  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
14:43:49.0944 5448  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
14:43:50.0015 5448  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
14:43:50.0021 5448  [Global] - ok
14:43:50.0021 5448  ================ Scan MBR ==================================
14:43:50.0048 5448  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:43:50.0690 5448  \Device\Harddisk0\DR0 - ok
14:43:50.0690 5448  ================ Scan VBR ==================================
14:43:50.0698 5448  [ 009922A3D8E50685B3050FE3EFD58740 ] \Device\Harddisk0\DR0\Partition1
14:43:50.0698 5448  \Device\Harddisk0\DR0\Partition1 - ok
14:43:50.0724 5448  [ 50765C0B2FFC54BA16E03BBBF56A310F ] \Device\Harddisk0\DR0\Partition2
14:43:50.0726 5448  \Device\Harddisk0\DR0\Partition2 - ok
14:43:50.0769 5448  [ 9140A0CC9C9A826FC56BC3DAFEDF4D48 ] \Device\Harddisk0\DR0\Partition3
14:43:50.0769 5448  \Device\Harddisk0\DR0\Partition3 - ok
14:43:50.0769 5448  ============================================================
14:43:50.0769 5448  Scan finished
14:43:50.0769 5448  ============================================================
14:43:50.0784 3868  Detected object count: 7
14:43:50.0784 3868  Actual detected object count: 7
14:44:43.0647 3868  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:43.0647 3868  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:44:43.0655 3868  GFilterSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:43.0655 3868  GFilterSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:44:43.0655 3868  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:43.0655 3868  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:44:43.0655 3868  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:43.0655 3868  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:44:43.0663 3868  sfsync04 ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:43.0663 3868  sfsync04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:44:43.0663 3868  snmpurap ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:43.0663 3868  snmpurap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:44:43.0663 3868  WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:43.0663 3868  WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 28.01.2013, 14:43

Da ist noch einiges im Argen. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

friedrich23 · 28.01.2013, 18:40

nun ja, combofix hat mein system durchsuchht, nur danacch hat mein pc neugestartet und dann hat combofix sich wieder geöffnet und flackert über den ganzen bildschirm und ich habe keine möglichkeit es wieder zu beenden.

24.01.2013, 21:17	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	spyhunter 4 entfernen Und warum ist dann da eine Business Edition drauf von Vista? __________________ Logfiles bitte immer in CODE-Tags posten

spyhunter 4 entfernen

Plagegeister aller Art und deren Bekämpfung: spyhunter 4 entfernen