| |
| |||||||
Log-Analyse und Auswertung: Adware.GenericWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.03.2013, 10:43
| #1 |
 |  Adware.Generic Guten Morgen Wie nachträglich erkennbar in den Back-up Files hatte ich im September 2012 den Trojaner HEUR eingefangen, Kaspersky Pure 2.0 erkannte ihn allerdings nicht. Im Oktober tauchte "GPS Engine Failure" als Problem im FSX auf. Nachdem verschiedene Massnahmen aus den FSX Foren nicht brachten, entschloss ich mich dieses Wochenende zur radikalsten der vorgeschlagenen Massnahmen, nämlich, Win 7 Ultimate und alles andere neu aufzusetzen. Beim Update mit dem SP 1 ist das System bei 11% heruntergefahren, das SP konnte ich nicht installieren. Daraufhin machte ich einen vollständigen Scan mit Kasperskky Pure 2.0 Nun meldete Kaspersky den HEUR. Wiederum auf Empfehlung in Foren bereinigte ich im Java Control Panel die Temporärdateien und führte danach wieder einen vollständigen Scan mit Kaspersky durch. Kein HEUR und keine andere Malware mehr, aber bei mir auch kein volles Vertrauen in Kaspersky mehr. Darum bin ich auf dieses Forum gekommen. Führte den vollständigen Scan mit AVG 2013 durch. Entdeckt wurde Adware. Generic. Darauf Einsatz der andern Tools exakt nach Empfehlung hier. Logs angehängt. Nun bitte ich um Hilfe für das weitere Vorgehen. |
|
05.03.2013, 12:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Adware.Generic Hallo und
__________________ Das andere Log von OTL fehlt (otl.txt) Auerßdem würde ich gern mal alle Logs deines Kaspersky-Virenscanners sehen, siehe http://www.trojaner-board.de/125889-...tml#post941520  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.03.2013, 14:23
| #3 |
| | Adware.Generic Klasse, die rasche Antwort, Cosinus
__________________War am morgen etwas in Eile auf dem Weg zum Broterwerb und habe das File übersehen - sorry. Unten nachgereicht. Etwas schwieriger ist es mit Kaspersky Log - habe ich dummerweise gelöscht. Soll ich ein neues machen ? Btw: Hatte in den letzten 48 h viermal Anruf von Unbekannten - angeblich Microsoft - die mich auf eine Malware im Boot-Sektor ansprachen und gerne eine "Ferndiagnose" machen wollten. Konnten auf Nachfrage nicht sagen, welchen Trojaner. So funktioniert Cyber Crime. Schreibe das, damit andere ebenfalls nicht hereinfliegen. Grüsse UrsF Code:
ATTFilter OTL logfile created on: 04.03.2013 23:23:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Urs Fellmann\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 8,36 Gb Available Physical Memory | 69,75% Memory free 29,98 Gb Paging File | 26,81 Gb Available in Paging File | 89,42% Paging File free Paging file location(s): D:\pagefile.sys 6142 6142C:\pagef [Binary data over 200 bytes] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86) Drive C: | 476,75 Gb Total Space | 356,52 Gb Free Space | 74,78% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 252,90 Gb Free Space | 36,20% Space Free | Partition Type: NTFS Drive E: | 698,00 Gb Total Space | 609,69 Gb Free Space | 87,35% Space Free | Partition Type: NTFS Computer Name: URSFELLMANN-PC | User Name: Urs Fellmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.04 23:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Urs Fellmann\Desktop\OTL.exe PRC - [2013.03.01 13:32:15 | 000,078,496 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE PRC - [2013.03.01 13:30:38 | 000,158,808 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE PRC - [2013.03.01 11:23:15 | 000,255,992 | ---- | M] (Microsoft Corporation) -- D:\Users\Urs Fellmann\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe PRC - [2013.03.01 11:22:31 | 000,308,368 | ---- | M] (Google Inc.) -- D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013.01.28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2013.01.27 03:38:28 | 000,324,376 | ---- | M] (Uniblue Systems Ltd) -- D:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe PRC - [2013.01.27 03:38:28 | 000,323,864 | ---- | M] (Uniblue Systems Limited) -- D:\PROGRA~2\Uniblue\POWERS~1\powersuite.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.12.17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- D:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe PRC - [2012.08.23 11:30:18 | 001,135,992 | ---- | M] (AVG) -- D:\Program Files (x86)\AVG\AVG PC TuneUp\Integrator.exe PRC - [2012.08.07 09:47:12 | 007,831,840 | ---- | M] (NETGEAR,Inc.) -- C:\Program Files (x86)\NETGEAR\A6200\A6200.exe PRC - [2012.07.27 13:27:28 | 000,025,888 | ---- | M] () -- D:\Program Files (x86)\NETGEAR\A6200\WifiService.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- D:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- D:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.03.01 13:32:12 | 000,354,368 | ---- | M] () -- D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll MOD - [2013.03.01 13:32:07 | 000,312,896 | ---- | M] () -- D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll MOD - [2013.03.01 13:28:32 | 000,354,368 | ---- | M] () -- D:\Programme\Microsoft Office 15\root\office15\c2r32.dll MOD - [2013.03.01 13:28:32 | 000,312,896 | ---- | M] () -- D:\Programme\Microsoft Office 15\root\office15\appvisvstream32.dll MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- D:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- D:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013.01.27 03:38:34 | 001,109,784 | ---- | M] () -- D:\Program Files (x86)\Uniblue\Powersuite\ui_dll.dll MOD - [2013.01.27 03:38:34 | 001,109,784 | ---- | M] () -- D:\PROGRA~2\Uniblue\POWERS~1\ui_dll.dll MOD - [2013.01.27 03:38:24 | 000,588,568 | ---- | M] () -- D:\Program Files (x86)\Uniblue\Powersuite\locale\de\resources.dll MOD - [2013.01.27 03:38:24 | 000,588,568 | ---- | M] () -- D:\PROGRA~2\Uniblue\POWERS~1\locale\de\resources.dll MOD - [2013.01.27 03:38:06 | 020,763,928 | ---- | M] () -- D:\Program Files (x86)\Uniblue\Powersuite\libcef.dll MOD - [2013.01.27 03:38:06 | 020,763,928 | ---- | M] () -- D:\PROGRA~2\Uniblue\POWERS~1\libcef.dll MOD - [2013.01.27 03:37:58 | 000,627,992 | ---- | M] () -- D:\Program Files (x86)\Uniblue\Powersuite\libglesv2.dll MOD - [2013.01.27 03:37:58 | 000,627,992 | ---- | M] () -- D:\PROGRA~2\Uniblue\POWERS~1\libglesv2.dll MOD - [2013.01.27 03:37:58 | 000,117,528 | ---- | M] () -- D:\Program Files (x86)\Uniblue\Powersuite\libegl.dll MOD - [2013.01.27 03:37:58 | 000,117,528 | ---- | M] () -- D:\PROGRA~2\Uniblue\POWERS~1\libegl.dll MOD - [2013.01.27 03:37:48 | 001,100,072 | ---- | M] () -- D:\Program Files (x86)\Uniblue\Powersuite\avcodec-53.dll MOD - [2013.01.27 03:37:48 | 001,100,072 | ---- | M] () -- D:\PROGRA~2\Uniblue\POWERS~1\avcodec-53.dll MOD - [2013.01.27 03:37:48 | 000,189,736 | ---- | M] () -- D:\Program Files (x86)\Uniblue\Powersuite\avformat-53.dll MOD - [2013.01.27 03:37:48 | 000,189,736 | ---- | M] () -- D:\PROGRA~2\Uniblue\POWERS~1\avformat-53.dll