| |
| |||||||
Log-Analyse und Auswertung: Avira findet erst JS.Expack.EM und dann Spy.ZbotWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.02.2013, 14:06
| #1 |
 |  Avira findet erst JS.Expack.EM und dann Spy.Zbot Hallo liebe Menschen, folgendes ist mir widerfahren: Als ich neulich ausnahmsweise mal mit dem Internet Explorer (statt FF) unterwegs war, meldete Avira einen JS.Expack.EM. Dieser wurde in Quarantäne verschoben oder gelöscht und dann war erst mal wieder alles OK. Die nächsten Tage war der Rechner dann sehr langsam. Heute dann der Fund von Spy.Zbot. Zunächst habe ich einen Avira-Suchlauf gemacht und danach einen Schnellsuchlauf mit Malwarebytes Anti-Malware. Danach bin ich der Anleitung hier im Forum gefolgt. Folgende Logs sind dabei herausgekommen: Avira 1: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 25. Februar 2013 22:13
Es wird nach 5079638 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : USER-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 23:54:21
AVSCAN.DLL : 12.3.0.15 66256 Bytes 11.05.2012 18:38:32
LUKE.DLL : 12.3.0.15 68304 Bytes 11.05.2012 18:38:32
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 11.05.2012 18:38:33
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 18:38:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:37:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:37:32
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 09:23:44
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 06:51:07
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 21:21:03
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 21:51:57
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 21:51:57
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 21:51:57
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 21:51:57
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 21:51:57
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 15:57:25
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 15:57:25
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 10:34:08
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 11:13:29
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 11:13:30
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 20:21:34
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 20:21:35
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 20:21:35
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 16:21:37
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 16:21:37
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 16:21:22
VBASE024.VDF : 7.11.62.158 2048 Bytes 25.02.2013 16:21:22
VBASE025.VDF : 7.11.62.159 2048 Bytes 25.02.2013 16:21:23
VBASE026.VDF : 7.11.62.160 2048 Bytes 25.02.2013 16:21:23
VBASE027.VDF : 7.11.62.161 2048 Bytes 25.02.2013 16:21:23
VBASE028.VDF : 7.11.62.162 2048 Bytes 25.02.2013 16:21:23
VBASE029.VDF : 7.11.62.163 2048 Bytes 25.02.2013 16:21:23
VBASE030.VDF : 7.11.62.164 2048 Bytes 25.02.2013 16:21:23
VBASE031.VDF : 7.11.62.170 29184 Bytes 25.02.2013 16:21:23
Engineversion : 8.2.12.8
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 21:10:17
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 23.02.2013 16:21:41
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 21:45:40
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 09:44:10
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 20:45:16
AEPACK.DLL : 8.3.1.10 815480 Bytes 19.02.2013 20:21:36
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 19:55:33
AEHEUR.DLL : 8.1.4.218 5792121 Bytes 23.02.2013 16:21:41
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 14:10:44
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 19:05:29
AEEXP.DLL : 8.4.0.4 188789 Bytes 23.02.2013 16:21:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 21:10:16
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 20:21:36
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 19:55:23
AVWINLL.DLL : 12.3.0.15 27344 Bytes 11.05.2012 18:38:32
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 23:54:20
AVREP.DLL : 12.3.0.15 179208 Bytes 11.05.2012 18:38:33
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 23:54:20
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 11.05.2012 18:38:32
SQLITE3.DLL : 3.7.0.1 398288 Bytes 11.05.2012 18:38:33
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 14:58:15
NETNT.DLL : 12.3.0.15 17104 Bytes 11.05.2012 18:38:32
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 14:57:55
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 23:54:19
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_512b4eb4\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Montag, 25. Februar 2013 22:13
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'Detokiyova.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Detokiyova.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Detokiyova.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess '35E3.tmp' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess '420A.tmp' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jp2launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'qiesbyi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jp2launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'simfy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_168.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_168.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pidgin.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueCrypt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeePassX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'polipo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpn-gui-1.0.3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ovpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WG111v3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ANT Agent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vidalia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'capiws.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dirmngr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyncService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIWPZMMN\contract-western_joy_must[1].htm'
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIWPZMMN\contract-western_joy_must[1].htm
[FUND] Enthält Erkennungsmuster des Exploits EXP/JS.Expack.EM
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55607cd1.qua' verschoben!
Ende des Suchlaufs: Montag, 25. Februar 2013 22:16
Benötigte Zeit: 02:51 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
77 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
76 Dateien ohne Befall
2 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 28. Februar 2013 11:40
Es wird nach 5100054 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : USER-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 23:54:21
AVSCAN.DLL : 12.3.0.15 66256 Bytes 11.05.2012 18:38:32
LUKE.DLL : 12.3.0.15 68304 Bytes 11.05.2012 18:38:32
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 11.05.2012 18:38:33
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 18:38:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:37:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:37:32
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 09:23:44
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 06:51:07
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 21:21:03
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 21:51:57
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 21:51:57
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 21:51:57
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 21:51:57
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 21:51:57
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 15:57:25
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 15:57:25
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 10:34:08
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 11:13:29
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 11:13:30
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 20:21:34
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 20:21:35
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 20:21:35
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 16:21:37
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 16:21:37
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 16:21:22
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 10:31:11
VBASE025.VDF : 7.11.62.238 2048 Bytes 27.02.2013 10:31:11
VBASE026.VDF : 7.11.62.239 2048 Bytes 27.02.2013 10:31:11
VBASE027.VDF : 7.11.62.240 2048 Bytes 27.02.2013 10:31:11
VBASE028.VDF : 7.11.62.241 2048 Bytes 27.02.2013 10:31:11
VBASE029.VDF : 7.11.62.242 2048 Bytes 27.02.2013 10:31:11
VBASE030.VDF : 7.11.62.243 2048 Bytes 27.02.2013 10:31:11
VBASE031.VDF : 7.11.63.26 109056 Bytes 28.02.2013 10:31:12
Engineversion : 8.2.12.8
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 21:10:17
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 23.02.2013 16:21:41
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 21:45:40
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 09:44:10
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 20:45:16
AEPACK.DLL : 8.3.1.10 815480 Bytes 19.02.2013 20:21:36
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 19:55:33
AEHEUR.DLL : 8.1.4.218 5792121 Bytes 23.02.2013 16:21:41
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 14:10:44
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 19:05:29
AEEXP.DLL : 8.4.0.4 188789 Bytes 23.02.2013 16:21:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 21:10:16
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 20:21:36
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 19:55:23
AVWINLL.DLL : 12.3.0.15 27344 Bytes 11.05.2012 18:38:32
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 23:54:20
AVREP.DLL : 12.3.0.15 179208 Bytes 11.05.2012 18:38:33
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 23:54:20
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 11.05.2012 18:38:32
SQLITE3.DLL : 3.7.0.1 398288 Bytes 11.05.2012 18:38:33
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 14:58:15
NETNT.DLL : 12.3.0.15 17104 Bytes 11.05.2012 18:38:32
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 14:57:55
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 23:54:19
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_512f30c0\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Donnerstag, 28. Februar 2013 11:40
C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.jhue.1
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Der Systemwiederstellungspunkt wurde erfolgreich angelegt.
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich entfernt.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'polipo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpn-gui-1.0.3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'qiesbyi.exe' - '1' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe>
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.jhue.1
[HINWEIS] Prozess 'qiesbyi.exe' wurde beendet
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57c1948a.qua' verschoben!
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich repariert.
Durchsuche Prozess 'ovpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WG111v3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'capiws.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ANT Agent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vidalia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dirmngr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyncService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.jhue.1
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe'
Der zu durchsuchende Pfad C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Ende des Suchlaufs: Donnerstag, 28. Februar 2013 11:44
Benötigte Zeit: 03:35 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
4938 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
4935 Dateien ohne Befall
44 Archive wurden durchsucht
1 Warnungen
2 Hinweise
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 28. Februar 2013 11:42
Es wird nach 5100054 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : USER-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 23:54:21
AVSCAN.DLL : 12.3.0.15 66256 Bytes 11.05.2012 18:38:32
LUKE.DLL : 12.3.0.15 68304 Bytes 11.05.2012 18:38:32
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 11.05.2012 18:38:33
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 18:38:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:37:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:37:32
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 09:23:44
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 06:51:07
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 21:21:03
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 21:51:57
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 21:51:57
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 21:51:57
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 21:51:57
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 21:51:57
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 15:57:25
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 15:57:25
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 10:34:08
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 11:13:29
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 11:13:30
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 20:21:34
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 20:21:35
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 20:21:35
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 16:21:37
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 16:21:37
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 16:21:22
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 10:31:11
VBASE025.VDF : 7.11.62.238 2048 Bytes 27.02.2013 10:31:11
VBASE026.VDF : 7.11.62.239 2048 Bytes 27.02.2013 10:31:11
VBASE027.VDF : 7.11.62.240 2048 Bytes 27.02.2013 10:31:11
VBASE028.VDF : 7.11.62.241 2048 Bytes 27.02.2013 10:31:11
VBASE029.VDF : 7.11.62.242 2048 Bytes 27.02.2013 10:31:11
VBASE030.VDF : 7.11.62.243 2048 Bytes 27.02.2013 10:31:11
VBASE031.VDF : 7.11.63.26 109056 Bytes 28.02.2013 10:31:12
Engineversion : 8.2.12.8
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 21:10:17
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 23.02.2013 16:21:41
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 21:45:40
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 09:44:10
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 20:45:16
AEPACK.DLL : 8.3.1.10 815480 Bytes 19.02.2013 20:21:36
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 19:55:33
AEHEUR.DLL : 8.1.4.218 5792121 Bytes 23.02.2013 16:21:41
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 14:10:44
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 19:05:29
AEEXP.DLL : 8.4.0.4 188789 Bytes 23.02.2013 16:21:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 21:10:16
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 20:21:36
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 19:55:23
AVWINLL.DLL : 12.3.0.15 27344 Bytes 11.05.2012 18:38:32
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 23:54:20
AVREP.DLL : 12.3.0.15 179208 Bytes 11.05.2012 18:38:33
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 23:54:20
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 11.05.2012 18:38:32
SQLITE3.DLL : 3.7.0.1 398288 Bytes 11.05.2012 18:38:33
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 14:58:15
NETNT.DLL : 12.3.0.15 17104 Bytes 11.05.2012 18:38:32
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 14:57:55
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 23:54:19
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_512f30c0\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Donnerstag, 28. Februar 2013 11:42
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Der Systemwiederstellungspunkt wurde erfolgreich angelegt.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'polipo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpn-gui-1.0.3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'qiesbyi.exe' - '1' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\Users\user\AppData\Roaming\Orleniu\qiesbyi.exe>
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.jhue.1
[WARNUNG] Der Prozess <qiesbyi.exe> konnte nicht beendet werden. Mögliche Ursache: Systemfehler [5]: Zugriff verweigert
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F947EC9E-6081-07E8-1D08-C75350881F7E}> wurde erfolgreich repariert.
Durchsuche Prozess 'ovpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WG111v3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'capiws.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ANT Agent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vidalia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dirmngr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyncService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Ende des Suchlaufs: Donnerstag, 28. Februar 2013 11:53
Benötigte Zeit: 02:42 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
4936 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
4934 Dateien ohne Befall
44 Archive wurden durchsucht
2 Warnungen
1 Hinweise
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 user :: USER-PC [Administrator] 28.02.2013 11:53:31 mbam-log-2013-02-28 (11-53-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 273358 Laufzeit: 6 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\user\Desktop\fvsetup_2_5.exe (PUP.SpyBoss) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:24 on 28/02/2013 (user)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 28.02.2013 12:35:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,19% Memory free 7,99 Gb Paging File | 6,59 Gb Available in Paging File | 82,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 38,96 Gb Total Space | 0,93 Gb Free Space | 2,37% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 12,28 Gb Free Space | 6,33% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 0,33 Gb Free Space | 0,04% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.28 12:32:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.16 11:17:14 | 000,182,784 | ---- | M] () -- D:\Program Files\Allway Sync\Bin\SyncService.exe PRC - [2012.08.08 15:58:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.11 19:38:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 19:38:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.09.29 15:19:26 | 000,020,880 | ---- | M] () -- D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.28 14:13:48 | 000,242,176 | ---- | M] () -- D:\Program Files\GNU\GnuPG\dirmngr.exe PRC - [2010.06.17 20:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.09.06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ========== Modules (No Company Name) ========== MOD - [2013.02.15 03:09:04 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013.01.10 20:44:01 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll MOD - [2013.01.10 20:42:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 20:42:45 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 02:18:14 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll MOD - [2013.01.10 02:18:03 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll MOD - [2013.01.10 02:17:57 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll MOD - [2013.01.10 02:17:55 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll MOD - [2013.01.10 02:17:54 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 02:17:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 02:17:52 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 02:17:51 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 02:17:46 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2011.10.08 14:29:34 | 000,115,137 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll MOD - [2011.09.29 15:19:26 | 000,020,880 | ---- | M] () -- D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.19 17:48:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.13 00:49:35 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.16 11:17:14 | 000,182,784 | ---- | M] () [Auto | Running] -- D:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.11 19:38:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 19:38:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient) SRV - [2011.07.01 10:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.08.18 22:10:48 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.28 14:13:48 | 000,242,176 | ---- | M] () [Auto | Running] -- D:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr) SRV - [2010.07.26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- D:\Program Files\Treiber\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.09.06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.20 15:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.08.20 15:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012.08.20 11:48:46 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2012.05.11 19:38:33 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 19:38:33 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas) DRV:64bit: - [2011.07.01 10:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.06.02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.05.18 09:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 09:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 09:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 09:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 09:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 09:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.05.13 19:35:22 | 000,044,480 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.12 05:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.08.06 00:39:02 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.02 15:01:41 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2010.08.02 15:01:41 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2010.07.29 13:22:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.04.06 15:30:20 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.12.23 10:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.18 16:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B) DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.05.14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007.04.27 06:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2006.11.30 11:15:16 | 000,556,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV - [2013.02.28 12:25:57 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.08.02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF) DRV - [2003.07.29 09:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB DA 64 3B 80 60 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5EBA3B38-9834-4418-BC1C-C0BE03A47579}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..CT2801948.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "hxxp://www.google.de" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "NCH EN Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: googlesharing%40extension.thoughtcrime.org:0.22 FF - prefs.js..extensions.enabledAddons: nitishthelegendkiller%40yahoo.co.in:1.0 FF - prefs.js..extensions.enabledAddons: rotateimage%40minisystems.de:0.1.3.2 FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16 FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2 FF - prefs.js..extensions.enabledAddons: %7B9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE%7D:3.1a6 FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.3 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.32 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.0 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87 FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 FF - prefs.js..extensions.enabledItems: rotateimage@minisystems.de:0.1.3.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60 FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.21 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.3.3.2 FF - prefs.js..extensions.enabledItems: nitishthelegendkiller@yahoo.co.in:1.0 FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:3.7.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=. " FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.07 15:45:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.02.19 17:48:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.02.19 17:48:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2013.02.20 02:08:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.13 12:40:36 | 000,000,000 | ---D | M] [2010.08.01 18:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2010.08.01 18:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.28 12:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions [2011.02.12 23:18:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2013.02.19 17:08:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.12.02 13:58:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.02.23 12:18:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.29 22:58:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.02.28 12:07:32 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\firefox@ghostery.com [2011.09.09 21:57:32 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org [2013.01.21 00:32:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\https-everywhere@eff.org [2012.09.17 09:01:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\ich@maltegoetz.de [2011.04.22 11:14:20 | 000,000,000 | ---D | M] (ImgClub.org Image Uploader) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\nitishthelegendkiller@yahoo.co.in [2010.07.31 19:59:16 | 000,000,000 | ---D | M] (Rotate Image) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\rotateimage@minisystems.de [2011.09.09 21:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\chrome [2011.09.09 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\components [2011.09.09 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\defaults [2010.07.31 19:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions [2010.07.31 19:17:56 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.07.31 19:17:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.12.02 13:58:49 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\autofillForms@blueimp.net.xpi [2012.11.19 00:41:08 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\compatibility@addons.mozilla.org.xpi [2012.08.28 14:31:45 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2012.02.27 23:20:23 | 000,003,958 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\expire-history-by-days@bonardo.net.xpi [2013.02.23 22:52:06 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\firebug@software.joehewitt.com.xpi [2012.01.01 15:22:47 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012.03.29 11:04:02 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2013.02.20 12:23:54 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.09.02 11:35:05 | 000,286,375 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE}.xpi [2013.02.28 12:07:23 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2010.08.01 18:26:39 | 000,002,305 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\searchplugins\znout-de.xml O1 HOSTS File: ([2012.02.28 03:02:17 | 000,001,592 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.94.0.1 client.openvpn.net O1 - Hosts: 127.94.0.2 openvpn-client.us.shieldexchange.com O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] D:\Program Files\KeePass\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKCU..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Vidalia] D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe () O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm () O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm () O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebid.htm () O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - D:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm () O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm () O8 - Extra context menu item: BID: Link in Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm () O8 - Extra context menu item: BID: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebid.htm () O8 - Extra context menu item: BID: Öffne diesen &Link - D:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm () O8 - Extra context menu item: BID: Seite in &Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378EFFA4-C0DC-4D97-833C-9BC576364504}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D65EF701-E5A3-4F9D-B7B0-93879E23381D}: DhcpNameServer = 172.27.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{02bb1996-9c7f-11df-9668-6cf049b835b2}\Shell - "" = AutoRun O33 - MountPoints2\{02bb1996-9c7f-11df-9668-6cf049b835b2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{138f2a61-a0eb-11df-80e2-6cf049b835b2}\Shell - "" = AutoRun O33 - MountPoints2\{138f2a61-a0eb-11df-80e2-6cf049b835b2}\Shell\AutoRun\command - "" = M:\Setup.exe O33 - MountPoints2\{6626debd-9aa6-11df-87e3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6626debd-9aa6-11df-87e3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.28 12:32:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.02.28 11:51:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs [2013.02.28 11:51:13 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.25 22:13:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{EBBDA7E5-AB7B-4114-A5D7-466CA013A61A} [2013.02.25 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288} [2013.02.25 22:12:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{C7E6AB03-F5B6-4277-BCC7-9290C2711314} [2013.02.25 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Orleniu [2013.02.25 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ilhor [2013.02.21 12:47:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Sync App Settings [2013.02.19 23:53:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\tor [2013.02.19 23:53:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Tor [2013.02.19 23:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle [2013.02.19 23:53:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Vidalia [2013.02.17 01:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013.02.17 01:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.28 12:33:25 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 12:33:25 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 12:32:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.02.28 12:25:59 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr [2013.02.28 12:25:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.28 12:25:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.28 12:25:31 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2013.02.28 12:24:12 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable [2013.02.28 12:23:06 | 000,050,477 | ---- | M] () -- C:\Users\user\Desktop\Defogger.exe [2013.02.28 12:23:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.28 11:51:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.28 11:51:14 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.26 18:48:34 | 007,010,574 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.26 18:48:34 | 002,475,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.26 18:48:34 | 002,103,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.26 18:48:34 | 001,879,536 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.26 18:48:34 | 000,005,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.25 02:23:52 | 000,054,784 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.24 12:20:08 | 000,387,597 | ---- | M] () -- C:\Users\user\Desktop\DSC_0602.jpg [2013.02.19 00:02:17 | 000,003,033 | ---- | M] () -- C:\Users\user\Desktop\axp.axp [2013.02.14 13:15:48 | 005,037,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.07 19:37:41 | 000,001,010 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.07 19:37:29 | 000,000,976 | ---- | M] () -- C:\Users\user\Desktop\Dropbox.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.28 12:25:59 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr [2013.02.28 12:24:12 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable [2013.02.28 12:23:04 | 000,050,477 | ---- | C] () -- C:\Users\user\Desktop\Defogger.exe [2013.02.28 11:51:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.24 12:20:08 | 000,387,597 | ---- | C] () -- C:\Users\user\Desktop\DSC_0602.jpg [2013.02.19 00:02:17 | 000,003,033 | ---- | C] () -- C:\Users\user\Desktop\axp.axp [2012.06.20 23:17:39 | 000,000,218 | ---- | C] () -- C:\Users\user\.recently-used.xbel [2012.05.13 22:12:54 | 000,000,032 | ---- | C] () -- C:\Users\user\.simfy [2012.04.08 22:14:33 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Local\PUTTY.RND [2012.04.01 21:23:00 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd [2011.12.21 21:09:41 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.08.05 23:51:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2011.08.02 18:09:24 | 000,233,582 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.05.13 20:55:00 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe [2011.03.28 10:30:33 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe [2011.03.28 10:30:31 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll [2011.03.28 10:30:31 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL [2010.08.11 16:32:44 | 000,001,789 | ---- | C] () -- C:\Users\user\Default.atp [2010.08.11 16:32:44 | 000,000,288 | ---- | C] () -- C:\Users\user\user.properties [2010.08.07 12:10:27 | 000,007,603 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2010.08.05 00:43:05 | 000,054,784 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.27 02:40:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.purple [2010.08.11 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avid [2011.04.25 13:22:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BID [2010.09.13 20:05:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canneverbe Limited [2012.05.07 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon [2010.08.18 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.11.13 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.03.29 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.Rhapsody.Napster5 [2010.08.06 00:45:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite [2013.02.28 12:27:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox [2012.08.11 22:05:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\e-academy Inc [2011.12.12 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ethereal [2013.01.10 00:00:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EurekaLog [2012.07.23 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Eye-Fi [2011.11.16 21:11:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla [2011.11.12 21:35:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FireShot [2012.12.30 02:43:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GARMIN [2011.02.18 00:09:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo [2010.10.02 21:00:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gnupg [2013.02.19 22:22:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0 [2013.02.28 11:27:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ilhor [2012.01.24 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView [2010.08.10 00:39:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\JAM Software [2012.10.10 15:18:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KeePass [2012.10.10 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KeePassX [2012.04.02 21:58:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LEGO Company [2010.09.04 13:05:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexmark Productivity Studio [2012.11.28 23:11:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LibreOffice [2011.08.16 17:49:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Matus Tomlein [2010.10.09 19:00:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Miranda [2012.06.27 05:55:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mp3tag [2011.10.08 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MyPhoneExplorer [2010.08.28 10:43:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NapsterScrobbler [2011.10.14 14:44:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia [2011.10.14 14:44:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia Ovi Suite [2012.07.16 23:02:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera [2013.02.28 11:44:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Orleniu [2010.09.08 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PACE Anti-Piracy [2010.08.07 15:47:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite [2013.02.24 12:20:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rightload [2011.10.08 14:24:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung [2012.05.16 21:50:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Simfy [2012.01.04 02:06:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sinvise Systems [2010.08.11 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.02.21 12:47:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sync App Settings [2012.01.25 17:12:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird [2012.01.04 02:00:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird1 [2012.05.05 17:14:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Titanium [2010.07.29 16:29:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TrueCrypt [2010.08.06 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2012.01.13 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems [2012.08.08 13:13:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent [2012.04.06 01:22:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VG Solutions [2012.07.29 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer [2011.10.09 22:16:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wireshark [2011.02.12 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\YCanPDF [2013.02.25 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288} [2013.02.25 22:12:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\{C7E6AB03-F5B6-4277-BCC7-9290C2711314} [2013.02.25 22:13:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\{EBBDA7E5-AB7B-4114-A5D7-466CA013A61A} ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA @Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:OJ0YQExu03UDxq7DpcqoFrAcwI @Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:cu2FmI3Q4fibyVmaHRHJgfe @Alternate Data Stream - 1237 bytes -> C:\ProgramData\Microsoft:JKDMIATSCiGEmTWezHcJGU2cJ @Alternate Data Stream - 1221 bytes -> C:\ProgramData\Microsoft:4zlAzNhJQeEHAXksRRsM @Alternate Data Stream - 1210 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:NbarIRuIfeYYGKXlRqmW8F < End of report > Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-02-28 13:38:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID2Port1Path0Target0Lun0 SAMSUNG_ rev.FV01 232,88GB
Running: 4np82roe.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\svchost.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75]
.text C:\Windows\SysWOW64\svchost.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[2348] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75]
.text C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe[2348] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75]
.text ... * 2
.text D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[2796] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000777af85a 1 byte [C3]
.text D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[2796] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll!getJit + 32 00000000703e9380 4 bytes [C8, 10, 01, 10]
.text D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75]
.text D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75]
.text ... * 2
.text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75]
.text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75]
.text ... * 2
.text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75]
.text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 5877
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0xC5 0x0B 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0xBE 0x7D 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE4 0x10 0x99 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0xC5 0x0B 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0xBE 0x7D 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE4 0x10 0x99 0xC8 ...
---- EOF - GMER 2.1 ----
Schon einmal vielen Dank fürs Annehmen des Problems. Viele Grüße numbi |
|
28.02.2013, 15:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira findet erst JS.Expack.EM und dann Spy.Zbot Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer
__________________ |
|
01.03.2013, 00:40
| #3 | |
| | Avira findet erst JS.Expack.EM und dann Spy.ZbotZitat:
Ich hab die Anweisungen befolgt, zu TDSS-Killer stand unten nichts, daher hab ich es auch nicht gemacht. MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.28.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]
28.02.2013 20:09:58
mbar-log-2013-02-28 (20-09-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 242153
Time elapsed: 2 hour(s), 22 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7601.2.1.0.256.48
Gebietsschema-ID: 1031
Zusatzinformationen zum Problem:
BCCode: 34
BCP1: 0000000000050853
BCP2: FFFFF8800B1C8718
BCP3: FFFFF8800B1C7F70
BCP4: FFFFF800034049BC
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\022813-63609-01.dmp
C:\Users\user\AppData\Local\Temp\WER-86500-0.sysdata.xml
Code:
ATTFilter <?xml version="1.0" encoding="UNICODE"?>
@namespace html url(hxxp://www.w3.org/1999/xhtml); :root { font:small Verdana; font-weight: bold; padding: 2em; padding-left:4em; } * { display: block; padding-left: 2em; } html|style { display: none; } html|span, html|a { display: inline; padding: 0; font-weight: normal; text-decoration: none; } html|span.block { display: block; } *[html|hidden], span.block[html|hidden] { display: none; } .expand { display: block; } .expand:before { content: '+'; color: red; position: absolute; left: -1em; } .collapse { display: block; } .collapse:before { content: '-'; color: red; position: absolute; left:-1em; } <SYSTEMINFO>
<SYSTEM> <OSNAME>Windows 7 Professional Professional</OSNAME> <OSVER>6.1.7601
1.0</OSVER> <OSLANGUAGE>1031</OSLANGUAGE> <ARCHITECTURE>9</ARCHITECTURE>
<PRODUCTTYPE>48</PRODUCTTYPE> </SYSTEM> <MEMORYDIAGNOSTIC> </MEMORYDIAGNOSTIC>
<DEVICES> <DEVICE> <DESCRIPTION>TAP-Win32 Adapter OAS</DESCRIPTION>
<HARDWAREID>tapoas</HARDWAREID> <SERVICE>tapoas</SERVICE>
<DRIVER>tapoas.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Standard PCI-zu-USB
erweiterter Hostcontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00</HARDWAREID>
<SERVICE>usbehci</SERVICE> <DRIVER>usbehci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00</HARDWAREID>
<SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1022&DEV_1200&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
<DEVICE> <DESCRIPTION>Realtek PCIe GBE Family Controller</DESCRIPTION>
<HARDWAREID>PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03</HARDWAREID>
<SERVICE>RTL8167</SERVICE> <DRIVER>Rt64win7.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Systemzeitgeber</DESCRIPTION>
<HARDWAREID>ACPI\PNP0100</HARDWAREID> </DEVICE> <DEVICE> <DESCRIPTION>Remote
Desktop Device Redirector Bus</DESCRIPTION> <HARDWAREID>ROOT\RDPBUS</HARDWAREID>
<SERVICE>rdpbus</SERVICE> <DRIVER>rdpbus.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Generic USB Hub</DESCRIPTION>
<HARDWAREID>USB\VID_05E3&PID_0608&REV_0702</HARDWAREID>
<SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Terminalserver-Tastaturtreiber</DESCRIPTION>
<HARDWAREID>ROOT\RDP_KBD</HARDWAREID> <SERVICE>TermDD</SERVICE>
<DRIVER>termdd.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>NETGEAR WG111v3
Wireless-G USB Adapter</DESCRIPTION>
<HARDWAREID>USB\VID_0846&PID_4260&REV_0200</HARDWAREID>
<SERVICE>RTL8187B</SERVICE> <DRIVER>wg111v3.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>DMA-Controller</DESCRIPTION> <HARDWAREID>ACPI\PNP0200</HARDWAREID>
</DEVICE> <DEVICE> <DESCRIPTION>Laufwerk</DESCRIPTION>
<HARDWAREID>SCSI\DiskSAMSUNG_SP2514N_________FV01</HARDWAREID>
<SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-Adapter für Miniports virtueller WiFis</DESCRIPTION>
<HARDWAREID>{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp</HARDWAREID>
<SERVICE>vwifimp</SERVICE> <DRIVER>vwifimp.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Terminalserver-Maustreiber</DESCRIPTION>
<HARDWAREID>ROOT\RDP_MOU</HARDWAREID> <SERVICE>TermDD</SERVICE>
<DRIVER>termdd.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standardvolume</DESCRIPTION>
<HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
<DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-6zu4-Adapter</DESCRIPTION>
<HARDWAREID>*6to4mp</HARDWAREID> <SERVICE>tunnel</SERVICE>
<DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Standard PCI-zu-USB
erweiterter Hostcontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00</HARDWAREID>
<SERVICE>usbehci</SERVICE> <DRIVER>usbehci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_43A1&SUBSYS_00001002&REV_00</HARDWAREID>
<SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standardtastatur (PS/2)</DESCRIPTION>
<HARDWAREID>ACPI\PNP0303</HARDWAREID> <SERVICE>i8042prt</SERVICE>
<DRIVER>i8042prt.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>PCI
Standard-Host-CPU-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1022&DEV_1201&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
<DEVICE> <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
<HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
<DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>GIGABYTE GBB36X
Controller</DESCRIPTION>
<HARDWAREID>PCI\VEN_197B&DEV_2363&SUBSYS_B0001458&REV_02</HARDWAREID>
<SERVICE>JRAID</SERVICE> <DRIVER>jraid.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
<HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
<DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standardvolume</DESCRIPTION>
<HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
<DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Druckeranschluss</DESCRIPTION>
<HARDWAREID>ACPI\PNP0400</HARDWAREID> <SERVICE>Parport</SERVICE>
<DRIVER>parport.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap
Miniport</DESCRIPTION> <HARDWAREID>rs_rrnetcapmp</HARDWAREID>
<SERVICE>RRNetCapMP</SERVICE> <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
<HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
<DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Diskettenlaufwerk</DESCRIPTION>
<HARDWAREID>FDC\GENERIC_FLOPPY_DRIVE</HARDWAREID> <SERVICE>flpydisk</SERVICE>
<DRIVER>flpydisk.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>AMD-Prozessor</DESCRIPTION>
<HARDWAREID>ACPI\AuthenticAMD_-_AMD64_Family_16_Model_5</HARDWAREID>
<SERVICE>AmdPPM</SERVICE> <DRIVER>amdppm.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
<HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
<DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Kommunikationsanschluss</DESCRIPTION>
<HARDWAREID>ACPI\PNP0501</HARDWAREID> <SERVICE>Serial</SERVICE>
<DRIVER>serial.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap
Miniport</DESCRIPTION> <HARDWAREID>rs_rrnetcapmp</HARDWAREID>
<SERVICE>RRNetCapMP</SERVICE> <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standard OpenHCD USB-Hostcontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00</HARDWAREID>
<SERVICE>usbohci</SERVICE> <DRIVER>usbohci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_43A2&SUBSYS_00001002&REV_00</HARDWAREID>
<SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1022&DEV_1202&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
<DEVICE> <DESCRIPTION>Standard-Diskettenlaufwerkcontroller</DESCRIPTION>
<HARDWAREID>ACPI\PNP0700</HARDWAREID> <SERVICE>fdc</SERVICE>
<DRIVER>fdc.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
<HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
<DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>GIGABYTE GBB36X
Controller</DESCRIPTION>
<HARDWAREID>PCI\VEN_197B&DEV_2363&SUBSYS_B0001458&REV_03</HARDWAREID>
<SERVICE>JRAID</SERVICE> <DRIVER>jraid.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Realtek High Definition Audio</DESCRIPTION>
<HARDWAREID>HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_1458A102&REV_1003</HARDWAREID>
<SERVICE>IntcAzAudAddService</SERVICE> <DRIVER>RTKVHD64.sys</DRIVER> </DEVICE>
<DEVICE> <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
<HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
<DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standardvolume</DESCRIPTION>
<HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
<DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>NEC Electronics
USB 3.0 Root Hub</DESCRIPTION> <HARDWAREID>NUSB3\ROOT_HUB30</HARDWAREID>
<SERVICE>nusb3hub</SERVICE> <DRIVER>nusb3hub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-ISATAP-Adapter</DESCRIPTION>
<HARDWAREID>*ISATAP</HARDWAREID> <SERVICE>tunnel</SERVICE>
<DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Systemlautsprecher</DESCRIPTION>
<HARDWAREID>ACPI\PNP0800</HARDWAREID> </DEVICE> <DEVICE>
<DESCRIPTION>Laufwerk</DESCRIPTION>
<HARDWAREID>USBSTOR\DiskGeneric_STORAGE_DEVICE__9602</HARDWAREID>
<SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
<HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
<DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-Teredo-Tunneling-Adapter</DESCRIPTION>
<HARDWAREID>*TEREDO</HARDWAREID> <SERVICE>tunnel</SERVICE>
<DRIVER>tunnel.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Audials Sound
Capturing</DESCRIPTION> <HARDWAREID>root\tbhsd</HARDWAREID>
<SERVICE>tbhsd</SERVICE> <DRIVER>tbhsd.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>High Definition Audio-Controller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4383&SUBSYS_A1021458&REV_40</HARDWAREID>
<SERVICE>HDAudBus</SERVICE> <DRIVER>HDAudBus.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standardvolume</DESCRIPTION>
<HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
<DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Standard OpenHCD
USB-Hostcontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00</HARDWAREID>
<SERVICE>usbohci</SERVICE> <DRIVER>usbohci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_43A3&SUBSYS_00001002&REV_00</HARDWAREID>
<SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1022&DEV_1203&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
<DEVICE> <DESCRIPTION>PCI-Bus</DESCRIPTION>
<HARDWAREID>ACPI\PNP0A03</HARDWAREID> <SERVICE>pci</SERVICE>
<DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>ACPI x64-based
PC</DESCRIPTION> <HARDWAREID>acpiapic</HARDWAREID>
<SERVICE>\Driver\ACPI_HAL</SERVICE> </DEVICE> <DEVICE>
<DESCRIPTION>AMD-Prozessor</DESCRIPTION>
<HARDWAREID>ACPI\AuthenticAMD_-_AMD64_Family_16_Model_5</HARDWAREID>
<SERVICE>AmdPPM</SERVICE> <DRIVER>amdppm.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft-Systemverwaltungs-BIOS-Treiber</DESCRIPTION>
<HARDWAREID>ROOT\mssmbios</HARDWAREID> <SERVICE>mssmbios</SERVICE>
<DRIVER>mssmbios.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap
Miniport</DESCRIPTION> <HARDWAREID>rs_rrnetcapmp</HARDWAREID>
<SERVICE>RRNetCapMP</SERVICE> <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>IDE-Kanal</DESCRIPTION> <HARDWAREID>1002-4390</HARDWAREID>
<SERVICE>atapi</SERVICE> <DRIVER>atapi.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Treiber für Datei-als-Volume</DESCRIPTION>
<HARDWAREID>ROOT\BLBDRIVE</HARDWAREID> <SERVICE>blbdrive</SERVICE>
<DRIVER>blbdrive.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN Miniport
(IKEv2)</DESCRIPTION> <HARDWAREID>ms_agilevpnminiport</HARDWAREID>
<SERVICE>RasAgileVpn</SERVICE> <DRIVER>AgileVpn.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>USB-Root-Hub</DESCRIPTION>
<HARDWAREID>USB\ROOT_HUB&VID1002&PID4397&REV0000</HARDWAREID>
<SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
<HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
<DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>IDE-Kanal</DESCRIPTION> <HARDWAREID>1002-4390</HARDWAREID>
<SERVICE>atapi</SERVICE> <DRIVER>atapi.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Laufwerk</DESCRIPTION>
<HARDWAREID>USBSTOR\DiskGeneric_STORAGE_DEVICE__9602</HARDWAREID>
<SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Busenumerator für Verbundgeräte</DESCRIPTION>
<HARDWAREID>ROOT\CompositeBus</HARDWAREID> <SERVICE>CompositeBus</SERVICE>
<DRIVER>CompositeBus.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>System
CMOS/Echtzeituhr</DESCRIPTION> <HARDWAREID>ACPI\PNP0B00</HARDWAREID> </DEVICE>
<DEVICE> <DESCRIPTION>ATI
E/A-Kommunikationsprozessor-PCI-Buscontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_40</HARDWAREID>
<SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standard OpenHCD USB-Hostcontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00</HARDWAREID>
<SERVICE>usbohci</SERVICE> <DRIVER>usbohci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
<HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
<DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport
(L2TP)</DESCRIPTION> <HARDWAREID>ms_l2tpminiport</HARDWAREID>
<SERVICE>Rasl2tp</SERVICE> <DRIVER>rasl2tp.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_5957&SUBSYS_59571002&REV_00</HARDWAREID> </DEVICE>
<DEVICE> <DESCRIPTION>USB-Eingabegerät</DESCRIPTION>
<HARDWAREID>USB\VID_046D&PID_C043&REV_2720</HARDWAREID>
<SERVICE>HidUsb</SERVICE> <DRIVER>hidusb.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>USB-Root-Hub</DESCRIPTION>
<HARDWAREID>USB\ROOT_HUB&VID1002&PID4397&REV0000</HARDWAREID>
<SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-Host-CPU-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1022&DEV_1204&SUBSYS_00000000&REV_00</HARDWAREID> </DEVICE>
<DEVICE> <DESCRIPTION>Logische Schnittstelle für Druckeranschluss</DESCRIPTION>
<HARDWAREID>LPTENUM\MicrosoftRawPort958A</HARDWAREID> </DEVICE> <DEVICE>
<DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
<HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
<DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>IDE-Kanal</DESCRIPTION> <HARDWAREID>1002-439c</HARDWAREID>
<SERVICE>atapi</SERVICE> <DRIVER>atapi.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Systemplatine</DESCRIPTION> <HARDWAREID>ACPI\PNP0C01</HARDWAREID>
</DEVICE> <DEVICE> <DESCRIPTION>RRNetCap Miniport</DESCRIPTION>
<HARDWAREID>rs_rrnetcapmp</HARDWAREID> <SERVICE>RRNetCapMP</SERVICE>
<DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport
(Netzwerkmonitor)</DESCRIPTION> <HARDWAREID>ms_ndiswanbh</HARDWAREID>
<SERVICE>NdisWan</SERVICE> <DRIVER>ndiswan.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>USB-Root-Hub</DESCRIPTION>
<HARDWAREID>USB\ROOT_HUB&VID1002&PID4397&REV0000</HARDWAREID>
<SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>AMD-Prozessor</DESCRIPTION>
<HARDWAREID>ACPI\AuthenticAMD_-_AMD64_Family_16_Model_5</HARDWAREID>
<SERVICE>AmdPPM</SERVICE> <DRIVER>amdppm.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
<HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
<DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>USB-Massenspeichergerät</DESCRIPTION>
<HARDWAREID>USB\VID_05E3&PID_070E&REV_9602</HARDWAREID>
<SERVICE>USBSTOR</SERVICE> <DRIVER>USBSTOR.SYS</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Hauptplatinenressourcen</DESCRIPTION>
<HARDWAREID>ACPI\PNP0C02</HARDWAREID> </DEVICE> <DEVICE> <DESCRIPTION>RRNetCap
Miniport</DESCRIPTION> <HARDWAREID>rs_rrnetcapmp</HARDWAREID>
<SERVICE>RRNetCapMP</SERVICE> <DRIVER>rrnetcap.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>WAN-Miniport (IP)</DESCRIPTION>
<HARDWAREID>ms_ndiswanip</HARDWAREID> <SERVICE>NdisWan</SERVICE>
<DRIVER>ndiswan.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>IDE-Kanal</DESCRIPTION> <HARDWAREID>1002-439c</HARDWAREID>
<SERVICE>atapi</SERVICE> <DRIVER>atapi.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Laufwerk</DESCRIPTION>
<HARDWAREID>USBSTOR\DiskGeneric_STORAGE_DEVICE__9602</HARDWAREID>
<SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>USB-Root-Hub</DESCRIPTION>
<HARDWAREID>USB\ROOT_HUB&VID1002&PID4399&REV0000</HARDWAREID>
<SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
<HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
<DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>ATI
E/A-Kommunikationsprozessor-SMBus-Controller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4385&SUBSYS_00000000&REV_41</HARDWAREID> </DEVICE>
<DEVICE> <DESCRIPTION>Standard OpenHCD USB-Hostcontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4399&SUBSYS_50041458&REV_00</HARDWAREID>
<SERVICE>usbohci</SERVICE> <DRIVER>usbohci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standardvolume</DESCRIPTION>
<HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
<DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>PCI
Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_5978&SUBSYS_59571002&REV_00</HARDWAREID>
<SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>NEC Electronics USB 3.0 Host Controller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03</HARDWAREID>
<SERVICE>nusb3xhc</SERVICE> <DRIVER>nusb3xhc.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Hauptplatinenressourcen</DESCRIPTION>
<HARDWAREID>ACPI\PNP0C02</HARDWAREID> </DEVICE> <DEVICE>
<DESCRIPTION>PnP-Softwaregeräte-Enumerator</DESCRIPTION>
<HARDWAREID>root\swenum</HARDWAREID> <SERVICE>swenum</SERVICE>
<DRIVER>swenum.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport
(IPv6)</DESCRIPTION> <HARDWAREID>ms_ndiswanipv6</HARDWAREID>
<SERVICE>NdisWan</SERVICE> <DRIVER>ndiswan.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
<HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
<DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>USB-Root-Hub</DESCRIPTION>
<HARDWAREID>USB\ROOT_HUB20&VID1002&PID4396&REV0000</HARDWAREID>
<SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Hauptplatinenressourcen</DESCRIPTION>
<HARDWAREID>ACPI\PNP0C02</HARDWAREID> </DEVICE> <DEVICE>
<DESCRIPTION>HID-konforme Maus</DESCRIPTION>
<HARDWAREID>HID\VID_046D&PID_C043&REV_2720</HARDWAREID>
<SERVICE>mouhid</SERVICE> <DRIVER>mouhid.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>UMBus-Stamm-Busenumerator</DESCRIPTION>
<HARDWAREID>root\umbus</HARDWAREID> <SERVICE>umbus</SERVICE>
<DRIVER>umbus.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Deterministic
Network Enhancer Miniport</DESCRIPTION> <HARDWAREID>dni_dnemp</HARDWAREID>
<SERVICE>DNE</SERVICE> <DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Numerischer Coprozessor</DESCRIPTION>
<HARDWAREID>ACPI\PNP0C04</HARDWAREID> </DEVICE> <DEVICE>
<DESCRIPTION>WAN-Miniport (PPPOE)</DESCRIPTION>
<HARDWAREID>ms_pppoeminiport</HARDWAREID> <SERVICE>RasPppoe</SERVICE>
<DRIVER>raspppoe.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>USB-Root-Hub</DESCRIPTION>
<HARDWAREID>USB\ROOT_HUB20&VID1002&PID4396&REV0000</HARDWAREID>
<SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Enumerator-Treiber für Microsoft Virtual Drive</DESCRIPTION>
<HARDWAREID>ROOT\vdrvroot</HARDWAREID> <SERVICE>vdrvroot</SERVICE>
<DRIVER>vdrvroot.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>AMD-Prozessor</DESCRIPTION>
<HARDWAREID>ACPI\AuthenticAMD_-_AMD64_Family_16_Model_5</HARDWAREID>
<SERVICE>AmdPPM</SERVICE> <DRIVER>amdppm.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
<HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
<DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standard-Zweikanal-PCI-IDE-Controller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4390&SUBSYS_B0021458&REV_40</HARDWAREID>
<SERVICE>pciide</SERVICE> <DRIVER>pciide.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standard-Zweikanal-PCI-IDE-Controller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_439C&SUBSYS_50021458&REV_40</HARDWAREID>
<SERVICE>pciide</SERVICE> <DRIVER>pciide.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_597E&SUBSYS_59571002&REV_00</HARDWAREID>
<SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Laufwerk</DESCRIPTION>
<HARDWAREID>USBSTOR\DiskGeneric_STORAGE_DEVICE__9602</HARDWAREID>
<SERVICE>disk</SERVICE> <DRIVER>disk.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>OHCI-konformer Texas Instruments 1394-Hostcontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_104C&DEV_8024&SUBSYS_10001458&REV_00</HARDWAREID>
<SERVICE>1394ohci</SERVICE> <DRIVER>1394ohci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>ACPI-Einschaltknopf</DESCRIPTION>
<HARDWAREID>ACPI\PNP0C0C</HARDWAREID> </DEVICE> <DEVICE> <DESCRIPTION>ANT USB
Stick 2</DESCRIPTION> <HARDWAREID>USB\VID_0FCF&PID_1008&REV_0100</HARDWAREID>
<SERVICE>libusb0</SERVICE> <DRIVER>libusb0.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Volume-Verwaltung</DESCRIPTION>
<HARDWAREID>ROOT\VOLMGR</HARDWAREID> <SERVICE>volmgr</SERVICE>
<DRIVER>volmgr.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport
(PPTP)</DESCRIPTION> <HARDWAREID>ms_pptpminiport</HARDWAREID>
<SERVICE>PptpMiniport</SERVICE> <DRIVER>raspptp.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>USB-Root-Hub</DESCRIPTION>
<HARDWAREID>USB\ROOT_HUB20&VID1002&PID4396&REV0000</HARDWAREID>
<SERVICE>usbhub</SERVICE> <DRIVER>usbhub.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
<HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
<DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Microsoft
Windows-Verwaltungsschnittstelle für ACPI</DESCRIPTION>
<HARDWAREID>ACPI\PNP0C14</HARDWAREID> <SERVICE>WmiAcpi</SERVICE>
<DRIVER>wmiacpi.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>WAN-Miniport
(SSTP)</DESCRIPTION> <HARDWAREID>ms_sstpminiport</HARDWAREID>
<SERVICE>RasSstp</SERVICE> <DRIVER>rassstp.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
<HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
<DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Standard PCI-zu-USB
erweiterter Hostcontroller</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00</HARDWAREID>
<SERVICE>usbehci</SERVICE> <DRIVER>usbehci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Deterministic Network Enhancer Miniport</DESCRIPTION>
<HARDWAREID>dni_dnemp</HARDWAREID> <SERVICE>DNE</SERVICE>
<DRIVER>dne64x.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>PCI
Standard-ISA-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_40</HARDWAREID>
<SERVICE>msisadrv</SERVICE> <DRIVER>msisadrv.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PCI Standard-PCI-zu-PCI-Brücke</DESCRIPTION>
<HARDWAREID>PCI\VEN_1002&DEV_597F&SUBSYS_59571002&REV_00</HARDWAREID>
<SERVICE>pci</SERVICE> <DRIVER>pci.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Standardvolume</DESCRIPTION>
<HARDWAREID>STORAGE\Volume</HARDWAREID> <SERVICE>volsnap</SERVICE>
<DRIVER>volsnap.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Photosmart B110
series</DESCRIPTION> <HARDWAREID>Photosmart_B110_series&HPSLP</HARDWAREID>
</DEVICE> <DEVICE> <DESCRIPTION>NVIDIA GeForce GTS 250</DESCRIPTION>
<HARDWAREID>PCI\VEN_10DE&DEV_0615&SUBSYS_210319DA&REV_A2</HARDWAREID>