MOD - [2013.01.27 03:37:48 | 000,123,176 | ---- | M] () -- D:\Program Files (x86)\Uniblue\Powersuite\avutil-51.dll MOD - [2013.01.27 03:37:48 | 000,123,176 | ---- | M] () -- D:\PROGRA~2\Uniblue\POWERS~1\avutil-51.dll MOD - [2012.08.30 22:24:20 | 007,422,392 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll MOD - [2012.08.30 22:24:18 | 001,270,200 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll MOD - [2012.08.30 22:24:18 | 000,192,952 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll MOD - [2012.08.30 22:24:16 | 002,453,944 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll MOD - [2012.08.30 22:24:16 | 002,126,264 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll MOD - [2012.08.30 22:24:16 | 000,795,064 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll MOD - [2012.08.30 22:23:02 | 000,459,192 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll MOD - [2012.05.04 11:17:02 | 013,416,256 | ---- | M] () -- D:\Program Files (x86)\AVG\AVG PC TuneUp\libcef.dll MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.01 17:27:45 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.08 06:03:50 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.07 07:05:16 | 001,854,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- D:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP) SRV - [2012.08.23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.07.27 13:27:28 | 000,025,888 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\NETGEAR\A6200\WifiService.exe -- (WNDA6200) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- D:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- D:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.03 13:02:57 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2013.03.01 16:57:40 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64) DRV:64bit: - [2013.03.01 16:57:11 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2013.03.01 16:52:30 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2013.02.28 20:29:00 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- D:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- D:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- D:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- D:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.31 16:36:52 | 002,263,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\BCMWLHIGH664.SYS -- (A6200) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- D:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011.10.20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.10.20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010.06.26 01:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.12.14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec) DRV:64bit: - [2009.12.14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.07.04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5033548204294241&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5033548204294241&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 72 B7 C0 E7 15 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_deCH525 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5033548204294241&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: D:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2013.02.28 20:29:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2013.02.28 20:29:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2013.02.28 20:29:09 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll CHR - plugin: Google Update (Enabled) = D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = D:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Microsoft Office 2013 (Enabled) = D:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL CHR - Extension: YouTube = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Modul zur Link-Untersuchung = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\ CHR - Extension: Virtuelle Tastatur = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\ CHR - Extension: Google Mail = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - D:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [GENIE] D:\Program Files (x86)\NETGEAR\A6200\A6200.exe (NETGEAR,Inc.) O4:64bit: - HKLM..\Run: [LanuchApp] D:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe () O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] D:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVP] D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [ApplePhotoStreams] D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] D:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [SkyDrive] D:\Users\Urs Fellmann\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Uninstall D:\Users\Urs Fellmann\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] D:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Urs Fellmann\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found O4 - Startup: D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = D:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - D:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{156BB745-B707-455E-8CD4-CF0DC2208D39}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4D74DD2-FD5D-4D58-A2A1-FBD1EFBF0728}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - D:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - D:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 23:17:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Urs Fellmann\Desktop\OTL.exe [2013.03.04 22:35:15 | 000,035,192 | ---- | C] (AVG) -- D:\Windows\SysNative\TURegOpt.exe [2013.03.04 22:35:15 | 000,026,488 | ---- | C] (AVG) -- D:\Windows\SysNative\authuitu.dll [2013.03.04 22:35:14 | 000,021,880 | ---- | C] (AVG) -- D:\Windows\SysWow64\authuitu.dll [2013.03.04 22:35:05 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2013.03.04 22:34:57 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\AVG [2013.03.04 22:34:10 | 000,000,000 | ---D | C] -- D:\ProgramData\AVG [2013.03.04 22:34:04 | 000,000,000 | -HSD | C] -- D:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013.03.04 22:23:40 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\AVG2013 [2013.03.04 22:22:44 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\TuneUp Software [2013.03.04 22:22:44 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.03.04 22:22:16 | 000,000,000 | -H-D | C] -- D:\$AVG [2013.03.04 22:22:14 | 000,000,000 | ---D | C] -- D:\ProgramData\AVG2013 [2013.03.04 22:20:36 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\AVG [2013.03.04 22:17:52 | 000,000,000 | -H-D | C] -- D:\ProgramData\Common Files [2013.03.04 22:17:52 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\MFAData [2013.03.04 22:17:52 | 000,000,000 | ---D | C] -- D:\ProgramData\MFAData [2013.03.04 22:17:52 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Avg2013 [2013.03.04 