<SERVICE>nvlddmkm</SERVICE> <DRIVER>nvlddmkm.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>ACPI-Schalter</DESCRIPTION>
<HARDWAREID>ACPI\FixedButton</HARDWAREID> </DEVICE> <DEVICE>
<DESCRIPTION>Microsoft ACPI-konformes System</DESCRIPTION>
<HARDWAREID>ACPI_HAL\PNP0C08</HARDWAREID> <SERVICE>ACPI</SERVICE>
<DRIVER>ACPI.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Photosmart B110
series</DESCRIPTION> <HARDWAREID>MF\Photosmart_B110&HPSLP&IP_SCAN</HARDWAREID>
<SERVICE>StillCam</SERVICE> <DRIVER>serscan.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>Cisco Systems VPN Adapter for 64-bit Windows</DESCRIPTION>
<HARDWAREID>CS_VirtA</HARDWAREID> <SERVICE>CVirtA</SERVICE>
<DRIVER>CVirtA64.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>UMBusenumerator</DESCRIPTION> <HARDWAREID>UMB\UMBUS</HARDWAREID>
<SERVICE>umbus</SERVICE> <DRIVER>umbus.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>CD-ROM-Laufwerk</DESCRIPTION>
<HARDWAREID>SCSI\CdRom_NEC____DVD_RW_ND-3550A_1.05</HARDWAREID>
<SERVICE>cdrom</SERVICE> <DRIVER>cdrom.sys</DRIVER> </DEVICE> <DEVICE>
<DESCRIPTION>PnP-Monitor (Standard)</DESCRIPTION>
<HARDWAREID>MONITOR\GNR0000</HARDWAREID> <SERVICE>monitor</SERVICE>
<DRIVER>monitor.sys</DRIVER> </DEVICE> <DEVICE> <DESCRIPTION>Programmierbarer
Interruptcontroller</DESCRIPTION> <HARDWAREID>ACPI\PNP0000</HARDWAREID>
</DEVICE> <DEVICE> <DESCRIPTION>TAP-Win32 Adapter V9</DESCRIPTION>
<HARDWAREID>tap0901</HARDWAREID> <SERVICE>tap0901</SERVICE>
<DRIVER>tap0901.sys</DRIVER> </DEVICE> </DEVICES> <DRIVERS> <DRIVER>
<FILENAME>1394ohci.sys</FILENAME> <FILESIZE>229888</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:38</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>ACPI.sys</FILENAME>
<FILESIZE>334208</FILESIZE> <CREATIONDATE>07-08-2011 10:35:01</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>acpipmi.sys</FILENAME> <FILESIZE>12800</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:30</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>adp94xx.sys</FILENAME>
<FILESIZE>491088</FILESIZE> <CREATIONDATE>06-10-2009 20:36:24</CREATIONDATE>
<VERSION>1.6.6.4</VERSION> <MANUFACTURER>Adaptec, Inc.</MANUFACTURER>
<PRODUCTNAME>Adaptec Windows 7 SAS/SATA Family Storport Driver</PRODUCTNAME>
<GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>adpahci.sys</FILENAME> <FILESIZE>339536</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:32</CREATIONDATE> <VERSION>1.6.6.1</VERSION>
<MANUFACTURER>Adaptec, Inc.</MANUFACTURER> <PRODUCTNAME>Adaptec Windows Server
2003 SATA Family Storport Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP>
</DRIVER> <DRIVER> <FILENAME>adpu320.sys</FILENAME> <FILESIZE>182864</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>7.2.0.0</VERSION>
<MANUFACTURER>Adaptec, Inc.</MANUFACTURER> <PRODUCTNAME>Adaptec Windows
Ultra320 Family Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER>
<DRIVER> <FILENAME>afd.sys</FILENAME> <FILESIZE>498688</FILESIZE>
<CREATIONDATE>02-16-2012 02:36:14</CREATIONDATE>
<VERSION>6.1.7601.17752</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
<FILENAME>agp440.sys</FILENAME> <FILESIZE>61008</FILESIZE>
<CREATIONDATE>07-13-2009 23:38:44</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>aliide.sys</FILENAME> <FILESIZE>15440</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:47</CREATIONDATE> <VERSION>1.2.0.0</VERSION>
<MANUFACTURER>Acer Laboratories Inc.</MANUFACTURER> <PRODUCTNAME>ALi mini IDE
Driver</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>amdide.sys</FILENAME> <FILESIZE>15440</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:49</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>amdk8.sys</FILENAME> <FILESIZE>64512</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>amdppm.sys</FILENAME> <FILESIZE>60928</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>amdsata.sys</FILENAME> <FILESIZE>107904</FILESIZE>
<CREATIONDATE>04-27-2011 23:00:35</CREATIONDATE> <VERSION>1.1.2.5</VERSION>
<MANUFACTURER>Advanced Micro Devices</MANUFACTURER> <PRODUCTNAME>AHCI 1.2
Device Driver</PRODUCTNAME> <GROUP>SCSI miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>amdsbs.sys</FILENAME> <FILESIZE>194128</FILESIZE>
<CREATIONDATE>06-10-2009 20:37:35</CREATIONDATE>
<VERSION>3.6.1540.127</VERSION> <MANUFACTURER>AMD Technologies
Inc.</MANUFACTURER> <PRODUCTNAME>AMD Technology AHCI Compatible
Controller</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>amdxata.sys</FILENAME> <FILESIZE>27008</FILESIZE>
<CREATIONDATE>04-27-2011 23:00:34</CREATIONDATE> <VERSION>1.1.2.5</VERSION>
<MANUFACTURER>Advanced Micro Devices</MANUFACTURER> <PRODUCTNAME>Storage Filter
Driver</PRODUCTNAME> <GROUP>SCSI miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>ssadadb.sys</FILENAME> <FILESIZE>36328</FILESIZE>
<CREATIONDATE>10-08-2011 13:26:08</CREATIONDATE> <VERSION>1.0.1.1</VERSION>
<MANUFACTURER>Google Inc</MANUFACTURER> <PRODUCTNAME>Google Android USB
Driver</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>appid.sys</FILENAME> <FILESIZE>61440</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:27</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>AppleCharger.sys</FILENAME>
<FILESIZE>21544</FILESIZE> <CREATIONDATE>07-29-2010 11:01:39</CREATIONDATE>
<VERSION>0.0.0.0</VERSION> <MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
<FILENAME>arc.sys</FILENAME> <FILESIZE>87632</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>5.2.0.10384</VERSION>
<MANUFACTURER>Adaptec, Inc.</MANUFACTURER> <PRODUCTNAME>Adaptec RAID
Controller</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>arcsas.sys</FILENAME> <FILESIZE>97856</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>5.2.0.16119</VERSION>
<MANUFACTURER>Adaptec, Inc.</MANUFACTURER> <PRODUCTNAME>Adaptec RAID
Controller</PRODUCTNAME> <GROUP>SCSI miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>asyncmac.sys</FILENAME> <FILESIZE>23040</FILESIZE>
<CREATIONDATE>07-14-2009 00:10:13</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>atapi.sys</FILENAME>
<FILESIZE>24128</FILESIZE> <CREATIONDATE>07-13-2009 23:19:47</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>athrxusb.sys</FILENAME> <FILESIZE>556544</FILESIZE>
<CREATIONDATE>04-02-2011 22:46:57</CREATIONDATE> <VERSION>2.0.0.117</VERSION>
<MANUFACTURER>Atheros Communications, Inc.</MANUFACTURER> <PRODUCTNAME>Driver
for Atheros Wireless USB Network Adapter</PRODUCTNAME> <GROUP>NDIS</GROUP>
</DRIVER> <DRIVER> <FILENAME>avgntflt.sys</FILENAME> <FILESIZE>98848</FILESIZE>
<CREATIONDATE>04-07-2012 19:35:39</CREATIONDATE> <VERSION>12.0.24.11</VERSION>
<MANUFACTURER>Avira GmbH</MANUFACTURER> <PRODUCTNAME>AntiVir
Workstation</PRODUCTNAME> <GROUP>FSFilter Anti-Virus</GROUP>
<ALTITUDE>320500</ALTITUDE> </DRIVER> <DRIVER> <FILENAME>avipbb.sys</FILENAME>
<FILESIZE>132832</FILESIZE> <CREATIONDATE>04-07-2012 19:35:39</CREATIONDATE>
<VERSION>12.0.50.34</VERSION> <MANUFACTURER>Avira GmbH</MANUFACTURER>
<PRODUCTNAME>AntiVir Desktop</PRODUCTNAME> <GROUP>Avira</GROUP> </DRIVER>
<DRIVER> <FILENAME>avkmgr.sys</FILENAME> <FILESIZE>27760</FILESIZE>
<CREATIONDATE>04-07-2012 19:35:39</CREATIONDATE> <VERSION>12.0.20.2</VERSION>
<MANUFACTURER>Avira GmbH</MANUFACTURER> <PRODUCTNAME>AntiVir
Desktop</PRODUCTNAME> <GROUP>Avira</GROUP> </DRIVER> <DRIVER>
<FILENAME>bxvbda.sys</FILENAME> <FILESIZE>468480</FILESIZE>
<CREATIONDATE>06-10-2009 20:34:28</CREATIONDATE> <VERSION>4.8.2.0</VERSION>
<MANUFACTURER>Broadcom Corporation</MANUFACTURER> <PRODUCTNAME>Broadcom
NetXtreme II GigE</PRODUCTNAME> <GROUP>base</GROUP> </DRIVER> <DRIVER>
<FILENAME>b57nd60a.sys</FILENAME> <FILESIZE>270848</FILESIZE>
<CREATIONDATE>06-10-2009 20:34:23</CREATIONDATE> <VERSION>10.100.4.0</VERSION>
<MANUFACTURER>Broadcom Corporation</MANUFACTURER> <PRODUCTNAME>Broadcom
NetXtreme Gigabit Ethernet Driver</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER>
<DRIVER> <FILENAME>Beep.sys</FILENAME> <FILESIZE>6656</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:13</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>blbdrive.sys</FILENAME> <FILESIZE>45056</FILESIZE>
<CREATIONDATE>07-13-2009 23:35:59</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>bowser.sys</FILENAME>
<FILESIZE>90624</FILESIZE> <CREATIONDATE>04-15-2011 11:39:16</CREATIONDATE>
<VERSION>6.1.7601.17565</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>BrFiltLo.sys</FILENAME> <FILESIZE>18432</FILESIZE>
<CREATIONDATE>07-14-2009 01:19:59</CREATIONDATE> <VERSION>1.10.0.2</VERSION>
<MANUFACTURER>Brother Industries, Ltd.</MANUFACTURER>
<PRODUCTNAME>RemovableDisk</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER>
<DRIVER> <FILENAME>BrFiltUp.sys</FILENAME> <FILESIZE>8704</FILESIZE>
<CREATIONDATE>07-14-2009 01:20:21</CREATIONDATE> <VERSION>1.4.0.1</VERSION>
<MANUFACTURER>Brother Industries, Ltd.</MANUFACTURER>
<PRODUCTNAME>RemovableDisk</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER>
<DRIVER> <FILENAME>Brserid.sys</FILENAME> <FILESIZE>286720</FILESIZE>
<CREATIONDATE>07-14-2009 01:19:06</CREATIONDATE> <VERSION>1.0.1.6</VERSION>
<MANUFACTURER>Brother Industries Ltd.</MANUFACTURER>
<PRODUCTNAME>Betriebssystem Microsoft® Windows®</PRODUCTNAME> </DRIVER>
<DRIVER> <FILENAME>BrSerWdm.sys</FILENAME> <FILESIZE>47104</FILESIZE>
<CREATIONDATE>07-14-2009 01:20:11</CREATIONDATE> <VERSION>1.0.0.20</VERSION>
<MANUFACTURER>Brother Industries Ltd.</MANUFACTURER> <PRODUCTNAME>Brother MFL
Pro</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>BrUsbMdm.sys</FILENAME>
<FILESIZE>14976</FILESIZE> <CREATIONDATE>07-14-2009 01:20:26</CREATIONDATE>
<VERSION>1.0.0.12</VERSION> <MANUFACTURER>Brother Industries
Ltd.</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>BrUsbSer.sys</FILENAME>
<FILESIZE>14720</FILESIZE> <CREATIONDATE>07-14-2009 01:20:15</CREATIONDATE>
<VERSION>1.0.1.3</VERSION> <MANUFACTURER>Brother Industries Ltd.</MANUFACTURER>
<PRODUCTNAME>Microsoft® Windows® Operating System</PRODUCTNAME> </DRIVER>
<DRIVER> <FILENAME>bthmodem.sys</FILENAME> <FILESIZE>72192</FILESIZE>
<CREATIONDATE>07-14-2009 00:06:52</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>cdfs.sys</FILENAME>
<FILESIZE>92160</FILESIZE> <CREATIONDATE>07-13-2009 23:19:47</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
<FILENAME>cdrom.sys</FILENAME> <FILESIZE>147456</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:24</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>SCSI CDROM Class</GROUP> </DRIVER> <DRIVER>
<FILENAME>circlass.sys</FILENAME> <FILESIZE>45568</FILESIZE>
<CREATIONDATE>07-14-2009 00:06:34</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>CLFS.sys</FILENAME> <FILESIZE>367696</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:59</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>CmBatt.sys</FILENAME> <FILESIZE>17664</FILESIZE>
<CREATIONDATE>07-13-2009 23:31:03</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>cmdide.sys</FILENAME>
<FILESIZE>17488</FILESIZE> <CREATIONDATE>07-13-2009 23:19:48</CREATIONDATE>
<VERSION>2.0.7.0</VERSION> <MANUFACTURER>CMD Technology, Inc.</MANUFACTURER>
<PRODUCTNAME>Microsoft® Windows® Operating System</PRODUCTNAME> <GROUP>System
Bus Extender</GROUP> </DRIVER> <DRIVER> <FILENAME>cng.sys</FILENAME>
<FILESIZE>458704</FILESIZE> <CREATIONDATE>07-10-2012 22:39:25</CREATIONDATE>
<VERSION>6.1.7601.17856</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>compbatt.sys</FILENAME> <FILESIZE>21584</FILESIZE>
<CREATIONDATE>07-13-2009 23:31:02</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>CompositeBus.sys</FILENAME> <FILESIZE>38912</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:28</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>crcdisk.sys</FILENAME> <FILESIZE>24144</FILESIZE>
<CREATIONDATE>07-14-2009 00:01:14</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Pnp Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>csc.sys</FILENAME> <FILESIZE>514560</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:53</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>network</GROUP> </DRIVER> <DRIVER>
<FILENAME>CVirtA64.sys</FILENAME> <FILESIZE>14992</FILESIZE>
<CREATIONDATE>02-08-2010 06:32:00</CREATIONDATE> <VERSION>5.0.0.1</VERSION>
<MANUFACTURER>Cisco Systems, Inc.</MANUFACTURER> <PRODUCTNAME>Cisco Systems VPN
Client</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>CVPNDRVA.sys</FILENAME> <FILESIZE>304784</FILESIZE>
<CREATIONDATE>03-23-2010 11:29:46</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
<MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER> <FILENAME>dfsc.sys</FILENAME>
<FILESIZE>102400</FILESIZE> <CREATIONDATE>07-08-2011 10:33:37</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>discache.sys</FILENAME> <FILESIZE>40448</FILESIZE>
<CREATIONDATE>07-13-2009 23:37:18</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>disk.sys</FILENAME>
<FILESIZE>73280</FILESIZE> <CREATIONDATE>07-13-2009 23:19:57</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>dne64x.sys</FILENAME>
<FILESIZE>157968</FILESIZE> <CREATIONDATE>11-16-2008 16:39:44</CREATIONDATE>
<VERSION>3.22.4.17992</VERSION> <MANUFACTURER>Deterministic Networks,
Inc.</MANUFACTURER> <PRODUCTNAME/> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
<FILENAME>drmkaud.sys</FILENAME> <FILESIZE>5632</FILESIZE>
<CREATIONDATE>07-14-2009 00:06:16</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>dxgkrnl.sys</FILENAME>
<FILESIZE>982912</FILESIZE> <CREATIONDATE>07-08-2011 10:35:50</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Video Init</GROUP> </DRIVER> <DRIVER>
<FILENAME>evbda.sys</FILENAME> <FILESIZE>3286016</FILESIZE>
<CREATIONDATE>06-10-2009 20:34:33</CREATIONDATE> <VERSION>4.8.13.0</VERSION>
<MANUFACTURER>Broadcom Corporation</MANUFACTURER> <PRODUCTNAME>Broadcom
NetXtreme II 10 GigE</PRODUCTNAME> <GROUP>base</GROUP> </DRIVER> <DRIVER>
<FILENAME>elxstor.sys</FILENAME> <FILESIZE>530496</FILESIZE>
<CREATIONDATE>06-10-2009 20:36:49</CREATIONDATE> <VERSION>7.2.10.211</VERSION>
<MANUFACTURER>Emulex</MANUFACTURER> <PRODUCTNAME>Emulex LightPulse Storport
Miniport Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>errdev.sys</FILENAME> <FILESIZE>9728</FILESIZE>
<CREATIONDATE>07-13-2009 23:31:04</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>exfat.sys</FILENAME> <FILESIZE>195072</FILESIZE>
<CREATIONDATE>07-13-2009 23:23:29</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
<FILENAME>fastfat.sys</FILENAME> <FILESIZE>204800</FILESIZE>
<CREATIONDATE>07-13-2009 23:23:29</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
<FILENAME>fdc.sys</FILENAME> <FILESIZE>29696</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:54</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>fileinfo.sys</FILENAME>
<FILESIZE>70224</FILESIZE> <CREATIONDATE>07-13-2009 23:34:25</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>FSFilter Bottom</GROUP> <ALTITUDE>45000</ALTITUDE>
</DRIVER> <DRIVER> <FILENAME>filetrace.sys</FILENAME>
<FILESIZE>34304</FILESIZE> <CREATIONDATE>07-13-2009 23:25:40</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>FSFilter Activity Monitor</GROUP>
<ALTITUDE>385000</ALTITUDE> </DRIVER> <DRIVER>
<FILENAME>flpydisk.sys</FILENAME> <FILESIZE>24576</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:54</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>fltmgr.sys</FILENAME>
<FILESIZE>289664</FILESIZE> <CREATIONDATE>07-08-2011 10:35:32</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>FSFilter Infrastructure</GROUP> </DRIVER> <DRIVER>
<FILENAME>FsDepends.sys</FILENAME> <FILESIZE>55376</FILESIZE>
<CREATIONDATE>07-13-2009 23:26:13</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Filter</GROUP> <ALTITUDE>407000</ALTITUDE> </DRIVER>
<DRIVER> <FILENAME>Fs_Rec.sys</FILENAME> <FILESIZE>23408</FILESIZE>
<CREATIONDATE>04-13-2012 22:32:41</CREATIONDATE>
<VERSION>6.1.7601.17787</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>File System</GROUP> </DRIVER> <DRIVER>
<FILENAME>fvevol.sys</FILENAME> <FILESIZE>223248</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:16</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>gagp30kx.sys</FILENAME> <FILESIZE>65088</FILESIZE>
<CREATIONDATE>07-13-2009 23:38:44</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>gdrv.sys</FILENAME> <FILESIZE>25640</FILESIZE>
<CREATIONDATE>07-29-2010 11:03:23</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
<MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
<FILENAME>hcw85cir.sys</FILENAME> <FILESIZE>31232</FILESIZE>
<CREATIONDATE>07-13-2009 22:53:43</CREATIONDATE>
<VERSION>1.31.27127.0</VERSION> <MANUFACTURER>Hauppauge Computer Works,
Inc.</MANUFACTURER> <PRODUCTNAME>hcw85cir.sys</PRODUCTNAME> <GROUP>Extended
Base</GROUP> </DRIVER> <DRIVER> <FILENAME>HdAudio.sys</FILENAME>
<FILESIZE>350208</FILESIZE> <CREATIONDATE>07-08-2011 10:33:25</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>HDAudBus.sys</FILENAME>
<FILESIZE>122368</FILESIZE> <CREATIONDATE>07-08-2011 10:33:24</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>HidBatt.sys</FILENAME> <FILESIZE>26624</FILESIZE>
<CREATIONDATE>07-13-2009 23:31:06</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>hidbth.sys</FILENAME>
<FILESIZE>100864</FILESIZE> <CREATIONDATE>07-14-2009 00:06:52</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER> <DRIVER>
<FILENAME>hidir.sys</FILENAME> <FILESIZE>46592</FILESIZE>
<CREATIONDATE>07-14-2009 00:06:23</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER> <DRIVER>
<FILENAME>hidusb.sys</FILENAME> <FILESIZE>30208</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:27</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER> <DRIVER>
<FILENAME>HpSAMD.sys</FILENAME> <FILESIZE>78720</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:18</CREATIONDATE> <VERSION>6.12.6.64</VERSION>
<MANUFACTURER>Hewlett-Packard Company</MANUFACTURER> <PRODUCTNAME>Smart Array
SAS/SATA Controller Media Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP>
</DRIVER> <DRIVER> <FILENAME>HTTP.sys</FILENAME> <FILESIZE>753664</FILESIZE>
<CREATIONDATE>07-08-2011 10:36:10</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>hwpolicy.sys</FILENAME>
<FILESIZE>14720</FILESIZE> <CREATIONDATE>07-08-2011 10:34:33</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>i8042prt.sys</FILENAME>
<FILESIZE>105472</FILESIZE> <CREATIONDATE>07-13-2009 23:19:58</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Keyboard Port</GROUP> </DRIVER> <DRIVER>
<FILENAME>iaStorV.sys</FILENAME> <FILESIZE>410496</FILESIZE>
<CREATIONDATE>04-27-2011 23:00:34</CREATIONDATE> <VERSION>8.6.2.1014</VERSION>
<MANUFACTURER>Intel Corporation</MANUFACTURER> <PRODUCTNAME>Intel Matrix
Storage Manager driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER>
<DRIVER> <FILENAME>iirsp.sys</FILENAME> <FILESIZE>44112</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>5.4.22.0</VERSION>
<MANUFACTURER>Intel Corp./ICP vortex GmbH</MANUFACTURER> <PRODUCTNAME>Intel/ICP
Raid Storport Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER>
<DRIVER> <FILENAME>RTKVHD64.sys</FILENAME> <FILESIZE>2298400</FILESIZE>
<CREATIONDATE>07-29-2010 10:56:30</CREATIONDATE> <VERSION>6.0.1.6069</VERSION>
<MANUFACTURER>Realtek Semiconductor Corp.</MANUFACTURER>
<PRODUCTNAME>Realtek(r) High Definition Audio Function Driver</PRODUCTNAME>
</DRIVER> <DRIVER> <FILENAME>intelide.sys</FILENAME> <FILESIZE>16960</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:48</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>intelppm.sys</FILENAME> <FILESIZE>62464</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>ipfltdrv.sys</FILENAME> <FILESIZE>82944</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:14</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>IPMIDrv.sys</FILENAME>
<FILESIZE>78848</FILESIZE> <CREATIONDATE>07-08-2011 10:33:25</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>ipnat.sys</FILENAME>
<FILESIZE>116224</FILESIZE> <CREATIONDATE>07-14-2009 00:10:03</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>irenum.sys</FILENAME>
<FILESIZE>17920</FILESIZE> <CREATIONDATE>07-14-2009 00:08:59</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>isapnp.sys</FILENAME>
<FILESIZE>20544</FILESIZE> <CREATIONDATE>07-13-2009 23:31:08</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>msiscsi.sys</FILENAME> <FILESIZE>273792</FILESIZE>
<CREATIONDATE>07-08-2011 10:36:21</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>jraid.sys</FILENAME>
<FILESIZE>115312</FILESIZE> <CREATIONDATE>07-29-2010 11:00:23</CREATIONDATE>
<VERSION>1.17.55.0</VERSION> <MANUFACTURER>JMicron Technology
Corp.</MANUFACTURER> <PRODUCTNAME>JMicron JMB36X RAID Driver</PRODUCTNAME>
<GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>kbdclass.sys</FILENAME> <FILESIZE>50768</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:50</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Keyboard Class</GROUP> </DRIVER> <DRIVER>
<FILENAME>kbdhid.sys</FILENAME> <FILESIZE>33280</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:26</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Keyboard Port</GROUP> </DRIVER> <DRIVER>
<FILENAME>ksecdd.sys</FILENAME> <FILESIZE>95600</FILESIZE>
<CREATIONDATE>07-10-2012 22:39:25</CREATIONDATE>
<VERSION>6.1.7601.17856</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>ksecpkg.sys</FILENAME> <FILESIZE>151920</FILESIZE>
<CREATIONDATE>07-10-2012 22:39:25</CREATIONDATE>
<VERSION>6.1.7601.17856</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Cryptography</GROUP> </DRIVER> <DRIVER>
<FILENAME>ksthunk.sys</FILENAME> <FILESIZE>20992</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:19</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>PNP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>libusb0.sys</FILENAME> <FILESIZE>44480</FILESIZE>
<CREATIONDATE>05-13-2011 18:35:22</CREATIONDATE> <VERSION>1.2.4.0</VERSION>
<MANUFACTURER>hxxp://libusb-win32.sourceforge.net</MANUFACTURER>
<PRODUCTNAME>LibUSB-Win32 - Kernel Driver</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>lltdio.sys</FILENAME> <FILESIZE>60928</FILESIZE>
<CREATIONDATE>07-14-2009 00:08:51</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>lsi_fc.sys</FILENAME> <FILESIZE>114752</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:34</CREATIONDATE> <VERSION>1.28.3.52</VERSION>
<MANUFACTURER>LSI Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows®
Operating System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>lsi_sas.sys</FILENAME> <FILESIZE>106560</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>1.28.3.52</VERSION>
<MANUFACTURER>LSI Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows®
Operating System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>lsi_sas2.sys</FILENAME> <FILESIZE>65600</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:34</CREATIONDATE> <VERSION>2.0.2.71</VERSION>
<MANUFACTURER>LSI Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows®
Operating System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>lsi_scsi.sys</FILENAME> <FILESIZE>115776</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>1.28.3.67</VERSION>
<MANUFACTURER>LSI Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows®
Operating System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>luafv.sys</FILENAME> <FILESIZE>113152</FILESIZE>
<CREATIONDATE>07-13-2009 23:26:13</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>FSFilter Virtualization</GROUP>
<ALTITUDE>135000</ALTITUDE> </DRIVER> <DRIVER> <FILENAME>megasas.sys</FILENAME>
<FILESIZE>35392</FILESIZE> <CREATIONDATE>06-10-2009 20:37:14</CREATIONDATE>
<VERSION>4.5.1.64</VERSION> <MANUFACTURER>LSI Corporation</MANUFACTURER>
<PRODUCTNAME>MEGASAS Storport Driver for Windows 7\Server 2008 R2 for
x64</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>MegaSR.sys</FILENAME> <FILESIZE>284736</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE>
<VERSION>13.5.409.2009</VERSION> <MANUFACTURER>LSI Corporation,
Inc.</MANUFACTURER> <PRODUCTNAME>MegaRAID Software RAID</PRODUCTNAME>
<GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER> <FILENAME>modem.sys</FILENAME>
<FILESIZE>40448</FILESIZE> <CREATIONDATE>07-14-2009 00:10:49</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Extended base</GROUP> </DRIVER> <DRIVER>
<FILENAME>monitor.sys</FILENAME> <FILESIZE>30208</FILESIZE>
<CREATIONDATE>07-13-2009 23:38:53</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>mouclass.sys</FILENAME>
<FILESIZE>49216</FILESIZE> <CREATIONDATE>07-13-2009 23:19:50</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Pointer Class</GROUP> </DRIVER> <DRIVER>
<FILENAME>mouhid.sys</FILENAME> <FILESIZE>31232</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:20</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Pointer Port</GROUP> </DRIVER> <DRIVER>
<FILENAME>mountmgr.sys</FILENAME> <FILESIZE>94592</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:33</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>mpio.sys</FILENAME> <FILESIZE>155008</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:20</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>mpsdrv.sys</FILENAME> <FILESIZE>77312</FILESIZE>
<CREATIONDATE>07-14-2009 00:08:25</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>network</GROUP> </DRIVER> <DRIVER>
<FILENAME>mrxdav.sys</FILENAME> <FILESIZE>140800</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:24</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>mrxsmb.sys</FILENAME>
<FILESIZE>158208</FILESIZE> <CREATIONDATE>06-16-2011 12:58:37</CREATIONDATE>
<VERSION>6.1.7601.17605</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>mrxsmb10.sys</FILENAME> <FILESIZE>288768</FILESIZE>
<CREATIONDATE>08-10-2011 18:18:51</CREATIONDATE>
<VERSION>6.1.7601.17647</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>mrxsmb20.sys</FILENAME> <FILESIZE>128000</FILESIZE>
<CREATIONDATE>06-16-2011 12:58:37</CREATIONDATE>
<VERSION>6.1.7601.17605</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>msahci.sys</FILENAME> <FILESIZE>31104</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:03</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>msdsm.sys</FILENAME> <FILESIZE>140672</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:21</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>Msfs.sys</FILENAME> <FILESIZE>26112</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:47</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>File system</GROUP> </DRIVER> <DRIVER>
<FILENAME>mshidkmdf.sys</FILENAME> <FILESIZE>8192</FILESIZE>
<CREATIONDATE>07-14-2009 00:06:24</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>msisadrv.sys</FILENAME> <FILESIZE>15424</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>MSKSSRV.sys</FILENAME> <FILESIZE>11136</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:18</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>MSPCLOCK.sys</FILENAME> <FILESIZE>7168</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:17</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>MSPQM.sys</FILENAME> <FILESIZE>6784</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:17</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>MsRPC.sys</FILENAME> <FILESIZE>366976</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:41</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>mssmbios.sys</FILENAME>
<FILESIZE>32320</FILESIZE> <CREATIONDATE>07-13-2009 23:31:10</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>MSTEE.sys</FILENAME>
<FILESIZE>8064</FILESIZE> <CREATIONDATE>07-14-2009 00:00:17</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>MTConfig.sys</FILENAME> <FILESIZE>15360</FILESIZE>
<CREATIONDATE>07-14-2009 00:02:08</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>mup.sys</FILENAME> <FILESIZE>60496</FILESIZE>
<CREATIONDATE>07-13-2009 23:23:45</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>nwifi.sys</FILENAME> <FILESIZE>318976</FILESIZE>
<CREATIONDATE>07-14-2009 00:07:24</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>ndis.sys</FILENAME> <FILESIZE>950128</FILESIZE>
<CREATIONDATE>09-12-2012 07:25:29</CREATIONDATE>
<VERSION>6.1.7601.17939</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>NDIS Wrapper</GROUP> </DRIVER> <DRIVER>
<FILENAME>ndiscap.sys</FILENAME> <FILESIZE>35328</FILESIZE>
<CREATIONDATE>07-14-2009 00:08:13</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>ndistapi.sys</FILENAME> <FILESIZE>24064</FILESIZE>
<CREATIONDATE>07-14-2009 00:10:00</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>ndisuio.sys</FILENAME>
<FILESIZE>56832</FILESIZE> <CREATIONDATE>07-08-2011 10:33:49</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>ndiswan.sys</FILENAME> <FILESIZE>164352</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:06</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>NDProxy.sys</FILENAME>
<FILESIZE>57856</FILESIZE> <CREATIONDATE>07-08-2011 10:34:14</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
<FILENAME>netbios.sys</FILENAME> <FILESIZE>44544</FILESIZE>
<CREATIONDATE>07-14-2009 00:09:26</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>NetBIOSGroup</GROUP> </DRIVER> <DRIVER>
<FILENAME>netbt.sys</FILENAME> <FILESIZE>261632</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:58</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
<FILENAME>nfrd960.sys</FILENAME> <FILESIZE>51264</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>7.10.0.0</VERSION>
<MANUFACTURER>IBM Corporation</MANUFACTURER> <PRODUCTNAME>IBM ServeRAID
Controller</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>ccdcmbx64.sys</FILENAME> <FILESIZE>19968</FILESIZE>
<CREATIONDATE>05-18-2011 08:14:12</CREATIONDATE> <VERSION>7.1.32.68</VERSION>
<MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/> <GROUP>Extended Base</GROUP>
</DRIVER> <DRIVER> <FILENAME>ccdcmbox64.sys</FILENAME>
<FILESIZE>27136</FILESIZE> <CREATIONDATE>05-18-2011 08:14:16</CREATIONDATE>
<VERSION>7.1.32.68</VERSION> <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/>
</DRIVER> <DRIVER> <FILENAME>nmwcdnsucx64.sys</FILENAME>
<FILESIZE>12800</FILESIZE> <CREATIONDATE>05-18-2011 08:09:48</CREATIONDATE>
<VERSION>6.85.14.46</VERSION> <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/>
</DRIVER> <DRIVER> <FILENAME>nmwcdnsux64.sys</FILENAME>
<FILESIZE>171008</FILESIZE> <CREATIONDATE>05-18-2011 08:09:48</CREATIONDATE>
<VERSION>6.85.14.46</VERSION> <MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/>
<GROUP>Extended Base</GROUP> </DRIVER> <DRIVER> <FILENAME>npf.sys</FILENAME>
<FILESIZE>35344</FILESIZE> <CREATIONDATE>06-25-2010 17:07:26</CREATIONDATE>
<VERSION>4.1.0.2001</VERSION> <MANUFACTURER>CACE Technologies,
Inc.</MANUFACTURER> <PRODUCTNAME>WinPcap</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>Npfs.sys</FILENAME> <FILESIZE>44032</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:48</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>File system</GROUP> </DRIVER> <DRIVER>
<FILENAME>nsiproxy.sys</FILENAME> <FILESIZE>24576</FILESIZE>
<CREATIONDATE>07-13-2009 23:21:03</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>Ntfs.sys</FILENAME>
<FILESIZE>1659760</FILESIZE> <CREATIONDATE>10-10-2012 07:35:35</CREATIONDATE>
<VERSION>6.1.7601.17945</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
<FILENAME>Null.sys</FILENAME> <FILESIZE>6144</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:38</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>nusb3hub.sys</FILENAME> <FILESIZE>75776</FILESIZE>
<CREATIONDATE>11-20-2009 11:15:58</CREATIONDATE> <VERSION>1.0.18.0</VERSION>
<MANUFACTURER>NEC Electronics Corporation</MANUFACTURER> <PRODUCTNAME>USB 3.0
Device Driver</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>nusb3xhc.sys</FILENAME> <FILESIZE>177152</FILESIZE>
<CREATIONDATE>11-20-2009 11:16:02</CREATIONDATE> <VERSION>1.0.18.0</VERSION>
<MANUFACTURER>NEC Electronics Corporation</MANUFACTURER> <PRODUCTNAME>USB 3.0
Device Driver</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>nvlddmkm.sys</FILENAME> <FILESIZE>13443944</FILESIZE>
<CREATIONDATE>10-10-2012 20:22:18</CREATIONDATE> <VERSION>9.18.13.697</VERSION>
<MANUFACTURER>NVIDIA Corporation</MANUFACTURER> <PRODUCTNAME>NVIDIA Windows
Kernel Mode Driver, Version 306.97 </PRODUCTNAME> <GROUP>Video</GROUP> </DRIVER>
<DRIVER> <FILENAME>nvraid.sys</FILENAME> <FILESIZE>148352</FILESIZE>
<CREATIONDATE>04-27-2011 23:00:35</CREATIONDATE> <VERSION>10.6.0.18</VERSION>
<MANUFACTURER>NVIDIA Corporation</MANUFACTURER> <PRODUCTNAME>NVIDIA nForce(TM)
RAID Driver</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>nvstor.sys</FILENAME> <FILESIZE>166272</FILESIZE>
<CREATIONDATE>04-27-2011 23:00:35</CREATIONDATE> <VERSION>10.6.0.18</VERSION>
<MANUFACTURER>NVIDIA Corporation</MANUFACTURER> <PRODUCTNAME>NVIDIA nForce(TM)
SATA Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>nv_agp.sys</FILENAME> <FILESIZE>122960</FILESIZE>
<CREATIONDATE>07-13-2009 23:38:44</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>ohci1394.sys</FILENAME> <FILESIZE>72832</FILESIZE>
<CREATIONDATE>07-14-2009 00:06:45</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>parport.sys</FILENAME>
<FILESIZE>97280</FILESIZE> <CREATIONDATE>07-14-2009 00:00:41</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Parallel arbitrator</GROUP> </DRIVER> <DRIVER>
<FILENAME>partmgr.sys</FILENAME> <FILESIZE>75120</FILESIZE>
<CREATIONDATE>05-12-2012 16:05:24</CREATIONDATE>
<VERSION>6.1.7601.17796</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>pccsmcfdx64.sys</FILENAME> <FILESIZE>25600</FILESIZE>
<CREATIONDATE>08-07-2010 14:45:22</CREATIONDATE> <VERSION>7.0.0.0</VERSION>
<MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/> </DRIVER> <DRIVER>
<FILENAME>pci.sys</FILENAME> <FILESIZE>184704</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:28</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>pciide.sys</FILENAME> <FILESIZE>12352</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:49</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>pcmcia.sys</FILENAME> <FILESIZE>220752</FILESIZE>
<CREATIONDATE>07-13-2009 23:31:10</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>pcw.sys</FILENAME> <FILESIZE>50768</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:30</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>peauth.sys</FILENAME> <FILESIZE>651264</FILESIZE>
<CREATIONDATE>07-13-2009 23:51:01</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>raspptp.sys</FILENAME>
<FILESIZE>111104</FILESIZE> <CREATIONDATE>07-08-2011 10:34:59</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>processr.sys</FILENAME>
<FILESIZE>60416</FILESIZE> <CREATIONDATE>07-13-2009 23:19:26</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>pacer.sys</FILENAME> <FILESIZE>131584</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:44</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>pwdrvio.sys</FILENAME> <FILESIZE>19032</FILESIZE>
<CREATIONDATE>01-09-2013 23:31:36</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
<MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
<FILENAME>pwdspio.sys</FILENAME> <FILESIZE>12384</FILESIZE>
<CREATIONDATE>01-09-2013 23:31:36</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
<MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
<FILENAME>PxHlpa64.sys</FILENAME> <FILESIZE>55856</FILESIZE>
<CREATIONDATE>08-07-2010 16:15:51</CREATIONDATE> <VERSION>3.0.93.0</VERSION>
<MANUFACTURER>Sonic Solutions</MANUFACTURER>
<PRODUCTNAME>PxHelp64</PRODUCTNAME> <GROUP>Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>ql2300.sys</FILENAME> <FILESIZE>1524816</FILESIZE>
<CREATIONDATE>06-10-2009 20:37:36</CREATIONDATE> <VERSION>9.1.8.6</VERSION>
<MANUFACTURER>QLogic Corporation</MANUFACTURER> <PRODUCTNAME>QLogic Fibre
Channel Stor Miniport Driver</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP>
</DRIVER> <DRIVER> <FILENAME>ql40xx.sys</FILENAME> <FILESIZE>128592</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:34</CREATIONDATE> <VERSION>2.1.3.20</VERSION>
<MANUFACTURER>QLogic Corporation</MANUFACTURER> <PRODUCTNAME>QLA40XX iSCSI Host
Bus Adapter</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>qwavedrv.sys</FILENAME> <FILESIZE>46592</FILESIZE>
<CREATIONDATE>07-14-2009 00:09:48</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rasacd.sys</FILENAME>
<FILESIZE>14848</FILESIZE> <CREATIONDATE>07-14-2009 00:10:09</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Streams Drivers</GROUP> </DRIVER> <DRIVER>
<FILENAME>AgileVpn.sys</FILENAME> <FILESIZE>60416</FILESIZE>
<CREATIONDATE>07-14-2009 00:10:24</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rasl2tp.sys</FILENAME>
<FILESIZE>129536</FILESIZE> <CREATIONDATE>07-08-2011 10:35:25</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>raspppoe.sys</FILENAME>
<FILESIZE>92672</FILESIZE> <CREATIONDATE>07-14-2009 00:10:17</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rassstp.sys</FILENAME>
<FILESIZE>83968</FILESIZE> <CREATIONDATE>07-14-2009 00:10:25</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rdbss.sys</FILENAME>
<FILESIZE>309248</FILESIZE> <CREATIONDATE>07-08-2011 10:35:39</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>rdpbus.sys</FILENAME> <FILESIZE>24064</FILESIZE>
<CREATIONDATE>07-14-2009 00:17:46</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>RDPCDD.sys</FILENAME>
<FILESIZE>7680</FILESIZE> <CREATIONDATE>07-14-2009 00:16:34</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Video Save</GROUP> </DRIVER> <DRIVER>
<FILENAME>rdpdr.sys</FILENAME> <FILESIZE>165888</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:18</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rdpencdd.sys</FILENAME>
<FILESIZE>7680</FILESIZE> <CREATIONDATE>07-14-2009 00:16:34</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Video Save</GROUP> </DRIVER> <DRIVER>
<FILENAME>rdprefmp.sys</FILENAME> <FILESIZE>8192</FILESIZE>
<CREATIONDATE>07-14-2009 00:16:35</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Video Save</GROUP> </DRIVER> <DRIVER>
<FILENAME>RDPWD.sys</FILENAME> <FILESIZE>210944</FILESIZE>
<CREATIONDATE>06-12-2012 22:39:23</CREATIONDATE>
<VERSION>6.1.7601.17830</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>rdyboost.sys</FILENAME>
<FILESIZE>213888</FILESIZE> <CREATIONDATE>07-08-2011 10:34:35</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>RimUsb_AMD64.sys</FILENAME> <FILESIZE>27520</FILESIZE>
<CREATIONDATE>05-14-2007 14:06:18</CREATIONDATE> <VERSION>4.0.0.2</VERSION>
<MANUFACTURER>Research In Motion Limited</MANUFACTURER> <PRODUCTNAME>BlackBerry
Device Driver</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>rrnetcap.sys</FILENAME> <FILESIZE>37480</FILESIZE>
<CREATIONDATE>08-02-2010 14:01:41</CREATIONDATE> <VERSION>4.0.4000.0</VERSION>
<MANUFACTURER>RapidSolution Software AG</MANUFACTURER>
<PRODUCTNAME>RadioRip</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>rrnetcap.sys</FILENAME> <FILESIZE>37480</FILESIZE>
<CREATIONDATE>08-02-2010 14:01:41</CREATIONDATE> <VERSION>4.0.4000.0</VERSION>
<MANUFACTURER>RapidSolution Software AG</MANUFACTURER>
<PRODUCTNAME>RadioRip</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>rspndr.sys</FILENAME> <FILESIZE>76800</FILESIZE>
<CREATIONDATE>07-14-2009 00:08:51</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>Rt64win7.sys</FILENAME> <FILESIZE>346144</FILESIZE>
<CREATIONDATE>07-29-2010 10:59:40</CREATIONDATE>
<VERSION>7.17.304.2010</VERSION> <MANUFACTURER>Realtek </MANUFACTURER>
<PRODUCTNAME>Realtek 8136/8168/8169 PCI/PCIe Adapters </PRODUCTNAME>
<GROUP>NDIS</GROUP> </DRIVER> <DRIVER> <FILENAME>wg111v3.sys</FILENAME>
<FILESIZE>446976</FILESIZE> <CREATIONDATE>04-12-2011 15:57:56</CREATIONDATE>
<VERSION>62.1181.1118.2009</VERSION> <MANUFACTURER>NETGEAR Inc. </MANUFACTURER>
<PRODUCTNAME>NETGEAR WG111v3 Wireless-G USB Adapter NDIS Driver</PRODUCTNAME>
<GROUP>NDIS</GROUP> </DRIVER> <DRIVER> <FILENAME>vms3cap.sys</FILENAME>
<FILESIZE>6656</FILESIZE> <CREATIONDATE>07-08-2011 10:33:21</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Video</GROUP> </DRIVER> <DRIVER>
<FILENAME>sbp2port.sys</FILENAME> <FILESIZE>103808</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:56</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>scfilter.sys</FILENAME>
<FILESIZE>29696</FILESIZE> <CREATIONDATE>07-08-2011 10:33:24</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>secdrv.sys</FILENAME> <FILESIZE>23040</FILESIZE>
<CREATIONDATE>07-14-2009 02:36:07</CREATIONDATE> <VERSION>4.3.86.0</VERSION>
<MANUFACTURER>Macrovision Corporation, Macrovision Europe Limited, and
Macrovision Japan and Asia K.K.</MANUFACTURER> <PRODUCTNAME>Macrovision SECURITY
Driver</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>Sentinel64.sys</FILENAME>
<FILESIZE>142120</FILESIZE> <CREATIONDATE>08-11-2010 13:12:56</CREATIONDATE>
<VERSION>7.4.0.0</VERSION> <MANUFACTURER>SafeNet, Inc.</MANUFACTURER>
<PRODUCTNAME/> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>serenum.sys</FILENAME> <FILESIZE>23552</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:33</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>PNP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>serial.sys</FILENAME> <FILESIZE>94208</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:40</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Extended base</GROUP> </DRIVER> <DRIVER>
<FILENAME>sermouse.sys</FILENAME> <FILESIZE>26624</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:20</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Pointer Port</GROUP> </DRIVER> <DRIVER>
<FILENAME>sffdisk.sys</FILENAME> <FILESIZE>14336</FILESIZE>
<CREATIONDATE>07-14-2009 00:01:01</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>sffp_mmc.sys</FILENAME>
<FILESIZE>13824</FILESIZE> <CREATIONDATE>07-14-2009 00:01:03</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>sffp_sd.sys</FILENAME>
<FILESIZE>14336</FILESIZE> <CREATIONDATE>07-08-2011 10:33:24</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>sfloppy.sys</FILENAME>
<FILESIZE>16896</FILESIZE> <CREATIONDATE>07-14-2009 00:01:02</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>SiSRaid2.sys</FILENAME>
<FILESIZE>43584</FILESIZE> <CREATIONDATE>06-10-2009 20:37:40</CREATIONDATE>
<VERSION>5.1.1039.2600</VERSION> <MANUFACTURER>Silicon Integrated Systems
Corp.</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>sisraid4.sys</FILENAME> <FILESIZE>80464</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE>
<VERSION>5.1.1039.3600</VERSION> <MANUFACTURER>Silicon Integrated
Systems</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>smb.sys</FILENAME> <FILESIZE>93184</FILESIZE>
<CREATIONDATE>07-14-2009 00:09:09</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
<FILENAME>spldr.sys</FILENAME> <FILESIZE>19008</FILESIZE>
<CREATIONDATE>07-13-2009 20:27:56</CREATIONDATE> <VERSION>6.1.7127.0</VERSION>
<MANUFACTURER>Microsoft Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft®
Windows® Operating System</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>sptd.sys</FILENAME> <FILESIZE>834544</FILESIZE>
<CREATIONDATE>08-05-2010 23:39:02</CREATIONDATE> <VERSION>1.62.0.0</VERSION>
<MANUFACTURER>Duplex Secure Ltd.</MANUFACTURER> <PRODUCTNAME>SCSI Pass Through
Direct</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>srv.sys</FILENAME> <FILESIZE>467456</FILESIZE>
<CREATIONDATE>06-16-2011 12:58:14</CREATIONDATE>
<VERSION>6.1.7601.17608</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>srv2.sys</FILENAME> <FILESIZE>410112</FILESIZE>
<CREATIONDATE>06-16-2011 12:58:14</CREATIONDATE>
<VERSION>6.1.7601.17608</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>srvnet.sys</FILENAME> <FILESIZE>168448</FILESIZE>
<CREATIONDATE>06-16-2011 12:58:14</CREATIONDATE>
<VERSION>6.1.7601.17608</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Network</GROUP> </DRIVER> <DRIVER>
<FILENAME>ssadbus.sys</FILENAME> <FILESIZE>157672</FILESIZE>
<CREATIONDATE>10-08-2011 13:26:08</CREATIONDATE> <VERSION>5.28.2.1</VERSION>
<MANUFACTURER>MCCI Corporation</MANUFACTURER> <PRODUCTNAME>SAMSUNG Android USB
Composite Device</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>ssadmdfl.sys</FILENAME> <FILESIZE>16872</FILESIZE>
<CREATIONDATE>10-08-2011 13:26:08</CREATIONDATE> <VERSION>5.28.2.1</VERSION>
<MANUFACTURER>MCCI Corporation</MANUFACTURER> <PRODUCTNAME>SAMSUNG Android USB
Modem Filter Driver</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>ssadmdm.sys</FILENAME> <FILESIZE>177640</FILESIZE>
<CREATIONDATE>10-08-2011 13:26:08</CREATIONDATE> <VERSION>5.28.2.1</VERSION>
<MANUFACTURER>MCCI Corporation</MANUFACTURER> <PRODUCTNAME>SAMSUNG Android USB
Modem</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>ssadserd.sys</FILENAME>
<FILESIZE>146920</FILESIZE> <CREATIONDATE>10-08-2011 13:26:07</CREATIONDATE>
<VERSION>5.28.2.1</VERSION> <MANUFACTURER>MCCI Corporation</MANUFACTURER>
<PRODUCTNAME>SAMSUNG Android USB Diagnostic Serial Port</PRODUCTNAME> </DRIVER>
<DRIVER> <FILENAME>StarOpen.sys</FILENAME> <FILESIZE>5504</FILESIZE>
<CREATIONDATE>09-13-2010 19:03:13</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
<MANUFACTURER/> <PRODUCTNAME/> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>stexstor.sys</FILENAME> <FILESIZE>24656</FILESIZE>
<CREATIONDATE>07-13-2009 21:59:33</CREATIONDATE> <VERSION>5.0.1.1</VERSION>
<MANUFACTURER>Promise Technology</MANUFACTURER> <PRODUCTNAME>Promise SuperTrak
EX Series</PRODUCTNAME> <GROUP>SCSI Miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>serscan.sys</FILENAME> <FILESIZE>12288</FILESIZE>