21:19:29 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\SPReview [2013.03.04 20:04:54 | 000,000,000 | ---D | C] -- D:\Program Files\Java [2013.03.04 10:27:32 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Microsoft Help [2013.03.04 10:12:14 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\ElevatedDiagnostics [2013.03.04 09:46:41 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR A6200 Genie [2013.03.04 09:45:18 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\NETGEAR [2013.03.03 23:14:10 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carenado Mooney M20J FSX [2013.03.03 23:12:27 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimMarket [2013.03.03 23:10:40 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLYSIMWARE [2013.03.03 19:12:42 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa [2013.03.03 19:01:48 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newport - Antigua X (Max Autogen, High End CPU's) [2013.03.03 18:55:01 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TropicalSim [2013.03.03 18:53:15 | 000,000,000 | ---D | C] -- D:\Windows\15 Caribbean FSX Airports [2013.03.03 18:12:14 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RealAir Simulations [2013.03.03 09:32:26 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\EventProviders [2013.03.02 18:19:34 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ASUS [2013.03.02 18:04:42 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx [2013.03.02 15:33:08 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\France VFR [2013.03.02 15:15:02 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyTampa [2013.03.02 15:04:26 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Aerosoft [2013.03.02 14:53:27 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft [2013.03.02 14:26:15 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Desktop\FSX Tools [2013.03.02 14:14:22 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyLogic [2013.03.02 13:18:36 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mailsoft [2013.03.02 13:17:17 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\InstallShield [2013.03.01 18:46:44 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\Documents\Flight Simulator X-Dateien [2013.03.01 18:43:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2013.03.01 18:43:08 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MSXML 4.0 [2013.03.01 18:43:04 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Microsoft Games [2013.03.01 18:31:13 | 000,000,000 | ---D | C] -- D:\Windows\PCHEALTH [2013.03.01 18:26:48 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\InstallShield [2013.03.01 18:02:41 | 000,397,312 | ---- | C] (Koyote Soft) -- D:\Windows\SysWow64\TubeFinder.exe [2013.03.01 18:02:40 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\FreeFLVConverter [2013.03.01 18:02:35 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Searchqu Toolbar [2013.03.01 18:01:47 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Free FLV Converter [2013.03.01 17:54:19 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\assembly [2013.03.01 17:54:15 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\Documents\ifolor [2013.03.01 17:25:42 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Adobe [2013.03.01 17:24:46 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Adobe [2013.03.01 17:24:46 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Adobe [2013.03.01 16:57:11 | 000,769,168 | ---- | C] (Realtek ) -- D:\Windows\SysNative\drivers\Rt64win7.sys [2013.03.01 16:21:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Brother [2013.03.01 16:21:23 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BROSNMP.DLL [2013.03.01 16:21:23 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- D:\Windows\SysWow64\BRRBTOOL.EXE [2013.03.01 16:21:23 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BRLMW03A.DLL [2013.03.01 16:21:23 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- D:\Windows\SysWow64\BRLM03A.DLL [2013.03.01 16:08:29 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2013.03.01 16:01:43 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Uniblue [2013.03.01 16:01:43 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Uniblue [2013.03.01 15:08:24 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\DESIGNER [2013.03.01 15:07:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.03.01 14:59:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.01 14:58:49 | 000,000,000 | ---D | C] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.01 13:31:13 | 000,000,000 | ---D | C] -- D:\ProgramData\regid.1991-06.com.microsoft [2013.03.01 13:31:13 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Office [2013.03.01 13:28:06 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Office 15 [2013.03.01 12:59:01 | 000,000,000 | ---D | C] -- D:\Program Files\iPod [2013.03.01 12:59:00 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes [2013.03.01 12:59:00 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\iTunes [2013.03.01 12:54:08 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\appmgmt [2013.03.01 12:12:18 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\1D74F9A8-0C4D-4CCC-AE6D-DD91FEDB473C.aplzod [2013.03.01 11:38:59 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Diagnostics [2013.03.01 11:29:48 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Google [2013.03.01 11:10:54 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Macromedia [2013.03.01 11:10:53 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Adobe [2013.03.01 11:10:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.01 11:09:55 | 000,000,000 | ---D | C] -- D:\Program Files\Google [2013.03.01 11:09:44 | 000,000,000 | ---D | C] -- D:\ProgramData\Google [2013.03.01 11:09:31 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Google [2013.03.01 11:09:31 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Google [2013.03.01 11:09:27 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Macromed [2013.03.01 11:09:26 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\Macromed [2013.03.01 11:09:03 | 000,000,000 | ---D | C] -- D:\ProgramData\Adobe [2013.03.01 11:05:53 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\Documents\OneNote-Notizbücher [2013.02.28 23:58:00 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.02.28 23:57:59 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Canon [2013.02.28 23:53:54 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon SELPHY CP900 [2013.02.28 23:53:53 | 000,000,000 | -H-D | C] -- D:\ProgramData\CanonCP [2013.02.28 23:53:10 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Canon [2013.02.28 23:25:37 | 000,035,344 | ---- | C] (CACE Technologies, Inc.) -- D:\Windows\SysNative\drivers\npf.sys [2013.02.28 23:23:58 