<CREATIONDATE>07-14-2009 00:35:32</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>vmstorfl.sys</FILENAME> <FILESIZE>46464</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:12</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>storvsc.sys</FILENAME> <FILESIZE>34688</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:28</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>swenum.sys</FILENAME> <FILESIZE>12496</FILESIZE>
<CREATIONDATE>07-14-2009 00:00:18</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tap0901.sys</FILENAME>
<FILESIZE>31232</FILESIZE> <CREATIONDATE>07-01-2011 09:46:40</CREATIONDATE>
<VERSION>9.0.0.8</VERSION> <MANUFACTURER>The OpenVPN Project</MANUFACTURER>
<PRODUCTNAME>TAP-Win32 Virtual Network Driver</PRODUCTNAME> <GROUP>NDIS</GROUP>
</DRIVER> <DRIVER> <FILENAME>tapoas.sys</FILENAME> <FILESIZE>30720</FILESIZE>
<CREATIONDATE>08-19-2011 00:46:06</CREATIONDATE> <VERSION>9.0.0.7</VERSION>
<MANUFACTURER>The OpenVPN Project</MANUFACTURER> <PRODUCTNAME>TAP-Win32 Virtual
Network Driver</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>tbhsd.sys</FILENAME> <FILESIZE>47208</FILESIZE>
<CREATIONDATE>08-20-2012 10:48:46</CREATIONDATE> <VERSION>6.0.3400.0</VERSION>
<MANUFACTURER>RapidSolution Software AG</MANUFACTURER> <PRODUCTNAME>Audials
Sound Capturing</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tcpip.sys</FILENAME>
<FILESIZE>1913192</FILESIZE> <CREATIONDATE>02-13-2013 12:04:45</CREATIONDATE>
<VERSION>6.1.7601.18042</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
<FILENAME>tcpip.sys</FILENAME> <FILESIZE>1913192</FILESIZE>
<CREATIONDATE>02-13-2013 12:04:45</CREATIONDATE>
<VERSION>6.1.7601.18042</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tcpipreg.sys</FILENAME>
<FILESIZE>45568</FILESIZE> <CREATIONDATE>11-15-2012 18:52:50</CREATIONDATE>
<VERSION>6.1.7601.17964</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tdpipe.sys</FILENAME>
<FILESIZE>15872</FILESIZE> <CREATIONDATE>07-14-2009 00:16:32</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tdtcp.sys</FILENAME>
<FILESIZE>23552</FILESIZE> <CREATIONDATE>03-14-2012 10:24:36</CREATIONDATE>
<VERSION>6.1.7601.17779</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tdx.sys</FILENAME>
<FILESIZE>119296</FILESIZE> <CREATIONDATE>07-08-2011 10:35:59</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
<FILENAME>termdd.sys</FILENAME> <FILESIZE>63360</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:05</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>Tpkd.sys</FILENAME>
<FILESIZE>105592</FILESIZE> <CREATIONDATE>12-23-2009 09:36:04</CREATIONDATE>
<VERSION>5.8.13.3234</VERSION> <MANUFACTURER>PACE Anti-Piracy,
Inc.</MANUFACTURER> <PRODUCTNAME>InterLok(R)</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>truecrypt.sys</FILENAME> <FILESIZE>230352</FILESIZE>
<CREATIONDATE>07-29-2010 12:22:50</CREATIONDATE> <VERSION>7.0.0.0</VERSION>
<MANUFACTURER>TrueCrypt Foundation</MANUFACTURER>
<PRODUCTNAME>TrueCrypt</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>tssecsrv.sys</FILENAME> <FILESIZE>39424</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:26</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>tsusbflt.sys</FILENAME>
<FILESIZE>59392</FILESIZE> <CREATIONDATE>07-08-2011 10:36:45</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>base</GROUP> </DRIVER> <DRIVER>
<FILENAME>tunnel.sys</FILENAME> <FILESIZE>125440</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:38</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>uagp35.sys</FILENAME> <FILESIZE>64080</FILESIZE>
<CREATIONDATE>07-13-2009 23:38:44</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>udfs.sys</FILENAME> <FILESIZE>328192</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:33</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Boot File System</GROUP> </DRIVER> <DRIVER>
<FILENAME>uliagpkx.sys</FILENAME> <FILESIZE>64592</FILESIZE>
<CREATIONDATE>07-13-2009 23:38:48</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PnP Filter</GROUP> </DRIVER> <DRIVER>
<FILENAME>umbus.sys</FILENAME> <FILESIZE>48640</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:00</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>umpass.sys</FILENAME> <FILESIZE>9728</FILESIZE>
<CREATIONDATE>07-14-2009 00:06:52</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>UnlockerDriver5.sys</FILENAME> <FILESIZE>4096</FILESIZE>
<CREATIONDATE>07-04-2010 19:51:26</CREATIONDATE> <VERSION>0.0.0.0</VERSION>
<MANUFACTURER/> <PRODUCTNAME/> </DRIVER> <DRIVER>
<FILENAME>usbser_lowerfltx64.sys</FILENAME> <FILESIZE>9216</FILESIZE>
<CREATIONDATE>05-18-2011 08:14:20</CREATIONDATE> <VERSION>7.1.32.68</VERSION>
<MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/> </DRIVER> <DRIVER>
<FILENAME>usbaudio.sys</FILENAME> <FILESIZE>109696</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:52</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>usbccgp.sys</FILENAME>
<FILESIZE>98816</FILESIZE> <CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
<VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>usbcir.sys</FILENAME> <FILESIZE>100352</FILESIZE>
<CREATIONDATE>07-14-2009 00:06:37</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>usbehci.sys</FILENAME> <FILESIZE>52736</FILESIZE>
<CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
<VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>usbhub.sys</FILENAME> <FILESIZE>343040</FILESIZE>
<CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
<VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>usbohci.sys</FILENAME> <FILESIZE>25600</FILESIZE>
<CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
<VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>usbprint.sys</FILENAME> <FILESIZE>25088</FILESIZE>
<CREATIONDATE>07-14-2009 00:38:18</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>extended base</GROUP> </DRIVER> <DRIVER>
<FILENAME>usbser.sys</FILENAME> <FILESIZE>32768</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:44</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER>
<FILENAME>usbser_lowerfltjx64.sys</FILENAME> <FILESIZE>9216</FILESIZE>
<CREATIONDATE>05-18-2011 08:14:22</CREATIONDATE> <VERSION>7.1.32.68</VERSION>
<MANUFACTURER>Nokia</MANUFACTURER> <PRODUCTNAME/> </DRIVER> <DRIVER>
<FILENAME>USBSTOR.SYS</FILENAME> <FILESIZE>91648</FILESIZE>
<CREATIONDATE>04-27-2011 23:00:33</CREATIONDATE>
<VERSION>6.1.7601.17577</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>usbuhci.sys</FILENAME>
<FILESIZE>30720</FILESIZE> <CREATIONDATE>05-12-2011 13:14:25</CREATIONDATE>
<VERSION>6.1.7601.17586</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>vdrvroot.sys</FILENAME> <FILESIZE>36432</FILESIZE>
<CREATIONDATE>07-14-2009 00:01:31</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>Boot Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>vgapnp.sys</FILENAME> <FILESIZE>29184</FILESIZE>
<CREATIONDATE>07-13-2009 23:38:48</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Video</GROUP> </DRIVER> <DRIVER>
<FILENAME>vga.sys</FILENAME> <FILESIZE>29184</FILESIZE>
<CREATIONDATE>07-13-2009 23:38:48</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Video Save</GROUP> </DRIVER> <DRIVER>
<FILENAME>vhdmp.sys</FILENAME> <FILESIZE>215936</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:47</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>SCSI miniport</GROUP> </DRIVER> <DRIVER>
<FILENAME>viaide.sys</FILENAME> <FILESIZE>17488</FILESIZE>
<CREATIONDATE>07-13-2009 23:19:50</CREATIONDATE>
<VERSION>6.0.6000.170</VERSION> <MANUFACTURER>VIA Technologies,
Inc.</MANUFACTURER> <PRODUCTNAME>VIA PCI IDE MINI Driver</PRODUCTNAME>
<GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>vmbus.sys</FILENAME> <FILESIZE>199552</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:33</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>VMBusHID.sys</FILENAME> <FILESIZE>21760</FILESIZE>
<CREATIONDATE>07-08-2011 10:33:18</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>volmgr.sys</FILENAME> <FILESIZE>71552</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:22</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>volmgrx.sys</FILENAME> <FILESIZE>363392</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:42</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>System Bus Extender</GROUP> </DRIVER> <DRIVER>
<FILENAME>volsnap.sys</FILENAME> <FILESIZE>295808</FILESIZE>
<CREATIONDATE>07-08-2011 10:35:41</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>vsmraid.sys</FILENAME>
<FILESIZE>161872</FILESIZE> <CREATIONDATE>06-10-2009 20:37:58</CREATIONDATE>
<VERSION>6.0.6000.6210</VERSION> <MANUFACTURER>VIA Technologies
Inc.,Ltd</MANUFACTURER> <PRODUCTNAME>VIA RAID driver</PRODUCTNAME> <GROUP>SCSI
Miniport</GROUP> </DRIVER> <DRIVER> <FILENAME>vwifibus.sys</FILENAME>
<FILESIZE>24576</FILESIZE> <CREATIONDATE>07-14-2009 00:07:21</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>vwififlt.sys</FILENAME>
<FILESIZE>59904</FILESIZE> <CREATIONDATE>07-14-2009 00:07:22</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>vwifimp.sys</FILENAME> <FILESIZE>17920</FILESIZE>
<CREATIONDATE>07-14-2009 00:07:28</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>wacompen.sys</FILENAME> <FILESIZE>27776</FILESIZE>
<CREATIONDATE>07-14-2009 00:02:07</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>wanarp.sys</FILENAME> <FILESIZE>88576</FILESIZE>
<CREATIONDATE>07-08-2011 10:34:43</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>wanarp.sys</FILENAME>
<FILESIZE>88576</FILESIZE> <CREATIONDATE>07-08-2011 10:34:43</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>wd.sys</FILENAME>
<FILESIZE>21056</FILESIZE> <CREATIONDATE>07-13-2009 23:19:55</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>Wdf01000.sys</FILENAME>
<FILESIZE>785512</FILESIZE> <CREATIONDATE>11-16-2012 00:19:10</CREATIONDATE>
<VERSION>1.11.9200.16384</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>WdfLoadGroup</GROUP> </DRIVER> <DRIVER>
<FILENAME>wfplwf.sys</FILENAME> <FILESIZE>12800</FILESIZE>
<CREATIONDATE>07-14-2009 00:09:26</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>NDIS</GROUP> </DRIVER> <DRIVER>
<FILENAME>wimmount.sys</FILENAME> <FILESIZE>22096</FILESIZE>
<CREATIONDATE>07-13-2009 23:29:31</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>FSFilter Infrastructure</GROUP>
<ALTITUDE>180700</ALTITUDE> </DRIVER> <DRIVER> <FILENAME>WinUsb.sys</FILENAME>
<FILESIZE>41984</FILESIZE> <CREATIONDATE>07-08-2011 10:34:42</CREATIONDATE>
<VERSION>6.1.7601.17514</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> <DRIVER> <FILENAME>wmiacpi.sys</FILENAME>
<FILESIZE>14336</FILESIZE> <CREATIONDATE>07-13-2009 23:31:03</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>ws2ifsl.sys</FILENAME> <FILESIZE>21504</FILESIZE>
<CREATIONDATE>07-14-2009 00:10:34</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Betriebssystem Microsoft®
Windows®</PRODUCTNAME> <GROUP>PNP_TDI</GROUP> </DRIVER> <DRIVER>
<FILENAME>WSDPrint.sys</FILENAME> <FILESIZE>23040</FILESIZE>
<CREATIONDATE>07-14-2009 00:39:20</CREATIONDATE>
<VERSION>6.1.7600.16385</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>Extended Base</GROUP> </DRIVER> <DRIVER>
<FILENAME>WudfPf.sys</FILENAME> <FILESIZE>87040</FILESIZE>
<CREATIONDATE>11-16-2012 00:05:33</CREATIONDATE>
<VERSION>6.2.9200.16384</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> <GROUP>base</GROUP> </DRIVER> <DRIVER>
<FILENAME>WUDFRd.sys</FILENAME> <FILESIZE>198656</FILESIZE>
<CREATIONDATE>11-16-2012 00:05:33</CREATIONDATE>
<VERSION>6.2.9200.16384</VERSION> <MANUFACTURER>Microsoft
Corporation</MANUFACTURER> <PRODUCTNAME>Microsoft® Windows® Operating
System</PRODUCTNAME> </DRIVER> </DRIVERS> </SYSTEMINFO>
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-28 22:47:02
-----------------------------
22:47:02.190 OS Version: Windows x64 6.1.7601 Service Pack 1
22:47:02.190 Number of processors: 4 586 0x502
22:47:02.190 ComputerName: USER-PC UserName: user
22:47:02.565 Initialize success
22:47:17.065 AVAST engine defs: 13022800
22:47:31.846 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID2Port1Path0Target0Lun0
22:47:31.846 Disk 0 Vendor: SAMSUNG_ FV01 Size: 238474MB BusType: 8
22:47:31.862 Disk 0 MBR read successfully
22:47:31.862 Disk 0 MBR scan
22:47:31.893 Disk 0 Windows 7 default MBR code
22:47:31.909 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39899 MB offset 206848
22:47:31.924 Disk 0 Partition - 00 0F Extended LBA 198472 MB offset 81922048
22:47:31.940 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 198471 MB offset 81924096
22:47:32.002 Disk 0 scanning C:\Windows\system32\drivers
22:47:45.987 Service scanning
22:48:13.471 Modules scanning
22:48:13.487 Disk 0 trace - called modules:
22:48:13.502 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll jraid.sys
22:48:14.018 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a53060]
22:48:14.018 3 CLASSPNP.SYS[fffff880019af43f] -> nt!IofCallDriver -> \Device\Scsi\JRAID2Port1Path0Target0Lun0[0xfffffa80047d1050]
22:48:15.065 AVAST engine scan C:\Windows
22:48:17.737 AVAST engine scan C:\Windows\system32
22:52:45.706 AVAST engine scan C:\Windows\system32\drivers
22:53:02.956 AVAST engine scan C:\Users\user
23:00:55.612 AVAST engine scan C:\ProgramData
23:04:44.127 Scan finished successfully
23:36:24.128 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
23:36:24.144 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
|
|
01.03.2013, 14:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet erst JS.Expack.EM und dann Spy.Zbot Ups  Irgendwas hat die Anleitung verschluckt  Also nochmal richtig TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.03.2013, 15:05
| #5 |
| | Avira findet erst JS.Expack.EM und dann Spy.Zbot Okay, super. Hier der TDSS-Killer Log: Code:
ATTFilter 14:59:51.0966 4588 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:59:52.0083 4588 ============================================================
14:59:52.0083 4588 Current date / time: 2013/03/01 14:59:52.0083
14:59:52.0083 4588 SystemInfo:
14:59:52.0083 4588
14:59:52.0083 4588 OS Version: 6.1.7601 ServicePack: 1.0
14:59:52.0083 4588 Product type: Workstation
14:59:52.0083 4588 ComputerName: USER-PC
14:59:52.0083 4588 UserName: user
14:59:52.0083 4588 Windows directory: C:\Windows
14:59:52.0083 4588 System windows directory: C:\Windows
14:59:52.0083 4588 Running under WOW64
14:59:52.0083 4588 Processor architecture: Intel x64
14:59:52.0083 4588 Number of processors: 4
14:59:52.0083 4588 Page size: 0x1000
14:59:52.0083 4588 Boot type: Normal boot
14:59:52.0083 4588 ============================================================
14:59:52.0583 4588 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
14:59:52.0607 4588 ============================================================
14:59:52.0607 4588 \Device\Harddisk0\DR0:
14:59:52.0607 4588 MBR partitions:
14:59:52.0607 4588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4DED800
14:59:52.0623 4588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E21000, BlocksNum 0x183A3800
14:59:52.0623 4588 ============================================================
14:59:52.0685 4588 C: <-> \Device\Harddisk0\DR0\Partition1
14:59:52.0732 4588 D: <-> \Device\Harddisk0\DR0\Partition2
14:59:52.0732 4588 ============================================================
14:59:52.0732 4588 Initialize success
14:59:52.0732 4588 ============================================================
15:00:26.0271 4992 ============================================================
15:00:26.0271 4992 Scan started
15:00:26.0271 4992 Mode: Manual; SigCheck; TDLFS;
15:00:26.0271 4992 ============================================================
15:00:26.0521 4992 ================ Scan system memory ========================
15:00:26.0521 4992 System memory - ok
15:00:26.0521 4992 ================ Scan services =============================
15:00:26.0732 4992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:00:26.0880 4992 1394ohci - ok
15:00:26.0935 4992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:00:26.0966 4992 ACPI - ok
15:00:26.0998 4992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:00:27.0083 4992 AcpiPmi - ok
15:00:27.0201 4992 [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:00:27.0240 4992 AdobeActiveFileMonitor8.0 - ok
15:00:27.0279 4992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:00:27.0310 4992 adp94xx - ok
15:00:27.0341 4992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:00:27.0365 4992 adpahci - ok
15:00:27.0412 4992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:00:27.0451 4992 adpu320 - ok
15:00:27.0490 4992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:00:27.0748 4992 AeLookupSvc - ok
15:00:27.0826 4992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:00:27.0927 4992 AFD - ok
15:00:27.0958 4992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:00:27.0982 4992 agp440 - ok
15:00:28.0248 4992 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
15:00:28.0248 4992 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
15:00:28.0263 4992 Akamai ( HiddenFile.Multi.Generic ) - warning
15:00:28.0263 4992 Akamai - detected HiddenFile.Multi.Generic (1)
15:00:28.0302 4992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:00:28.0357 4992 ALG - ok
15:00:28.0388 4992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:00:28.0404 4992 aliide - ok
15:00:28.0435 4992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:00:28.0451 4992 amdide - ok
15:00:28.0474 4992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:00:28.0537 4992 AmdK8 - ok
15:00:28.0560 4992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:00:28.0599 4992 AmdPPM - ok
15:00:28.0646 4992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:00:28.0693 4992 amdsata - ok
15:00:28.0708 4992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:00:28.0740 4992 amdsbs - ok
15:00:28.0755 4992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:00:28.0779 4992 amdxata - ok
15:00:28.0826 4992 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
15:00:28.0919 4992 androidusb - ok
15:00:28.0998 4992 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService D:\Program Files\Avira\AntiVir Desktop\sched.exe
15:00:29.0044 4992 AntiVirSchedulerService - ok
15:00:29.0060 4992 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService D:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:00:29.0083 4992 AntiVirService - ok
15:00:29.0123 4992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:00:29.0341 4992 AppID - ok
15:00:29.0365 4992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:00:29.0419 4992 AppIDSvc - ok
15:00:29.0451 4992 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:00:29.0529 4992 Appinfo - ok
15:00:29.0576 4992 [ 43F86AE638618EEC90460F2238B7B1DD ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
15:00:29.0607 4992 AppleCharger - ok
15:00:29.0623 4992 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:00:29.0654 4992 AppleChargerSrv - ok
15:00:29.0708 4992 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:00:29.0802 4992 AppMgmt - ok
15:00:29.0841 4992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:00:29.0865 4992 arc - ok
15:00:29.0873 4992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:00:29.0896 4992 arcsas - ok
15:00:29.0927 4992 ASPI32 - ok
15:00:29.0951 4992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:30.0005 4992 AsyncMac - ok
15:00:30.0037 4992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:00:30.0044 4992 atapi - ok
15:00:30.0091 4992 [ 6D1272154A72B6C973A27DD505820EA7 ] athrusb C:\Windows\system32\DRIVERS\athrxusb.sys
15:00:30.0201 4992 athrusb - ok
15:00:30.0255 4992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:30.0349 4992 AudioEndpointBuilder - ok
15:00:30.0365 4992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:00:30.0396 4992 AudioSrv - ok
15:00:30.0435 4992 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:00:30.0466 4992 avgntflt - ok
15:00:30.0498 4992 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:00:30.0521 4992 avipbb - ok
15:00:30.0552 4992 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:00:30.0568 4992 avkmgr - ok
15:00:30.0607 4992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:00:30.0701 4992 AxInstSV - ok
15:00:30.0748 4992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:00:30.0810 4992 b06bdrv - ok
15:00:30.0849 4992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:30.0912 4992 b57nd60a - ok
15:00:30.0951 4992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:00:31.0005 4992 BDESVC - ok
15:00:31.0037 4992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:00:31.0099 4992 Beep - ok
15:00:31.0177 4992 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:00:31.0263 4992 BFE - ok
15:00:31.0294 4992 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:00:31.0365 4992 BITS - ok
15:00:31.0396 4992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:31.0443 4992 blbdrive - ok
15:00:31.0498 4992 BotkindSyncService - ok
15:00:31.0537 4992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:00:31.0615 4992 bowser - ok
15:00:31.0654 4992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:31.0755 4992 BrFiltLo - ok
15:00:31.0771 4992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:31.0787 4992 BrFiltUp - ok
15:00:31.0818 4992 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:00:31.0873 4992 Browser - ok
15:00:31.0896 4992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:00:31.0958 4992 Brserid - ok
15:00:31.0974 4992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:32.0013 4992 BrSerWdm - ok
15:00:32.0021 4992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:32.0068 4992 BrUsbMdm - ok
15:00:32.0083 4992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:32.0107 4992 BrUsbSer - ok
15:00:32.0130 4992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:32.0154 4992 BTHMODEM - ok
15:00:32.0201 4992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:00:32.0271 4992 bthserv - ok
15:00:32.0302 4992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:00:32.0404 4992 cdfs - ok
15:00:32.0451 4992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:00:32.0498 4992 cdrom - ok
15:00:32.0537 4992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:00:32.0599 4992 CertPropSvc - ok
15:00:32.0615 4992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:00:32.0630 4992 circlass - ok
15:00:32.0654 4992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:00:32.0693 4992 CLFS - ok
15:00:32.0802 4992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:32.0841 4992 clr_optimization_v2.0.50727_32 - ok
15:00:32.0888 4992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:32.0927 4992 clr_optimization_v2.0.50727_64 - ok
15:00:33.0013 4992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:33.0060 4992 clr_optimization_v4.0.30319_32 - ok
15:00:33.0107 4992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:33.0138 4992 clr_optimization_v4.0.30319_64 - ok
15:00:33.0162 4992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:33.0193 4992 CmBatt - ok
15:00:33.0224 4992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:00:33.0240 4992 cmdide - ok
15:00:33.0279 4992 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:00:33.0318 4992 CNG - ok
15:00:33.0341 4992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:00:33.0349 4992 Compbatt - ok
15:00:33.0388 4992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:00:33.0419 4992 CompositeBus - ok
15:00:33.0443 4992 COMSysApp - ok
15:00:33.0458 4992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:33.0474 4992 crcdisk - ok
15:00:33.0513 4992 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:00:33.0591 4992 CryptSvc - ok
15:00:33.0646 4992 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:00:33.0740 4992 CSC - ok
15:00:33.0794 4992 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:00:33.0826 4992 CscService - ok
15:00:33.0857 4992 cvintdrv - ok
15:00:33.0896 4992 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
15:00:33.0912 4992 CVirtA - ok
15:00:33.0982 4992 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
15:00:34.0021 4992 CVPND - ok
15:00:34.0076 4992 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
15:00:34.0107 4992 CVPNDRVA - ok
15:00:34.0146 4992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:00:34.0193 4992 DcomLaunch - ok
15:00:34.0248 4992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:00:34.0365 4992 defragsvc - ok
15:00:34.0388 4992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:00:34.0427 4992 DfsC - ok
15:00:34.0474 4992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:00:34.0521 4992 Dhcp - ok
15:00:34.0623 4992 [ 1AC413BEE91E786DFCB55D5D732EBFA1 ] DirMngr D:\Program Files\GNU\GnuPG\dirmngr.exe
15:00:34.0662 4992 DirMngr ( UnsignedFile.Multi.Generic ) - warning
15:00:34.0662 4992 DirMngr - detected UnsignedFile.Multi.Generic (1)
15:00:34.0693 4992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:00:34.0755 4992 discache - ok
15:00:34.0771 4992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:00:34.0787 4992 Disk - ok
15:00:34.0841 4992 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
15:00:34.0849 4992 DNE - ok
15:00:34.0927 4992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:00:34.0998 4992 Dnscache - ok
15:00:35.0037 4992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:00:35.0083 4992 dot3svc - ok
15:00:35.0107 4992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:00:35.0169 4992 DPS - ok
15:00:35.0208 4992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:00:35.0255 4992 drmkaud - ok
15:00:35.0310 4992 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:00:35.0341 4992 DXGKrnl - ok
15:00:35.0388 4992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:00:35.0443 4992 EapHost - ok
15:00:35.0560 4992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:00:35.0646 4992 ebdrv - ok
15:00:35.0685 4992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:00:35.0748 4992 EFS - ok
15:00:35.0810 4992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:00:35.0919 4992 ehRecvr - ok
15:00:35.0982 4992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:00:36.0068 4992 ehSched - ok
15:00:36.0115 4992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:00:36.0177 4992 elxstor - ok
15:00:36.0193 4992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:00:36.0216 4992 ErrDev - ok
15:00:36.0263 4992 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
15:00:36.0294 4992 ES lite Service - ok
15:00:36.0333 4992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:00:36.0396 4992 EventSystem - ok
15:00:36.0412 4992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:00:36.0458 4992 exfat - ok
15:00:36.0482 4992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:00:36.0529 4992 fastfat - ok
15:00:36.0583 4992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:00:36.0638 4992 Fax - ok
15:00:36.0662 4992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:00:36.0677 4992 fdc - ok
15:00:36.0685 4992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:00:36.0732 4992 fdPHost - ok
15:00:36.0740 4992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:00:36.0826 4992 FDResPub - ok
15:00:36.0841 4992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:00:36.0857 4992 FileInfo - ok
15:00:36.0865 4992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:00:36.0896 4992 Filetrace - ok
15:00:36.0935 4992 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:00:37.0013 4992 FLEXnet Licensing Service - ok
15:00:37.0037 4992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:37.0083 4992 flpydisk - ok
15:00:37.0123 4992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:00:37.0185 4992 FltMgr - ok
15:00:37.0255 4992 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:00:37.0333 4992 FontCache - ok
15:00:37.0380 4992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:37.0412 4992 FontCache3.0.0.0 - ok
15:00:37.0435 4992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:00:37.0451 4992 FsDepends - ok
15:00:37.0474 4992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:00:37.0490 4992 Fs_Rec - ok
15:00:37.0537 4992 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:00:37.0552 4992 fvevol - ok
15:00:37.0568 4992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:37.0591 4992 gagp30kx - ok
15:00:37.0623 4992 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
15:00:37.0638 4992 gdrv - ok
15:00:37.0677 4992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:00:37.0724 4992 gpsvc - ok
15:00:37.0794 4992 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:37.0810 4992 gupdate - ok
15:00:37.0818 4992 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:37.0833 4992 gupdatem - ok
15:00:37.0880 4992 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:00:37.0919 4992 gusvc - ok
15:00:37.0943 4992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:00:37.0990 4992 hcw85cir - ok
15:00:38.0029 4992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:00:38.0083 4992 HdAudAddService - ok
15:00:38.0115 4992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:00:38.0169 4992 HDAudBus - ok
15:00:38.0177 4992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:38.0201 4992 HidBatt - ok
15:00:38.0216 4992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:00:38.0240 4992 HidBth - ok
15:00:38.0248 4992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:00:38.0279 4992 HidIr - ok
15:00:38.0302 4992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:00:38.0373 4992 hidserv - ok
15:00:38.0419 4992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:00:38.0435 4992 HidUsb - ok
15:00:38.0466 4992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:00:38.0505 4992 hkmsvc - ok
15:00:38.0537 4992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:38.0583 4992 HomeGroupListener - ok
15:00:38.0623 4992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:38.0677 4992 HomeGroupProvider - ok
15:00:38.0818 4992 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 D:\Program Files\Treiber\HP\Digital Imaging\bin\hpqcxs08.dll
15:00:38.0841 4992 hpqcxs08 - ok
15:00:38.0896 4992 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc D:\Program Files\Treiber\HP\Digital Imaging\bin\hpqddsvc.dll
15:00:38.0904 4992 hpqddsvc - ok
15:00:38.0943 4992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:00:38.0966 4992 HpSAMD - ok
15:00:39.0021 4992 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC D:\Program Files\Treiber\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:00:39.0052 4992 HPSLPSVC - ok
15:00:39.0107 4992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:00:39.0201 4992 HTTP - ok
15:00:39.0224 4992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:00:39.0232 4992 hwpolicy - ok
15:00:39.0271 4992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:00:39.0287 4992 i8042prt - ok
15:00:39.0326 4992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:00:39.0349 4992 iaStorV - ok
15:00:39.0435 4992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:39.0513 4992 idsvc - ok
15:00:39.0560 4992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:00:39.0591 4992 iirsp - ok
15:00:39.0630 4992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:00:39.0708 4992 IKEEXT - ok
15:00:39.0810 4992 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:00:39.0849 4992 IntcAzAudAddService - ok
15:00:39.0865 4992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:00:39.0873 4992 intelide - ok
15:00:39.0904 4992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:00:39.0927 4992 intelppm - ok
15:00:39.0951 4992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:00:39.0990 4992 IPBusEnum - ok
15:00:40.0021 4992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:40.0068 4992 IpFilterDriver - ok
15:00:40.0107 4992 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:00:40.0177 4992 iphlpsvc - ok
15:00:40.0208 4992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:00:40.0240 4992 IPMIDRV - ok
15:00:40.0263 4992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:00:40.0318 4992 IPNAT - ok
15:00:40.0341 4992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:00:40.0419 4992 IRENUM - ok
15:00:40.0451 4992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:00:40.0458 4992 isapnp - ok
15:00:40.0498 4992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:00:40.0529 4992 iScsiPrt - ok
15:00:40.0623 4992 [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
15:00:40.0669 4992 JMB36X - ok
15:00:40.0701 4992 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
15:00:40.0724 4992 JRAID - ok
15:00:40.0763 4992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:00:40.0787 4992 kbdclass - ok
15:00:40.0818 4992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:00:40.0833 4992 kbdhid - ok
15:00:40.0857 4992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:00:40.0873 4992 KeyIso - ok
15:00:40.0904 4992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:00:40.0943 4992 KSecDD - ok
15:00:40.0974 4992 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:00:40.0998 4992 KSecPkg - ok
15:00:41.0021 4992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:00:41.0123 4992 ksthunk - ok
15:00:41.0162 4992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:00:41.0240 4992 KtmRm - ok
15:00:41.0263 4992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:00:41.0349 4992 LanmanServer - ok
15:00:41.0380 4992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:41.0427 4992 LanmanWorkstation - ok
15:00:41.0458 4992 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
15:00:41.0466 4992 libusb0 - ok
15:00:41.0498 4992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:00:41.0560 4992 lltdio - ok
15:00:41.0591 4992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:00:41.0685 4992 lltdsvc - ok
15:00:41.0701 4992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:00:41.0732 4992 lmhosts - ok
15:00:41.0763 4992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:41.0779 4992 LSI_FC - ok
15:00:41.0794 4992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:41.0810 4992 LSI_SAS - ok
15:00:41.0818 4992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:41.0833 4992 LSI_SAS2 - ok
15:00:41.0849 4992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:41.0865 4992 LSI_SCSI - ok
15:00:41.0888 4992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:00:41.0935 4992 luafv - ok
15:00:41.0958 4992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:00:41.0990 4992 Mcx2Svc - ok
15:00:41.0998 4992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:00:42.0013 4992 megasas - ok
15:00:42.0037 4992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:42.0060 4992 MegaSR - ok
15:00:42.0154 4992 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:00:42.0201 4992 Microsoft Office Groove Audit Service - ok
15:00:42.0224 4992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:00:42.0302 4992 MMCSS - ok
15:00:42.0318 4992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:00:42.0380 4992 Modem - ok
15:00:42.0412 4992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:00:42.0427 4992 monitor - ok
15:00:42.0451 4992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:00:42.0466 4992 mouclass - ok
15:00:42.0474 4992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:00:42.0498 4992 mouhid - ok
15:00:42.0544 4992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:00:42.0560 4992 mountmgr - ok
15:00:42.0623 4992 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:00:42.0654 4992 MozillaMaintenance - ok
15:00:42.0669 4992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:00:42.0693 4992 mpio - ok
15:00:42.0701 4992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:00:42.0748 4992 mpsdrv - ok
15:00:42.0833 4992 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:00:42.0935 4992 MpsSvc - ok
15:00:42.0966 4992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:00:43.0005 4992 MRxDAV - ok
15:00:43.0029 4992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:43.0068 4992 mrxsmb - ok
15:00:43.0107 4992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:43.0146 4992 mrxsmb10 - ok
15:00:43.0162 4992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:43.0224 4992 mrxsmb20 - ok
15:00:43.0271 4992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:00:43.0310 4992 msahci - ok
15:00:43.0341 4992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:00:43.0365 4992 msdsm - ok
15:00:43.0380 4992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:00:43.0412 4992 MSDTC - ok
15:00:43.0451 4992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:00:43.0474 4992 Msfs - ok
15:00:43.0482 4992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:00:43.0521 4992 mshidkmdf - ok
15:00:43.0552 4992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:00:43.0560 4992 msisadrv - ok
15:00:43.0607 4992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:00:43.0685 4992 MSiSCSI - ok
15:00:43.0685 4992 msiserver - ok
15:00:43.0708 4992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:00:43.0748 4992 MSKSSRV - ok
15:00:43.0771 4992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:43.0810 4992 MSPCLOCK - ok
15:00:43.0818 4992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:00:43.0857 4992 MSPQM - ok
15:00:43.0888 4992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:00:43.0912 4992 MsRPC - ok
15:00:43.0927 4992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:00:43.0935 4992 mssmbios - ok
15:00:43.0951 4992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:00:43.0990 4992 MSTEE - ok
15:00:44.0005 4992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:44.0021 4992 MTConfig - ok
15:00:44.0044 4992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:00:44.0060 4992 Mup - ok
15:00:44.0091 4992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:00:44.0138 4992 napagent - ok
15:00:44.0177 4992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:00:44.0240 4992 NativeWifiP - ok
15:00:44.0302 4992 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:00:44.0349 4992 NDIS - ok
15:00:44.0373 4992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:44.0404 4992 NdisCap - ok
15:00:44.0435 4992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:44.0482 4992 NdisTapi - ok
15:00:44.0498 4992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:44.0599 4992 Ndisuio - ok
15:00:44.0623 4992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:44.0685 4992 NdisWan - ok
15:00:44.0708 4992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:00:44.0740 4992 NDProxy - ok
15:00:44.0779 4992 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:00:44.0818 4992 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:00:44.0818 4992 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:00:44.0841 4992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:00:44.0912 4992 NetBIOS - ok
15:00:44.0943 4992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:00:44.0966 4992 NetBT - ok
15:00:44.0982 4992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:00:44.0990 4992 Netlogon - ok
15:00:45.0029 4992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:00:45.0068 4992 Netman - ok
15:00:45.0107 4992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:00:45.0154 4992 netprofm - ok
15:00:45.0177 4992 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:45.0201 4992 NetTcpPortSharing - ok
15:00:45.0208 4992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:45.0224 4992 nfrd960 - ok
15:00:45.0255 4992 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:00:45.0318 4992 NlaSvc - ok
15:00:45.0380 4992 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess D:\Program Files\CDBurnerXP\NMSAccessU.exe
15:00:45.0412 4992 NMSAccess - ok
15:00:45.0458 4992 [ 88F2F2CB9FAEE2E14BCCF384F4C88061 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
15:00:45.0521 4992 nmwcd - ok
15:00:45.0552 4992 [ 31C1FAC4AE14FB2F8771C59BA3F90BAD ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
15:00:45.0615 4992 nmwcdc - ok
15:00:45.0646 4992 [ 863AA6C58AC85A22355AE943C605E44B ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:00:45.0685 4992 nmwcdnsucx64 - ok
15:00:45.0716 4992 [ 7983D9201788407C4D1FC4D0BAA04E32 ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
15:00:45.0755 4992 nmwcdnsux64 - ok
15:00:45.0818 4992 [ EB900C136E660A8DEB657BE134C3BCD9 ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
15:00:45.0841 4992 nosGetPlusHelper - ok
15:00:45.0865 4992 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
15:00:45.0880 4992 NPF - ok
15:00:45.0896 4992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:00:45.0927 4992 Npfs - ok
15:00:45.0966 4992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:00:46.0021 4992 nsi - ok
15:00:46.0052 4992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:00:46.0123 4992 nsiproxy - ok
15:00:46.0193 4992 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:00:46.0248 4992 Ntfs - ok
15:00:46.0255 4992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:00:46.0287 4992 Null - ok
15:00:46.0302 4992 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:00:46.0333 4992 nusb3hub - ok
15:00:46.0373 4992 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:00:46.0419 4992 nusb3xhc - ok
15:00:46.0771 4992 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:00:46.0943 4992 nvlddmkm - ok
15:00:46.0974 4992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:00:46.0990 4992 nvraid - ok
15:00:47.0029 4992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:00:47.0044 4992 nvstor - ok
15:00:47.0107 4992 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
15:00:47.0154 4992 nvsvc - ok
15:00:47.0240 4992 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:00:47.0271 4992 nvUpdatusService - ok
15:00:47.0310 4992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:00:47.0326 4992 nv_agp - ok
15:00:47.0412 4992 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:00:47.0466 4992 odserv - ok
15:00:47.0498 4992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:00:47.0537 4992 ohci1394 - ok
15:00:47.0607 4992 [ 8C02B0CC65BEE71124A565062BA77B39 ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
15:00:47.0638 4992 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning
15:00:47.0638 4992 OpenVPNAccessClient - detected UnsignedFile.Multi.Generic (1)
15:00:47.0740 4992 [ D29D5E61A5722630BB58940D1E4E231A ] OpenVPNService D:\Program Files\OpenVPN\bin\openvpnserv.exe
15:00:47.0779 4992 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
15:00:47.0779 4992 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
15:00:47.0826 4992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:00:47.0873 4992 ose - ok
15:00:47.0927 4992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:00:47.0974 4992 p2pimsvc - ok
15:00:48.0013 4992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:00:48.0044 4992 p2psvc - ok
15:00:48.0091 4992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:00:48.0115 4992 Parport - ok
15:00:48.0146 4992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:00:48.0169 4992 partmgr - ok
15:00:48.0185 4992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:00:48.0232 4992 PcaSvc - ok
15:00:48.0248 4992 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:00:48.0279 4992 pccsmcfd - ok
15:00:48.0302 4992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:00:48.0318 4992 pci - ok
15:00:48.0349 4992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:00:48.0357 4992 pciide - ok
15:00:48.0373 4992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:00:48.0396 4992 pcmcia - ok
15:00:48.0412 4992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:00:48.0427 4992 pcw - ok
15:00:48.0443 4992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:00:48.0505 4992 PEAUTH - ok
15:00:48.0583 4992 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:00:48.0662 4992 PeerDistSvc - ok
15:00:48.0685 4992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:00:48.0701 4992 PerfHost - ok
15:00:48.0787 4992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:00:48.0888 4992 pla - ok
15:00:48.0951 4992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:00:48.0990 4992 PlugPlay - ok
15:00:49.0052 4992 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:00:49.0083 4992 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:00:49.0083 4992 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:00:49.0115 4992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:00:49.0162 4992 PNRPAutoReg - ok
15:00:49.0185 4992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:00:49.0201 4992 PNRPsvc - ok
15:00:49.0255 4992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:00:49.0357 4992 PolicyAgent - ok
15:00:49.0388 4992 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:00:49.0466 4992 Power - ok
15:00:49.0505 4992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:00:49.0552 4992 PptpMiniport - ok
15:00:49.0576 4992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:00:49.0599 4992 Processor - ok
15:00:49.0630 4992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:00:49.0708 4992 ProfSvc - ok
15:00:49.0724 4992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:00:49.0740 4992 ProtectedStorage - ok
15:00:49.0787 4992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:00:49.0826 4992 Psched - ok
15:00:49.0873 4992 [ DEFD557D9B8C0FA3CEA6CC576400114E ] pwdrvio C:\Windows\system32\pwdrvio.sys
15:00:49.0912 4992 pwdrvio - ok
15:00:49.0943 4992 [ A2EE3B70A9E05F651B888078726C2787 ] pwdspio C:\Windows\system32\pwdspio.sys