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- D:\Windows\SysWow64\wpcap.dll [2013.02.28 23:23:58 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- D:\Windows\SysWow64\Packet.dll [2013.02.28 23:23:58 | 000,000,000 | -H-D | C] -- D:\Program Files (x86)\InstallShield Installation Information [2013.02.28 23:23:43 | 000,000,000 | ---D | C] -- D:\ProgramData\NETGEAR [2013.02.28 21:55:27 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\Desktop\iCloud [2013.02.28 21:51:19 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Apple Computer [2013.02.28 21:51:19 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Apple Computer [2013.02.28 21:50:44 | 000,000,000 | ---D | C] -- D:\ProgramData\Apple Computer [2013.02.28 21:50:02 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Apple [2013.02.28 21:50:01 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Apple Software Update [2013.02.28 21:49:44 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Apple [2013.02.28 21:49:35 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour [2013.02.28 21:49:35 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Bonjour [2013.02.28 21:49:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Apple [2013.02.28 21:49:10 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Apple [2013.02.28 21:27:58 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Documents\Scanned Documents [2013.02.28 21:27:57 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\Documents\Fax [2013.02.28 21:24:47 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Desktop\MS Office [2013.02.28 21:23:50 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft SkyDrive [2013.02.28 21:23:49 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\SkyDrive [2013.02.28 21:23:46 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft SkyDrive [2013.02.28 20:56:55 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft.NET [2013.02.28 20:30:32 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0 [2013.02.28 20:29:51 | 000,085,048 | ---- | C] (Infowatch) -- D:\Windows\SysNative\drivers\CSCrySec.sys [2013.02.28 20:29:51 | 000,066,104 | ---- | C] (Infowatch) -- D:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys [2013.02.28 20:29:47 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\DRVSTORE [2013.02.28 20:29:10 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\InfoWatch [2013.02.28 20:29:08 | 000,000,000 | ---D | C] -- D:\ProgramData\Kaspersky Lab [2013.02.28 20:29:08 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Kaspersky Lab [2013.02.28 20:29:00 | 000,636,760 | ---- | C] (Kaspersky Lab) -- D:\Windows\SysNative\drivers\klif.sys [2013.02.28 20:09:11 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Wat [2013.02.28 20:09:11 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\Wat [2013.02.28 17:23:37 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.02.28 17:18:54 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.28 17:18:50 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight [2013.02.28 17:18:43 | 000,000,000 | -HSD | C] -- D:\Windows\Installer [2013.02.28 17:18:18 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\logishrd [2013.02.28 17:18:17 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\logishrd [2013.02.28 17:17:07 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\NVIDIA Corporation [2013.02.28 17:17:05 | 000,000,000 | ---D | C] -- D:\ProgramData\NVIDIA [2013.02.28 17:16:44 | 000,060,776 | ---- | C] (Khronos Group) -- D:\Windows\SysNative\OpenCL.dll [2013.02.28 17:16:44 | 000,052,584 | ---- | C] (Khronos Group) -- D:\Windows\SysWow64\OpenCL.dll [2013.02.28 17:16:30 | 000,000,000 | ---D | C] -- D:\ProgramData\NVIDIA Corporation [2013.02.28 17:16:25 | 000,000,000 | ---D | C] -- D:\Program Files\NVIDIA Corporation [2013.02.28 17:12:00 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.28 17:12:00 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Searches [2013.02.28 17:12:00 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.28 17:11:44 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Identities [2013.02.28 17:11:30 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Contacts [2013.02.28 17:11:27 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\VirtualStore [2013.02.28 17:11:14 | 000,000,000 | --SD | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Videos [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Saved Games [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Pictures [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Music [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Links [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Favorites [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Downloads [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Documents [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\Desktop [2013.02.28 17:11:14 | 000,000,000 | R--D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Vorlagen [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\AppData\Local\Verlauf [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\AppData\Local\Temporary Internet Files [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Startmenü [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\SendTo [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Recent [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Netzwerkumgebung [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Lokale Einstellungen [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Documents\Eigene Videos [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Documents\Eigene Musik [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Eigene Dateien [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Documents\Eigene Bilder [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Druckumgebung [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Cookies [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\AppData\Local\Anwendungsdaten [2013.02.28 17:11:14 | 000,000,000 | -HSD | C] -- D:\Users\Urs Fellmann\Anwendungsdaten [2013.02.28 17:11:14 | 000,000,000 | -H-D | C] -- D:\Users\Urs Fellmann\AppData [2013.02.28 17:11:14 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Temp [2013.02.28 17:11:14 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Local\Microsoft [2013.02.28 17:11:14 | 000,000,000 | ---D | C] -- D:\Users\Urs Fellmann\AppData\Roaming\Media Center Programs [2013.02.28 17:11:01 | 000,000,000 | -HSD | C] -- D:\Recovery [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\ProgramData\Vorlagen [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\ProgramData\Startmenü [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\Programme [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\Program Files\Gemeinsame Dateien [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\ProgramData\Favoriten [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\Users\Public\Documents\Eigene Videos [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\Users\Public\Documents\Eigene Musik [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\Users\Public\Documents\Eigene Bilder [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\Dokumente und Einstellungen [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\ProgramData\Dokumente [2013.02.28 17:11:00 | 000,000,000 | -HSD | C] -- D:\ProgramData\Anwendungsdaten [2013.02.28 17:01:52 | 000,000,000 | ---D | C] -- D:\Windows\SoftwareDistribution [2013.02.28 16:59:46 | 000,000,000 | ---D | C] -- D:\Windows\Prefetch [2013.02.28 16:57:08 | 000,000,000 | ---D | C] -- D:\Windows\Panther [2013.02.28 16:52:00 | 000,000,000 | ---D | C] -- D:\Windows.old [1 D:\Program Files\*.tmp files -> D:\Program Files\*.tmp -> ] [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.04 23:20:02 | 000,001,122 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.04 23:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Urs Fellmann\Desktop\OTL.exe [2013.03.04 23:16:17 | 000,000,000 | ---- | M] () -- D:\Users\Urs Fellmann\defogger_reenable [2013.03.04 22:35:07 | 000,002,231 | ---- | M] () -- D:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2013.03.04 22:35:07 | 000,002,189 | ---- | M] () -- D:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013.03.04 22:31:01 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.04 22:22:44 | 000,000,987 | ---- | M] () -- D:\Users\Public\Desktop\AVG 2013.lnk [2013.03.04 22:06:09 | 000,000,489 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\tagesanzeiger.ch Nichts verpassen.website [2013.03.04 21:43:04 | 000,014,832 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 21:43:04 | 000,014,832 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 21:38:30 | 000,001,118 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.04 21:38:30 | 000,000,366 | ---- | M] () -- D:\Windows\tasks\powersuite_monitor.job [2013.03.04 21:35:42 | 000,065,536 | ---- | M] () -- D:\Windows\SysNative\Ikeext.etl [2013.03.04 21:35:27 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2013.03.04 21:35:16 | 1066,745,854 | -HS- | M] () -- D:\hiberfil.sys [2013.03.04 09:46:41 | 000,001,941 | ---- | M] () -- D:\Users\Public\Desktop\NETGEAR A6200 Genie.lnk [2013.03.04 09:36:45 | 000,000,447 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\Google.website [2013.03.03 21:51:28 | 001,507,126 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI [2013.03.03 21:51:28 | 000,657,566 | ---- | M] () -- D:\Windows\SysNative\perfh007.dat [2013.03.03 21:51:28 | 000,618,714 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat [2013.03.03 21:51:28 | 000,130,882 | ---- | M] () -- D:\Windows\SysNative\perfc007.dat [2013.03.03 21:51:28 | 000,107,034 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat [2013.03.03 21:47:39 | 000,000,000 | -H-- | M] () -- D:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.03 12:13:13 | 000,001,769 | ---- | M] () -- D:\Windows\Language_trs.ini [2013.03.02 18:18:46 | 000,024,576 | ---- | M] () -- D:\Windows\SysWow64\AsIO.dll [2013.03.02 18:18:46 | 000,013,368 | ---- | M] () -- D:\Windows\SysWow64\drivers\AsIO.sys [2013.03.02 16:55:49 | 000,000,577 | ---- | M] () -- D:\Windows\BRWMARK.INI [2013.03.02 16:46:49 | 000,001,105 | ---- | M] () -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013.03.02 16:02:52 | 000,000,313 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\Niederschlagsprognose für die nächsten 24 Stunden - search.ch.url [2013.03.01 23:24:50 | 000,331,680 | ---- | M] () -- D:\Windows\SysNative\FNTCACHE.DAT [2013.03.01 18:47:46 | 000,000,402 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\Microsoft Flight Simulator X - Verknüpfung.lnk [2013.03.01 18:24:37 | 000,000,291 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\UBS - UBS Online Services - Schweiz.url [2013.03.01 17:24:56 | 000,002,025 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.01 16:57:11 | 000,769,168 | ---- | M] (Realtek ) -- D:\Windows\SysNative\drivers\Rt64win7.sys [2013.03.01 16:53:13 | 000,017,738 | ---- | M] () -- D:\Windows\SysNative\nvinfo.pb [2013.03.01 16:52:30 | 000,015,416 | ---- | M] () -- D:\Windows\SysNative\drivers\ASACPI.sys [2013.03.01 16:52:30 | 000,000,000 | -H-- | M] () -- D:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.03.01 16:21:35 | 000,000,034 | ---- | M] () -- D:\Windows\SysWow64\bd4040cn.dat [2013.03.01 16:21:35 | 000,000,026 | ---- | M] () -- D:\Windows\BRPP2KA.INI [2013.03.01 16:21:23 | 000,176,128 | ---- | M] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BROSNMP.DLL [2013.03.01 16:21:23 | 000,111,928 | ---- | M] (Brother Industries Ltd) -- D:\Windows\SysWow64\BRRBTOOL.EXE [2013.03.01 16:21:23 | 000,077,824 | ---- | M] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BRLMW03A.DLL [2013.03.01 16:21:23 | 000,045,056 | ---- | M] () -- D:\Windows\SysWow64\BRTCPCON.DLL [2013.03.01 16:21:23 | 000,024,223 | ---- | M] (Brother Industries, Ltd) -- D:\Windows\SysWow64\BRLM03A.DLL [2013.03.01 16:21:23 | 000,000,114 | ---- | M] () -- D:\Windows\SysWow64\BRLMW03A.INI [2013.03.01 16:21:23 | 000,000,050 | ---- | M] () -- D:\Windows\SysNative\BAOCH06A.DAT [2013.03.01 16:08:29 | 000,001,159 | ---- | M] () -- D:\Users\Public\Desktop\Powersuite.lnk [2013.03.01 14:59:07 | 000,001,789 | ---- | M] () -- D:\Users\Public\Desktop\iTunes.lnk [2013.03.01 13:52:00 | 001,526,060 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI [2013.03.01 11:26:09 | 000,002,165 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\Microsoft SkyDrive.lnk [2013.03.01 11:21:27 | 000,002,261 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk [2013.02.28 23:58:00 | 000,001,229 | ---- | M] () -- D:\Users\Public\Desktop\SELPHY Photo Print.lnk [2013.02.28 23:58:00 | 000,001,136 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk [2013.02.28 23:53:53 | 000,000,010 | ---- | M] () -- D:\Windows\WININIT.INI [2013.02.28 23:25:35 | 000,000,000 | -H-- | M] () -- D:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf [2013.02.28 21:44:00 | 000,000,000 | -H-- | M] () -- D:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.28 21:21:28 | 000,002,383 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\Outlook 2013.lnk [2013.02.28 20:52:26 | 000,001,756 | ---- | M] () -- D:\Users\Public\Desktop\Browserwahl.lnk [2013.02.28 20:33:28 | 000,001,068 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\Kaspersky PURE 2.0.lnk [2013.02.28 20:31:33 | 000,017,408 | ---- | M] () -- D:\Users\Urs Fellmann\AppData\Local\WebpageIcons.db [2013.02.28 20:30:38 | 000,153,053 | ---- | M] () -- D:\Windows\SysNative\drivers\klin.dat [2013.02.28 20:30:38 | 000,107,384 | ---- | M] () -- D:\Windows\SysNative\drivers\klick.dat [2013.02.28 20:29:00 | 000,636,760 | ---- | M] (Kaspersky Lab) -- D:\Windows\SysNative\drivers\klif.sys [2013.02.28 20:13:35 | 000,001,411 | ---- | M] () -- D:\Users\Urs Fellmann\Desktop\Internet Explorer (64-bit).lnk [2013.02.28 20:02:32 | 000,072,822 | ---- | M] () -- D:\Windows\SysWow64\ieuinit.inf [2013.02.28 20:02:32 | 000,072,822 | ---- | M] () -- D:\Windows\SysNative\ieuinit.inf [2013.02.28 17:03:58 | 000,053,911 | ---- | M] () -- D:\Windows\SysWow64\license.rtf [2013.02.28 17:03:58 | 000,053,911 | ---- | M] () -- D:\Windows\SysNative\license.rtf [1 D:\Program Files\*.tmp files -> D:\Program Files\*.tmp -> ] [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.04 23:16:17 | 000,000,000 | ---- | C] () -- D:\Users\Urs Fellmann\defogger_reenable [2013.03.04 22:35:07 | 000,002,231 | ---- | C] () -- D:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2013.03.04 22:35:07 | 000,002,189 | ---- | C] () -- D:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013.03.04 22:35:05 | 000,002,201 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2013.03.04 22:22:44 | 000,000,987 | ---- | C] () -- D:\Users\Public\Desktop\AVG 2013.lnk [2013.03.04 09:46:41 | 000,001,941 | ---- | C] () -- D:\Users\Public\Desktop\NETGEAR A6200 Genie.lnk [2013.03.03 23:39:11 | 000,065,536 | ---- | C] () -- D:\Windows\SysNative\Ikeext.etl [2013.03.03 21:47:39 | 000,000,000 | -H-- | C] () -- D:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.03 12:13:13 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini [2013.03.02 18:19:44 | 000,024,576 | ---- | C] () -- D:\Windows\SysWow64\AsIO.dll [2013.03.02 18:19:44 | 000,013,368 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys [2013.03.02 16:02:52 | 000,000,313 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\Niederschlagsprognose für die nächsten 24 Stunden - search.ch.url [2013.03.01 18:47:46 | 000,000,402 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\Microsoft Flight Simulator X - Verknüpfung.lnk [2013.03.01 18:24:37 | 000,000,291 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\UBS - UBS Online Services - Schweiz.url [2013.03.01 18:02:40 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\PropertyGrid.ocx [2013.03.01 18:02:40 | 000,208,500 | ---- | C] () -- D:\Windows\SysWow64\ReyXpBasics.tlb [2013.03.01 18:02:40 | 000,024,576 | ---- | C] () -- D:\Windows\SysWow64\ControlSubX.ocx [2013.03.01 17:27:46 | 000,000,884 | ---- | C] () -- D:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.01 17:24:56 | 000,002,441 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.01 17:24:56 | 000,002,025 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.01 16:52:30 | 000,015,416 | ---- | C] () -- D:\Windows\SysNative\drivers\ASACPI.sys [2013.03.01 16:52:30 | 000,000,000 | -H-- | C] () -- D:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.03.01 16:21:35 | 000,000,577 | ---- | C] () -- D:\Windows\BRWMARK.INI [2013.03.01 16:21:35 | 000,000,034 | ---- | C] () -- D:\Windows\SysWow64\bd4040cn.dat [2013.03.01 16:21:35 | 000,000,026 | ---- | C] () -- D:\Windows\BRPP2KA.INI [2013.03.01 16:21:23 | 000,045,056 | ---- | C] () -- D:\Windows\SysWow64\BRTCPCON.DLL [2013.03.01 16:21:23 | 000,000,114 | ---- | C] () -- D:\Windows\SysWow64\BRLMW03A.INI [2013.03.01 16:21:23 | 000,000,050 | ---- | C] () -- D:\Windows\SysNative\BAOCH06A.DAT [2013.03.01 16:01:52 | 000,000,366 | ---- | C] () -- D:\Windows\tasks\powersuite_monitor.job [2013.03.01 16:01:46 | 000,001,159 | ---- | C] () -- D:\Users\Public\Desktop\Powersuite.lnk [2013.03.01 14:06:08 | 000,000,715 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\Aktenschrank - Verknüpfung.lnk [2013.03.01 13:52:00 | 001,526,060 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI [2013.03.01 13:12:57 | 000,001,789 | ---- | C] () -- D:\Users\Public\Desktop\iTunes.lnk [2013.03.01 11:26:09 | 000,002,165 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\Microsoft SkyDrive.lnk [2013.03.01 11:10:15 | 000,002,261 | ---- | C] () -- D:\Users\Public\Desktop\Google Chrome.lnk [2013.03.01 11:09:37 | 000,001,122 | ---- | C] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.01 11:09:36 | 000,001,118 | ---- | C] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 11:06:34 | 000,001,105 | ---- | C] () -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013.02.28 23:58:00 | 000,001,229 | ---- | C] () -- D:\Users\Public\Desktop\SELPHY Photo Print.lnk [2013.02.28 23:58:00 | 000,001,136 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SELPHY Photo Print Launcher.lnk [2013.02.28 23:53:53 | 000,000,010 | ---- | C] () -- D:\Windows\WININIT.INI [2013.02.28 23:25:35 | 000,000,000 | -H-- | C] () -- D:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf [2013.02.28 23:23:58 | 000,053,299 | ---- | C] () -- D:\Windows\SysWow64\pthreadVC.dll [2013.02.28 22:51:53 | 000,000,489 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\tagesanzeiger.ch Nichts verpassen.website [2013.02.28 21:50:01 | 000,002,519 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.28 21:44:00 | 000,000,000 | -H-- | C] () -- D:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.28 21:33:59 | 000,000,447 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\Google.website [2013.02.28 21:23:49 | 000,002,165 | ---- | C] () -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2013.02.28 21:17:36 | 000,002,383 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\Outlook 2013.lnk [2013.02.28 20:52:26 | 000,001,756 | ---- | C] () -- D:\Users\Public\Desktop\Browserwahl.lnk [2013.02.28 20:36:41 | 000,000,003 | ---- | C] () -- D:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.28 20:33:28 | 000,001,068 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\Kaspersky PURE 2.0.lnk [2013.02.28 20:31:32 | 000,017,408 | ---- | C] () -- D:\Users\Urs Fellmann\AppData\Local\WebpageIcons.db [2013.02.28 20:30:38 | 000,153,053 | ---- | C] () -- D:\Windows\SysNative\drivers\klin.dat [2013.02.28 20:30:38 | 000,107,384 | ---- | C] () -- D:\Windows\SysNative\drivers\klick.dat [2013.02.28 20:02:32 | 000,072,822 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf [2013.02.28 20:02:32 | 000,072,822 | ---- | C] () -- D:\Windows\SysNative\ieuinit.inf [2013.02.28 19:54:15 | 000,000,003 | ---- | C] () -- D:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.28 17:12:09 | 000,001,445 | ---- | C] () -- D:\Users\Urs Fellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.02.28 17:12:09 | 000,001,411 | ---- | C] () -- D:\Users\Urs Fellmann\Desktop\Internet Explorer (64-bit).lnk [2013.02.28 17:03:46 | 000,001,345 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.28 17:03:34 | 000,001,326 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.02.28 16:59:02 | 1066,745,854 | -HS- | C] () -- D:\hiberfil.sys [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- D:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- D:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- D:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = D:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = D:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = D:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.04 22:34:57 | 000,000,000 | ---D | M] -- D:\Users\Urs Fellmann\AppData\Roaming\AVG [2013.03.04 22:23:40 | 000,000,000 | ---D | M] -- D:\Users\Urs Fellmann\AppData\Roaming\AVG2013 [2013.03.01 18:08:11 | 000,000,000 | ---D | M] -- D:\Users\Urs Fellmann\AppData\Roaming\FreeFLVConverter [2013.03.04 22:22:44 | 000,000,000 | ---D | M] -- D:\Users\Urs Fellmann\AppData\Roaming\TuneUp Software [2013.03.01 16:01:43 | 000,000,000 | ---D | M] -- D:\Users\Urs Fellmann\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > |
|
05.03.2013, 14:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware.Generic Dann schau bitte die Ereignisse bei Kaspersky durch, die Infos sind wichtig! Außerdem: warum hast du AVG und Kaspersky drauf?  Zwei solcher Virenscanner sind höchst kontraproduktiv, ma sollte möglichst immer nur einen Virenscanner installiert haben!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.03.2013, 16:26
| #5 |
| | Adware.Generic |
|
05.03.2013, 16:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware.Generic Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Adware.Generic |
|
05.03.2013, 18:17
| #7 |
| | Adware.Generic Guten Abend Cosinus Eben habe ich aswMBR.exe laufen lassen. Das Programm hat mich nach einem Update von AVAST! gefragt, den ich gemacht habe. Danach Scan gestartet. Dieser Run ist abgebrochenworden mit der Fehlermeldung, AVAST! funktioniere nicht mehr und der Aufforderung, an Microsoft zu melden, was ich nicht getan habe. Wie instruiert habe ich hier gestoppt und geposte. Hartnäckig, die Biester. |
|
06.03.2013, 10:23
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware.Generic Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2013, 13:14
| #9 |
| | Adware.Generic Besten Dank für den Hinweis, nun ist alles nach Anweisung gelaufen. Hier die Logs Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.207000 GHz
Memory total: 12875575296, free: 10544807936
------------ Kernel report ------------
03/05/2013 17:48:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\CSCrySec.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\lvbflt64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\D:\Windows\system32\drivers\mbamchameleon.sys
\??\D:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imm32.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b533060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xfffffa800b19d9c0
Lower Device Driver Name: \Driver\arcsas\
Driver name found: arcsas
Initialization returned 0x0
Port sub-driver loaded: \??\D:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800b532060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa800b1a07e0
Lower Device Driver Name: \Driver\arcsas\
Driver name found: arcsas
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800b531060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800b1d3060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\D:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.05.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800b531060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b531b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b531060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b18fe40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800b1d3060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0033cc5b0, 0xfffffa800b531060, 0xfffffa800df64790
Lower DeviceData: 0xfffff8a00e2d5230, 0xfffffa800b1d3060, 0xfffffa800a62e9e0
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: D:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 68BA63CC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 1465143296
Partition file system is NTFS
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b532060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b532ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b532060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1a07e0, DeviceName: \Device\0000006d\, DriverName: \Driver\arcsas\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e4ca9d0, 0xfffffa800b532060, 0xfffffa800bace1b0
Lower DeviceData: 0xfffff8a00abfda80, 0xfffffa800b1a07e0, 0xfffffa800bb2b1e0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 51A3F8D1
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 999809024
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 511904317440 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800b533060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b3119d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b533060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b19d9c0, DeviceName: \Device\0000006e\, DriverName: \Driver\arcsas\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00adcc800, 0xfffffa800b533060, 0xfffffa800c16f320
Lower DeviceData: 0xfffff8a00c972c80, 0xfffffa800b19d9c0, 0xfffffa800ba43320
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 68BA63CF
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1463805952
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 749461307392 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-06 12:35:55
-----------------------------
12:35:55.427 OS Version: Windows x64 6.1.7600
12:35:55.427 Number of processors: 8 586 0x1A04
12:35:55.427 ComputerName: URSFELLMANN-PC UserName: Urs Fellmann
12:35:57.549 Initialize success
12:36:06.893 AVAST engine defs: 13030500
12:36:17.314 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:36:17.314 Disk 0 Vendor: SAMSUNG_HE753LJ 1AA01113 Size: 715404MB BusType: 3
12:36:17.330 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000069
12:36:17.330 Disk 1 Vendor: Adaptec_ V1.0 Size: 488190MB BusType: 8
12:36:17.330 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006a
12:36:17.330 Disk 2 Vendor: Adaptec_ V1.0 Size: 714742MB BusType: 8
12:36:17.330 Disk 1 MBR read successfully
12:36:17.345 Disk 1 MBR scan
12:36:17.345 Disk 1 Windows 7 default MBR code
12:36:17.345 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 488188 MB offset 2048
12:36:17.423 Disk 1 scanning D:\Windows\system32\drivers
12:36:28.234 Service scanning
12:36:47.219 Modules scanning
12:36:47.219 Disk 1 trace - called modules:
12:36:47.219 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll arcsas.sys
12:36:47.235 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800b530060]
12:36:47.235 3 CLASSPNP.SYS[fffff8800209a43f] -> nt!IofCallDriver -> \Device\00000069[0xfffffa800b1977e0]
12:36:47.235 Scan finished successfully
12:39:39.303 Disk 1 MBR has been saved successfully to "D:\Users\Urs Fellmann\Desktop\MBR.dat"
12:39:39.303 The log file has been saved successfully to "D:\Users\Urs Fellmann\Desktop\aswMBR.txt"