15:00:49.0966 4992 pwdspio - ok
15:00:49.0998 4992 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:00:50.0021 4992 PxHlpa64 - ok
15:00:50.0076 4992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:00:50.0146 4992 ql2300 - ok
15:00:50.0177 4992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:00:50.0216 4992 ql40xx - ok
15:00:50.0248 4992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:00:50.0279 4992 QWAVE - ok
15:00:50.0294 4992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:00:50.0326 4992 QWAVEdrv - ok
15:00:50.0341 4992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:00:50.0388 4992 RasAcd - ok
15:00:50.0427 4992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:50.0458 4992 RasAgileVpn - ok
15:00:50.0466 4992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:00:50.0513 4992 RasAuto - ok
15:00:50.0544 4992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:50.0662 4992 Rasl2tp - ok
15:00:50.0724 4992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:00:50.0794 4992 RasMan - ok
15:00:50.0818 4992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:50.0857 4992 RasPppoe - ok
15:00:50.0896 4992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:00:50.0951 4992 RasSstp - ok
15:00:50.0982 4992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:00:51.0044 4992 rdbss - ok
15:00:51.0068 4992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:00:51.0099 4992 rdpbus - ok
15:00:51.0107 4992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:51.0146 4992 RDPCDD - ok
15:00:51.0177 4992 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:00:51.0193 4992 RDPDR - ok
15:00:51.0224 4992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:00:51.0255 4992 RDPENCDD - ok
15:00:51.0271 4992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:00:51.0294 4992 RDPREFMP - ok
15:00:51.0333 4992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:00:51.0380 4992 RDPWD - ok
15:00:51.0404 4992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:00:51.0427 4992 rdyboost - ok
15:00:51.0458 4992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:00:51.0498 4992 RemoteAccess - ok
15:00:51.0529 4992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:00:51.0576 4992 RemoteRegistry - ok
15:00:51.0615 4992 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:00:51.0638 4992 RimUsb - ok
15:00:51.0685 4992 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
15:00:51.0708 4992 rpcapd - ok
15:00:51.0740 4992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:00:51.0787 4992 RpcEptMapper - ok
15:00:51.0810 4992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:00:51.0849 4992 RpcLocator - ok
15:00:51.0896 4992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:00:51.0935 4992 RpcSs - ok
15:00:51.0974 4992 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys
15:00:51.0982 4992 RRNetCap - ok
15:00:51.0998 4992 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys
15:00:52.0005 4992 RRNetCapMP - ok
15:00:52.0044 4992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:00:52.0068 4992 rspndr - ok
15:00:52.0107 4992 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:00:52.0123 4992 RTL8167 - ok
15:00:52.0162 4992 [ 4A06585C8673F4458E9FBBC9DDDB4D28 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
15:00:52.0201 4992 RTL8187B - ok
15:00:52.0224 4992 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:00:52.0294 4992 s3cap - ok
15:00:52.0318 4992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:00:52.0326 4992 SamSs - ok
15:00:52.0349 4992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:00:52.0373 4992 sbp2port - ok
15:00:52.0404 4992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:00:52.0458 4992 SCardSvr - ok
15:00:52.0482 4992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:00:52.0529 4992 scfilter - ok
15:00:52.0591 4992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:00:52.0654 4992 Schedule - ok
15:00:52.0685 4992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:00:52.0716 4992 SCPolicySvc - ok
15:00:52.0740 4992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:00:52.0779 4992 SDRSVC - ok
15:00:52.0833 4992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:00:52.0935 4992 secdrv - ok
15:00:52.0966 4992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:00:53.0005 4992 seclogon - ok
15:00:53.0021 4992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:00:53.0068 4992 SENS - ok
15:00:53.0083 4992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:00:53.0115 4992 SensrSvc - ok
15:00:53.0146 4992 [ 84AC127242DD3CCDE02F9A4673214B1F ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
15:00:53.0185 4992 Sentinel64 - ok
15:00:53.0208 4992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:00:53.0232 4992 Serenum - ok
15:00:53.0248 4992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:00:53.0287 4992 Serial - ok
15:00:53.0302 4992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:00:53.0326 4992 sermouse - ok
15:00:53.0396 4992 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:00:53.0451 4992 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:00:53.0451 4992 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:00:53.0490 4992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:00:53.0560 4992 SessionEnv - ok
15:00:53.0583 4992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:00:53.0623 4992 sffdisk - ok
15:00:53.0638 4992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:00:53.0662 4992 sffp_mmc - ok
15:00:53.0669 4992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:00:53.0701 4992 sffp_sd - ok
15:00:53.0724 4992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:00:53.0732 4992 sfloppy - ok
15:00:53.0771 4992 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:00:53.0818 4992 SharedAccess - ok
15:00:53.0849 4992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:00:53.0904 4992 ShellHWDetection - ok
15:00:53.0912 4992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:00:53.0927 4992 SiSRaid2 - ok
15:00:53.0951 4992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:00:53.0966 4992 SiSRaid4 - ok
15:00:53.0998 4992 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:00:54.0052 4992 SkypeUpdate - ok
15:00:54.0076 4992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:00:54.0123 4992 Smb - ok
15:00:54.0154 4992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:00:54.0169 4992 SNMPTRAP - ok
15:00:54.0177 4992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:00:54.0185 4992 spldr - ok
15:00:54.0224 4992 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:00:54.0271 4992 Spooler - ok
15:00:54.0365 4992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:00:54.0451 4992 sppsvc - ok
15:00:54.0466 4992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:00:54.0513 4992 sppuinotify - ok
15:00:54.0560 4992 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
15:00:54.0607 4992 sptd - ok
15:00:54.0677 4992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:00:54.0732 4992 srv - ok
15:00:54.0779 4992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:00:54.0841 4992 srv2 - ok
15:00:54.0857 4992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:00:54.0888 4992 srvnet - ok
15:00:54.0935 4992 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
15:00:54.0974 4992 ssadbus - ok
15:00:54.0998 4992 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:00:55.0021 4992 ssadmdfl - ok
15:00:55.0044 4992 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
15:00:55.0076 4992 ssadmdm - ok
15:00:55.0083 4992 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
15:00:55.0107 4992 ssadserd - ok
15:00:55.0146 4992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:00:55.0193 4992 SSDPSRV - ok
15:00:55.0208 4992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:00:55.0240 4992 SstpSvc - ok
15:00:55.0255 4992 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
15:00:55.0294 4992 StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:00:55.0294 4992 StarOpen - detected UnsignedFile.Multi.Generic (1)
15:00:55.0357 4992 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:00:55.0380 4992 Stereo Service - ok
15:00:55.0396 4992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:00:55.0412 4992 stexstor - ok
15:00:55.0443 4992 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:00:55.0458 4992 StillCam - ok
15:00:55.0505 4992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:00:55.0552 4992 stisvc - ok
15:00:55.0583 4992 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:00:55.0599 4992 storflt - ok
15:00:55.0623 4992 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:00:55.0654 4992 StorSvc - ok
15:00:55.0677 4992 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:00:55.0693 4992 storvsc - ok
15:00:55.0716 4992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:00:55.0724 4992 swenum - ok
15:00:55.0833 4992 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:00:55.0857 4992 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:00:55.0857 4992 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:00:55.0896 4992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:00:55.0951 4992 swprv - ok
15:00:56.0005 4992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:00:56.0060 4992 SysMain - ok
15:00:56.0091 4992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:00:56.0115 4992 TabletInputService - ok
15:00:56.0162 4992 [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
15:00:56.0193 4992 tap0901 - ok
15:00:56.0232 4992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:00:56.0287 4992 TapiSrv - ok
15:00:56.0318 4992 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
15:00:56.0365 4992 tapoas - ok
15:00:56.0412 4992 [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
15:00:56.0427 4992 tbhsd - ok
15:00:56.0451 4992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:00:56.0513 4992 TBS - ok
15:00:56.0591 4992 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:00:56.0677 4992 Tcpip - ok
15:00:56.0732 4992 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:00:56.0763 4992 TCPIP6 - ok
15:00:56.0787 4992 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:00:56.0802 4992 tcpipreg - ok
15:00:56.0833 4992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:00:56.0865 4992 TDPIPE - ok
15:00:56.0880 4992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:00:56.0919 4992 TDTCP - ok
15:00:56.0958 4992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:00:57.0052 4992 tdx - ok
15:00:57.0083 4992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:00:57.0107 4992 TermDD - ok
15:00:57.0154 4992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:00:57.0232 4992 TermService - ok
15:00:57.0263 4992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:00:57.0302 4992 Themes - ok
15:00:57.0318 4992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:00:57.0349 4992 THREADORDER - ok
15:00:57.0388 4992 [ C676B0F52F2B6483AFB88F79CABB011E ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
15:00:57.0404 4992 Tpkd - ok
15:00:57.0419 4992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:00:57.0458 4992 TrkWks - ok
15:00:57.0490 4992 [ C4238AF5AAF167C3E5113F98F5427A0B ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
15:00:57.0505 4992 truecrypt - ok
15:00:57.0568 4992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:00:57.0638 4992 TrustedInstaller - ok
15:00:57.0669 4992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:57.0716 4992 tssecsrv - ok
15:00:57.0763 4992 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:00:57.0802 4992 TsUsbFlt - ok
15:00:57.0833 4992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:00:57.0904 4992 tunnel - ok
15:00:57.0935 4992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:00:57.0951 4992 uagp35 - ok
15:00:57.0982 4992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:00:58.0044 4992 udfs - ok
15:00:58.0076 4992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:00:58.0091 4992 UI0Detect - ok
15:00:58.0130 4992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:00:58.0162 4992 uliagpkx - ok
15:00:58.0193 4992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:00:58.0232 4992 umbus - ok
15:00:58.0248 4992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:00:58.0263 4992 UmPass - ok
15:00:58.0310 4992 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:00:58.0349 4992 UmRdpService - ok
15:00:58.0396 4992 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 D:\Program Files\Unlocker\UnlockerDriver5.sys
15:00:58.0427 4992 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
15:00:58.0427 4992 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
15:00:58.0458 4992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:00:58.0544 4992 upnphost - ok
15:00:58.0568 4992 [ FBD861E69E1F583BEC906FCD04E4F84E ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:00:58.0623 4992 upperdev - ok
15:00:58.0677 4992 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:00:58.0716 4992 usbaudio - ok
15:00:58.0740 4992 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:58.0787 4992 usbccgp - ok
15:00:58.0833 4992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:00:58.0865 4992 usbcir - ok
15:00:58.0888 4992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:00:58.0912 4992 usbehci - ok
15:00:58.0951 4992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:00:59.0013 4992 usbhub - ok
15:00:59.0044 4992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:00:59.0068 4992 usbohci - ok
15:00:59.0091 4992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:00:59.0123 4992 usbprint - ok
15:00:59.0154 4992 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
15:00:59.0185 4992 usbser - ok
15:00:59.0208 4992 [ 0FBB0080B287BBCBF5C7076E3D74A35C ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:00:59.0248 4992 UsbserFilt - ok
15:00:59.0271 4992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:59.0310 4992 USBSTOR - ok
15:00:59.0333 4992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:00:59.0357 4992 usbuhci - ok
15:00:59.0380 4992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:00:59.0419 4992 UxSms - ok
15:00:59.0427 4992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:00:59.0435 4992 VaultSvc - ok
15:00:59.0466 4992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:00:59.0474 4992 vdrvroot - ok
15:00:59.0521 4992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:00:59.0623 4992 vds - ok
15:00:59.0646 4992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:59.0662 4992 vga - ok
15:00:59.0677 4992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:00:59.0716 4992 VgaSave - ok
15:00:59.0748 4992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:00:59.0763 4992 vhdmp - ok
15:00:59.0787 4992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:00:59.0802 4992 viaide - ok
15:00:59.0826 4992 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:00:59.0841 4992 vmbus - ok
15:00:59.0873 4992 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:00:59.0912 4992 VMBusHID - ok
15:00:59.0943 4992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:00:59.0982 4992 volmgr - ok
15:01:00.0021 4992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:01:00.0060 4992 volmgrx - ok
15:01:00.0068 4992 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:01:00.0091 4992 volsnap - ok
15:01:00.0115 4992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:01:00.0138 4992 vsmraid - ok
15:01:00.0216 4992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:01:00.0326 4992 VSS - ok
15:01:00.0333 4992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:01:00.0365 4992 vwifibus - ok
15:01:00.0404 4992 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:01:00.0458 4992 VWiFiFlt - ok
15:01:00.0498 4992 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:01:00.0521 4992 vwifimp - ok
15:01:00.0552 4992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:01:00.0623 4992 W32Time - ok
15:01:00.0646 4992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:01:00.0669 4992 WacomPen - ok
15:01:00.0701 4992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:01:00.0779 4992 WANARP - ok
15:01:00.0787 4992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:01:00.0818 4992 Wanarpv6 - ok
15:01:00.0888 4992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:01:00.0982 4992 wbengine - ok
15:01:01.0013 4992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:01:01.0037 4992 WbioSrvc - ok
15:01:01.0068 4992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:01:01.0107 4992 wcncsvc - ok
15:01:01.0123 4992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:01:01.0154 4992 WcsPlugInService - ok
15:01:01.0162 4992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:01:01.0177 4992 Wd - ok
15:01:01.0216 4992 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:01:01.0279 4992 Wdf01000 - ok
15:01:01.0287 4992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:01:01.0373 4992 WdiServiceHost - ok
15:01:01.0373 4992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:01:01.0388 4992 WdiSystemHost - ok
15:01:01.0427 4992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:01:01.0498 4992 WebClient - ok
15:01:01.0513 4992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:01:01.0576 4992 Wecsvc - ok
15:01:01.0591 4992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:01:01.0623 4992 wercplsupport - ok
15:01:01.0662 4992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:01:01.0732 4992 WerSvc - ok
15:01:01.0755 4992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:01:01.0779 4992 WfpLwf - ok
15:01:01.0794 4992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:01:01.0810 4992 WIMMount - ok
15:01:01.0826 4992 WinDefend - ok
15:01:01.0826 4992 WinHttpAutoProxySvc - ok
15:01:01.0873 4992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:01:01.0904 4992 Winmgmt - ok
15:01:01.0990 4992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:01:02.0099 4992 WinRM - ok
15:01:02.0146 4992 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:01:02.0185 4992 WinUsb - ok
15:01:02.0232 4992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:01:02.0271 4992 Wlansvc - ok
15:01:02.0287 4992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:01:02.0310 4992 WmiAcpi - ok
15:01:02.0333 4992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:01:02.0357 4992 wmiApSrv - ok
15:01:02.0373 4992 WMPNetworkSvc - ok
15:01:02.0388 4992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:01:02.0412 4992 WPCSvc - ok
15:01:02.0451 4992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:01:02.0490 4992 WPDBusEnum - ok
15:01:02.0521 4992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:01:02.0583 4992 ws2ifsl - ok
15:01:02.0607 4992 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:01:02.0638 4992 wscsvc - ok
15:01:02.0654 4992 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:01:02.0716 4992 WSDPrintDevice - ok
15:01:02.0716 4992 WSearch - ok
15:01:02.0802 4992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:01:02.0873 4992 wuauserv - ok
15:01:02.0904 4992 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:01:02.0951 4992 WudfPf - ok
15:01:02.0998 4992 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:03.0029 4992 WUDFRd - ok
15:01:03.0060 4992 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:01:03.0083 4992 wudfsvc - ok
15:01:03.0115 4992 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:01:03.0146 4992 WwanSvc - ok
15:01:03.0177 4992 ================ Scan global ===============================
15:01:03.0201 4992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:01:03.0232 4992 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:01:03.0248 4992 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:01:03.0287 4992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:01:03.0333 4992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:01:03.0341 4992 [Global] - ok
15:01:03.0341 4992 ================ Scan MBR ==================================
15:01:03.0349 4992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:01:04.0396 4992 \Device\Harddisk0\DR0 - ok
15:01:04.0396 4992 ================ Scan VBR ==================================
15:01:04.0419 4992 [ 8D003667252B8B428EE23E8E6CE3DDD2 ] \Device\Harddisk0\DR0\Partition1
15:01:04.0427 4992 \Device\Harddisk0\DR0\Partition1 - ok
15:01:04.0443 4992 [ 9921D5E2EE2919FAF32EC9A3ACAF46B2 ] \Device\Harddisk0\DR0\Partition2
15:01:04.0451 4992 \Device\Harddisk0\DR0\Partition2 - ok
15:01:04.0451 4992 ============================================================
15:01:04.0451 4992 Scan finished
15:01:04.0451 4992 ============================================================
15:01:04.0466 3732 Detected object count: 10
15:01:04.0466 3732 Actual detected object count: 10
15:02:32.0912 3732 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:02:32.0912 3732 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:02:32.0919 3732 DirMngr ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0919 3732 DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:32.0919 3732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0919 3732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:32.0927 3732 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0927 3732 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:32.0927 3732 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0927 3732 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:32.0927 3732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0927 3732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:32.0927 3732 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0927 3732 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:32.0935 3732 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0935 3732 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:32.0935 3732 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0935 3732 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:32.0935 3732 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:32.0935 3732 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.03.2013, 16:04
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet erst JS.Expack.EM und dann Spy.Zbot Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Avira findet erst JS.Expack.EM und dann Spy.Zbot |
|
01.03.2013, 19:51
| #7 |
| | Avira findet erst JS.Expack.EM und dann Spy.ZbotCode:
ATTFilter ComboFix 13-02-26.01 - user 01.03.2013 16:37:43.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2153 [GMT 1:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\UA000096.DLL
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-01 bis 2013-03-01 ))))))))))))))))))))))))))))))
.
.
2013-03-01 16:26 . 2013-03-01 16:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-01 16:26 . 2013-03-01 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-28 10:51 . 2013-02-28 10:51 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-02-25 21:13 . 2013-02-25 21:13 -------- d-----w- c:\users\user\AppData\Roaming\{EBBDA7E5-AB7B-4114-A5D7-466CA013A61A}
2013-02-25 21:12 . 2013-02-25 21:12 -------- d-----w- c:\users\user\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288}
2013-02-25 21:12 . 2013-02-25 21:12 -------- d-----w- c:\users\user\AppData\Roaming\{C7E6AB03-F5B6-4277-BCC7-9290C2711314}
2013-02-25 21:11 . 2013-02-28 10:44 -------- d-----w- c:\users\user\AppData\Roaming\Orleniu
2013-02-25 21:11 . 2013-02-28 10:27 -------- d-----w- c:\users\user\AppData\Roaming\Ilhor
2013-02-21 11:47 . 2013-02-21 11:47 -------- d-----w- c:\users\user\AppData\Roaming\Sync App Settings
2013-02-19 22:53 . 2013-03-01 13:46 -------- d-----w- c:\users\user\AppData\Roaming\tor
2013-02-19 22:53 . 2013-02-19 22:53 -------- d-----w- c:\users\user\AppData\Local\Tor
2013-02-19 22:53 . 2013-03-01 18:22 -------- d-----w- c:\users\user\AppData\Local\Vidalia
2013-02-17 00:24 . 2013-02-17 00:24 -------- d-----w- c:\program files (x86)\Winamp
2013-02-13 14:37 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 14:37 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:05 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 12:05 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 12:05 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 12:04 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 12:04 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 12:04 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 12:04 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 12:04 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 12:04 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 12:04 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 12:04 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:04 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-01 18:20 . 2010-07-29 11:03 25640 ----a-w- c:\windows\gdrv.sys
2013-02-14 12:34 . 2012-03-29 10:03 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 12:34 . 2011-05-14 09:57 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 02:18 . 2010-08-03 20:20 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 12:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-28 00:43 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-28 00:43 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-28 00:43 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-28 00:43 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2010-10-10 10:11 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 20:50 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 20:50 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 20:50 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 20:50 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 20:50 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 20:50 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 20:50 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 20:50 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 20:50 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 20:50 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 20:50 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 20:50 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 20:50 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 20:50 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 20:50 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 20:50 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 20:50 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 20:50 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 20:50 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 20:50 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 20:50 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 20:50 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 20:50 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 20:50 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 20:50 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 20:50 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 20:50 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 20:50 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 20:50 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 20:50 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 20:50 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 20:50 55296 ----a-w- c:\windows\SysWow64\cero.rs
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\prxtbBro0.dll" [2011-01-17 175912]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\BrotherSoft_Extreme\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\prxtbBro0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"KiesPDLR"="d:\program files\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Vidalia"="d:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2012-07-28 6172985]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"KeePass 2 PreLoad"="d:\program files\KeePass\KeePass.exe" [2012-05-01 1895424]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="d:\program files\Treiber\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WA5H2V3YWCUAWV7AJ"="c:\4gejsvyia73\58A59837F3C.exe" [2011-11-17 352606]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenVPN GUI.lnk - d:\program files\OpenVPN\bin\openvpn-gui-1.0.3.exe [2011-7-1 99328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\program files\Treiber\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2080768]
OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-8-25 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;d:\program files\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-08-25 24064]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2006-11-30 556544]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-08-02 37480]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-05 834544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 21544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;d:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-11 86224]
S2 BotkindSyncService;Botkind Service;d:\program files\Allway Sync\Bin\SyncService.exe service [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-13 44480]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-08-02 37480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 20:00]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 20:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: BID Link Explorer: Öffne aktuelle Seite - file://d:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://d:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://d:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://d:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://d:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Nach Microsoft &Excel exportieren - d:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - d:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b3rkme20.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=.
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
.reg=Regedit.Document
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-GnuPG - d:\program files)\GNU\GnuPG\uninst-gnupg.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:03,b3,5a,29,cb,f0,ff,02,a1,20,93,2d,67,ee,e7,f0,63,da,6e,17,0d,
2b,39,76,50,af,87,2e,5e,48,2b,68,2f,d5,93,77,2c,52,89,1b,49,f6,f6,f2,3c,f5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:03,b3,5a,29,cb,f0,ff,02,a1,20,93,2d,67,ee,e7,f0,63,da,6e,17,0d,
2b,39,76,50,af,87,2e,5e,48,2b,68,2f,d5,93,77,2c,52,89,1b,49,f6,f6,f2,3c,f5,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\Allway Sync\Bin\SyncService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
d:\program files\CDBurnerXP\NMSAccessU.exe
d:\program files\Treiber\HP\Digital Imaging\bin\hpqSTE08.exe
d:\program files\Treiber\HP\Digital Imaging\bin\hpqbam08.exe
d:\program files\Treiber\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-01 19:48:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-01 18:48
.
Vor Suchlauf: 671.469.568 Bytes frei
Nach Suchlauf: 1.519.284.224 Bytes frei
.
- - End Of File - - CDC08A21FEA7118278CD2EDD62084492
|
|
02.03.2013, 01:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet erst JS.Expack.EM und dann Spy.Zbot JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2013, 20:00
| #9 |
| | Avira findet erst JS.Expack.EM und dann Spy.Zbot Waren zu groß, anbei gepackt. |
|
02.03.2013, 20:41
| #10 |
| | Avira findet erst JS.Expack.EM und dann Spy.Zbot Was noch zu erwähnen ist, ist dass Antivir (weiß leider nicht mehr nach welchem Start) die HOSTS-Datei blockiert hat. |
|
03.03.2013, 18:17
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet erst JS.Expack.EM und dann Spy.ZbotFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [WA5H2V3YWCUAWV7AJ] C:\4gEJsVyiA73\58A59837F3C.exe ()
O4 - HKU\S-1-5-18..\Run: [WA5H2V3YWCUAWV7AJ] C:\4gEJsVyiA73\58A59837F3C.exe ()
[2013.02.25 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Orleniu
[2013.02.25 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ilhor
[2013.02.28 23:36:24 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA
@Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:OJ0YQExu03UDxq7DpcqoFrAcwI
@Alternate Data Stream - 1299 bytes -> C:\ProgramData\Microsoft:cu2FmI3Q4fibyVmaHRHJgfe
@Alternate Data Stream - 1237 bytes -> C:\ProgramData\Microsoft:JKDMIATSCiGEmTWezHcJGU2cJ
@Alternate Data Stream - 1221 bytes -> C:\ProgramData\Microsoft:4zlAzNhJQeEHAXksRRsM
@Alternate Data Stream - 1210 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:NbarIRuIfeYYGKXlRqmW8F
:Files
C:\4gEJsVyiA73
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 11:57
| #12 |
| | Avira findet erst JS.Expack.EM und dann Spy.ZbotCode:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 8118 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\WA5H2V3YWCUAWV7AJ deleted successfully.
C:\4gEJsVyiA73\58A59837F3C.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WA5H2V3YWCUAWV7AJ not found.
File C:\4gEJsVyiA73\58A59837F3C.exe not found.
C:\Users\user\AppData\Roaming\Orleniu folder moved successfully.
C:\Users\user\AppData\Roaming\Ilhor folder moved successfully.
C:\Users\user\Desktop\MBR.dat moved successfully.
ADS C:\ProgramData\TEMP:E8BE05FA deleted successfully.
ADS C:\ProgramData\Microsoft:OJ0YQExu03UDxq7DpcqoFrAcwI deleted successfully.
ADS C:\ProgramData\Microsoft:cu2FmI3Q4fibyVmaHRHJgfe deleted successfully.
ADS C:\ProgramData\Microsoft:JKDMIATSCiGEmTWezHcJGU2cJ deleted successfully.
ADS C:\ProgramData\Microsoft:4zlAzNhJQeEHAXksRRsM deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:NbarIRuIfeYYGKXlRqmW8F deleted successfully.
========== FILES ==========
C:\4gEJsVyiA73 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 58264 bytes
User: user
->Temp folder emptied: 826942 bytes
->Temporary Internet Files folder emptied: 6613143 bytes
->Java cache emptied: 1559803 bytes
->FireFox cache emptied: 66899510 bytes
->Opera cache emptied: 312962 bytes
->Flash cache emptied: 141586 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44929 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67153 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 73,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 03042013_114837
Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
04.03.2013, 12:19
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet erst JS.Expack.EM und dann Spy.Zbot Eine neue Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 14:17
| #14 |
| | Avira findet erst JS.Expack.EM und dann Spy.Zbot Wenn ich mich nicht grob verguckt habe, wurde wieder nur eine Datei erstellt: Code:
ATTFilter OTL logfile created on: 04.03.2013 12:34:58 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,13% Memory free 7,99 Gb Paging File | 5,95 Gb Available in Paging File | 74,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 38,96 Gb Total Space | 1,01 Gb Free Space | 2,58% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 12,28 Gb Free Space | 6,33% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - D:\Program Files\Allway Sync\Bin\SyncService.exe () PRC - D:\Program Files\Vidalia Bundle\Tor\tor.exe () PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe () PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) PRC - D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe () PRC - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe () PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - D:\Program Files\Vidalia Bundle\Polipo\polipo.exe () PRC - D:\Program Files\GNU\GnuPG\dirmngr.exe () PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - D:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe () PRC - D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () PRC - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\user\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll () MOD - D:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - D:\Program Files\Vidalia Bundle\Tor\tor.exe () MOD - D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe () MOD - D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd () MOD - D:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe () MOD - D:\Program Files\Vidalia Bundle\Polipo\polipo.exe () MOD - D:\Program Files\Vidalia Bundle\Polipo\libgnurx-0.dll () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd () MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe () MOD - D:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll () MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll () MOD - C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (BotkindSyncService) -- D:\Program Files\Allway Sync\Bin\SyncService.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () SRV - (OpenVPNService) -- D:\Program Files\OpenVPN\bin\openvpnserv.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DirMngr) -- D:\Program Files\GNU\GnuPG\dirmngr.exe () SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- D:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- D:\Program Files\Treiber\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (AdobeActiveFileMonitor8.0) -- D:\Program Files\Adobe Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys () DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys () DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc. ) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.) DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPF) -- C:\Windows\SysWOW64\drivers\npf.sys (CACE Technologies) DRV - (cvintdrv) -- C:\Windows\SysWow64\drivers\cvintdrv.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB DA 64 3B 80 60 CD 01 [binary data] IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\..\SearchScopes\{5EBA3B38-9834-4418-BC1C-C0BE03A47579}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3446655697-2731224057-2204278893-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..CT2801948.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "hxxp://www.google.de" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "NCH EN Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: googlesharing%40extension.thoughtcrime.org:0.22 FF - prefs.js..extensions.enabledAddons: nitishthelegendkiller%40yahoo.co.in:1.0 FF - prefs.js..extensions.enabledAddons: rotateimage%40minisystems.de:0.1.3.2 FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16 FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2 FF - prefs.js..extensions.enabledAddons: %7B9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE%7D:3.1a6 FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.3 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.32 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87 FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 FF - prefs.js..extensions.enabledItems: rotateimage@minisystems.de:0.1.3.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60 FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.21 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.3.3.2 FF - prefs.js..extensions.enabledItems: nitishthelegendkiller@yahoo.co.in:1.0 FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:3.7.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=. " FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.07 15:45:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.02.19 17:48:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.02.19 17:48:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2013.02.20 02:08:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.13 12:40:36 | 000,000,000 | ---D | M] [2010.08.01 18:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2010.08.01 18:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.04 11:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions [2011.02.12 23:18:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2013.02.19 17:08:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.12.02 13:58:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.02.23 12:18:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.29 22:58:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.03.01 19:50:26 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\firefox@ghostery.com [2011.09.09 21:57:32 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org [2013.01.21 00:32:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\https-everywhere@eff.org [2012.09.17 09:01:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\ich@maltegoetz.de [2011.04.22 11:14:20 | 000,000,000 | ---D | M] (ImgClub.org Image Uploader) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\nitishthelegendkiller@yahoo.co.in [2010.07.31 19:59:16 | 000,000,000 | ---D | M] (Rotate Image) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\rotateimage@minisystems.de [2011.09.09 21:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\chrome [2011.09.09 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\components [2011.09.09 21:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default\extensions\googlesharing@extension.thoughtcrime.org\defaults [2010.07.31 19:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions [2010.07.31 19:17:56 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.07.31 19:17:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\b3rkme20.default - Kopie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.12.02 13:58:49 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\autofillForms@blueimp.net.xpi [2012.11.19 00:41:08 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\compatibility@addons.mozilla.org.xpi [2012.08.28 14:31:45 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2012.02.27 23:20:23 | 000,003,958 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\expire-history-by-days@bonardo.net.xpi [2013.02.23 22:52:06 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\firebug@software.joehewitt.com.xpi [2012.01.01 15:22:47 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2012.03.29 11:04:02 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2013.03.04 11:58:37 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.09.02 11:35:05 | 000,286,375 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE}.xpi [2013.02.28 12:07:23 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2010.08.01 18:26:39 | 000,002,305 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b3rkme20.default\searchplugins\znout-de.xml O1 HOSTS File: ([2013.03.04 11:49:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] D:\Program Files\KeePass\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [KiesPDLR] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000..\Run: [Vidalia] D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe () O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3446655697-2731224057-2204278893-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm () O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm () O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebid.htm () O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - D:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm () O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm () O8 - Extra context menu item: BID: Link in Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm () O8 - Extra context menu item: BID: Öffne aktuelle Seite - D:\Program Files\Bulk Image Downloader\iemenu\iebid.htm () O8 - Extra context menu item: BID: Öffne diesen &Link - D:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm () O8 - Extra context menu item: BID: Seite in &Queue einreihen - D:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378EFFA4-C0DC-4D97-833C-9BC576364504}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D65EF701-E5A3-4F9D-B7B0-93879E23381D}: DhcpNameServer = 172.27.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 11:48:37 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.02 19:26:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.02 19:26:26 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.02 19:25:58 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013.03.01 19:21:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.03.01 16:35:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.01 16:35:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.01 16:35:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.01 16:35:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.01 16:14:20 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013.03.01 14:56:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe [2013.02.28 22:36:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.28 20:13:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe [2013.02.28 17:44:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar-1.01.0.1020 [2013.02.28 12:32:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.02.28 11:51:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs [2013.02.28 11:51:13 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.25 22:13:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{EBBDA7E5-AB7B-4114-A5D7-466CA013A61A} [2013.02.25 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288} [2013.02.25 22:12:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\{C7E6AB03-F5B6-4277-BCC7-9290C2711314} [2013.02.21 12:47:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Sync App Settings [2013.02.19 23:53:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\tor [2013.02.19 23:53:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Tor [2013.02.19 23:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle [2013.02.19 23:53:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Vidalia [2013.02.17 01:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013.02.17 01:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm [2013.02.15 03:04:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.15 03:04:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.15 03:04:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.15 03:04:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.15 03:04:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.15 03:04:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.15 03:04:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.15 03:04:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.15 03:04:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.15 03:04:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.15 03:04:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.15 03:04:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.15 03:04:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.15 03:04:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.15 03:04:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 13:05:06 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 13:05:05 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 13:05:05 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 13:04:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 13:04:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 13:04:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 13:04:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 13:04:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 13:04:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 13:04:45 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.04 12:23:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.04 11:58:16 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 11:58:16 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 11:50:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2013.03.04 11:50:39 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr [2013.03.04 11:50:31 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.04 11:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.04 11:50:14 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 11:49:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013.03.02 19:58:50 | 000,034,452 | ---- | M] () -- C:\Users\user\Desktop\Desktop.rar [2013.03.02 19:34:51 | 000,594,019 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe [2013.03.02 19:26:10 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013.03.01 16:14:32 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013.03.01 14:56:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe [2013.02.28 20:14:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe [2013.02.28 17:37:02 | 013,711,621 | ---- | M] () -- C:\Users\user\Desktop\mbar-1.01.0.1020.zip [2013.02.28 13:02:05 | 000,377,856 | ---- | M] () -- C:\Users\user\Desktop\4np82roe.exe [2013.02.28 12:32:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.02.28 12:24:12 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable [2013.02.28 12:23:06 | 000,050,477 | ---- | M] () -- C:\Users\user\Desktop\Defogger.exe [2013.02.28 11:51:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.28 11:51:14 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.26 18:48:34 | 007,010,574 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.26 18:48:34 | 002,475,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.26 18:48:34 | 002,103,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.26 18:48:34 | 001,879,536 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.26 18:48:34 | 000,005,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.25 02:23:52 | 000,054,784 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.19 00:02:17 | 000,003,033 | ---- | M] () -- C:\Users\user\Desktop\axp.axp [2013.02.14 13:34:27 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.14 13:34:27 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.14 13:15:48 | 005,037,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.07 19:37:41 | 000,001,010 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.07 19:37:29 | 000,000,976 | ---- | M] () -- C:\Users\user\Desktop\Dropbox.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.04 11:50:39 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr [2013.03.02 19:58:50 | 000,034,452 | ---- | C] () -- C:\Users\user\Desktop\Desktop.rar [2013.03.02 19:34:46 | 000,594,019 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe [2013.03.01 16:35:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.01 16:35:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.01 16:35:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.01 16:35:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.01 16:35:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.28 17:36:55 | 013,711,621 | ---- | C] () -- C:\Users\user\Desktop\mbar-1.01.0.1020.zip [2013.02.28 13:02:04 | 000,377,856 | ---- | C] () -- C:\Users\user\Desktop\4np82roe.exe [2013.02.28 12:24:12 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable [2013.02.28 12:23:04 | 000,050,477 | ---- | C] () -- C:\Users\user\Desktop\Defogger.exe [2013.02.28 11:51:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.19 00:02:17 | 000,003,033 | ---- | C] () -- C:\Users\user\Desktop\axp.axp [2012.06.20 23:17:39 | 000,000,218 | ---- | C] () -- C:\Users\user\.recently-used.xbel [2012.05.13 22:12:54 | 000,000,032 | ---- | C] () -- C:\Users\user\.simfy [2012.04.08 22:14:33 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Local\PUTTY.RND [2012.04.01 21:23:00 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd [2011.12.21 21:09:41 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.08.05 23:51:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2011.08.02 18:09:24 | 000,233,582 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.05.13 20:55:00 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe [2011.03.28 10:30:33 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe [2011.03.28 10:30:31 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll [2011.03.28 10:30:31 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL [2010.08.11 16:32:44 | 000,001,789 | ---- | C] () -- C:\Users\user\Default.atp [2010.08.11 16:32:44 | 000,000,288 | ---- | C] () -- C:\Users\user\user.properties [2010.08.07 12:10:27 | 000,007,603 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2010.08.05 00:43:05 | 000,054,784 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
04.03.2013, 14:22
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet erst JS.Expack.EM und dann Spy.Zbot Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Avira findet erst JS.Expack.EM und dann Spy.Zbot |
| akamai, avira, bho, cdburnerxp, desktop, downloader, excel, google, helper, iexplore.exe, internet, internet explorer, js.expack, libusb0.sys, logfile, mozilla, mp3, netgear, ntdll.dll, nvidia update, plug-in, programm, prozesse, realtek, registry, required, senden, server, software, spy.zbot, svchost.exe, usb, windows |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