Code:
ATTFilter 12:49:51.0882 4544 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:49:51.0991 4544 ============================================================
12:49:51.0991 4544 Current date / time: 2013/03/06 12:49:51.0991
12:49:51.0991 4544 SystemInfo:
12:49:51.0991 4544
12:49:51.0991 4544 OS Version: 6.1.7600 ServicePack: 0.0
12:49:51.0991 4544 Product type: Workstation
12:49:51.0991 4544 ComputerName: URSFELLMANN-PC
12:49:51.0991 4544 UserName: Urs Fellmann
12:49:51.0991 4544 Windows directory: D:\Windows
12:49:51.0991 4544 System windows directory: D:\Windows
12:49:51.0991 4544 Running under WOW64
12:49:51.0991 4544 Processor architecture: Intel x64
12:49:51.0991 4544 Number of processors: 8
12:49:51.0991 4544 Page size: 0x1000
12:49:51.0991 4544 Boot type: Normal boot
12:49:51.0991 4544 ============================================================
12:49:53.0021 4544 Drive \Device\Harddisk1\DR1 - Size: 0x772FE00000 (476.75 Gb), SectorSize: 0x200, Cylinders: 0xF31B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:49:53.0036 4544 Drive \Device\Harddisk2\DR2 - Size: 0xAE7F600000 (697.99 Gb), SectorSize: 0x200, Cylinders: 0x163EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:49:53.0036 4544 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:49:53.0052 4544 ============================================================
12:49:53.0052 4544 \Device\Harddisk1\DR1:
12:49:53.0052 4544 MBR partitions:
12:49:53.0052 4544 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3B97E000
12:49:53.0052 4544 \Device\Harddisk2\DR2:
12:49:53.0052 4544 MBR partitions:
12:49:53.0052 4544 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x573FE800
12:49:53.0052 4544 \Device\Harddisk0\DR0:
12:49:53.0052 4544 MBR partitions:
12:49:53.0052 4544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
12:49:53.0052 4544 ============================================================
12:49:53.0052 4544 C: <-> \Device\Harddisk1\DR1\Partition1
12:49:53.0083 4544 D: <-> \Device\Harddisk0\DR0\Partition1
12:49:53.0114 4544 E: <-> \Device\Harddisk2\DR2\Partition1
12:49:53.0114 4544 ============================================================
12:49:53.0114 4544 Initialize success
12:49:53.0114 4544 ============================================================
12:50:52.0737 1052 ============================================================
12:50:52.0737 1052 Scan started
12:50:52.0737 1052 Mode: Manual; SigCheck; TDLFS;
12:50:52.0737 1052 ============================================================
12:50:53.0533 1052 ================ Scan system memory ========================
12:50:53.0533 1052 System memory - ok
12:50:53.0533 1052 ================ Scan services =============================
12:50:53.0658 1052 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci D:\Windows\system32\DRIVERS\1394ohci.sys
12:50:53.0752 1052 1394ohci - ok
12:50:53.0845 1052 [ 7C45EE305ECA4D33DF8E8604F59052C2 ] A6200 D:\Windows\system32\DRIVERS\bcmwlhigh664.sys
12:50:53.0876 1052 A6200 - ok
12:50:53.0908 1052 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI D:\Windows\system32\DRIVERS\ACPI.sys
12:50:53.0908 1052 ACPI - ok
12:50:53.0923 1052 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi D:\Windows\system32\DRIVERS\acpipmi.sys
12:50:54.0001 1052 AcpiPmi - ok
12:50:54.0064 1052 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:50:54.0079 1052 AdobeARMservice - ok
12:50:54.0173 1052 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:50:54.0188 1052 AdobeFlashPlayerUpdateSvc - ok
12:50:54.0204 1052 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx D:\Windows\system32\DRIVERS\adp94xx.sys
12:50:54.0220 1052 adp94xx - ok
12:50:54.0220 1052 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci D:\Windows\system32\DRIVERS\adpahci.sys
12:50:54.0235 1052 adpahci - ok
12:50:54.0235 1052 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 D:\Windows\system32\DRIVERS\adpu320.sys
12:50:54.0251 1052 adpu320 - ok
12:50:54.0266 1052 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc D:\Windows\System32\aelupsvc.dll
12:50:54.0329 1052 AeLookupSvc - ok
12:50:54.0407 1052 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD D:\Windows\system32\drivers\afd.sys
12:50:54.0469 1052 AFD - ok
12:50:54.0485 1052 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 D:\Windows\system32\DRIVERS\agp440.sys
12:50:54.0500 1052 agp440 - ok
12:50:54.0516 1052 [ 3290D6946B5E30E70414990574883DDB ] ALG D:\Windows\System32\alg.exe
12:50:54.0563 1052 ALG - ok
12:50:54.0578 1052 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide D:\Windows\system32\DRIVERS\aliide.sys
12:50:54.0594 1052 aliide - ok
12:50:54.0594 1052 [ 1FF8B4431C353CE385C875F194924C0C ] amdide D:\Windows\system32\DRIVERS\amdide.sys
12:50:54.0594 1052 amdide - ok
12:50:54.0610 1052 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 D:\Windows\system32\DRIVERS\amdk8.sys
12:50:54.0610 1052 AmdK8 - ok
12:50:54.0625 1052 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM D:\Windows\system32\DRIVERS\amdppm.sys
12:50:54.0656 1052 AmdPPM - ok
12:50:54.0688 1052 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata D:\Windows\system32\drivers\amdsata.sys
12:50:54.0703 1052 amdsata - ok
12:50:54.0719 1052 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs D:\Windows\system32\DRIVERS\amdsbs.sys
12:50:54.0719 1052 amdsbs - ok
12:50:54.0750 1052 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata D:\Windows\system32\drivers\amdxata.sys
12:50:54.0750 1052 amdxata - ok
12:50:54.0781 1052 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID D:\Windows\system32\drivers\appid.sys
12:50:54.0844 1052 AppID - ok
12:50:54.0844 1052 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc D:\Windows\System32\appidsvc.dll
12:50:54.0890 1052 AppIDSvc - ok
12:50:54.0922 1052 [ D065BE66822847B7F127D1F90158376E ] Appinfo D:\Windows\System32\appinfo.dll
12:50:54.0968 1052 Appinfo - ok
12:50:55.0156 1052 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:50:55.0171 1052 Apple Mobile Device - ok
12:50:55.0249 1052 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt D:\Windows\System32\appmgmts.dll
12:50:55.0296 1052 AppMgmt - ok
12:50:55.0296 1052 [ C484F8CEB1717C540242531DB7845C4E ] arc D:\Windows\system32\DRIVERS\arc.sys
12:50:55.0312 1052 arc - ok
12:50:55.0358 1052 [ ABB5D92BEBBCE3518039C16B28AB3983 ] arcsas D:\Windows\system32\DRIVERS\arcsas.sys
12:50:55.0374 1052 arcsas - ok
12:50:55.0452 1052 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO D:\Windows\syswow64\drivers\AsIO.sys
12:50:55.0452 1052 AsIO - ok
12:50:55.0483 1052 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac D:\Windows\system32\DRIVERS\asyncmac.sys
12:50:55.0592 1052 AsyncMac - ok
12:50:55.0624 1052 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi D:\Windows\system32\DRIVERS\atapi.sys
12:50:55.0639 1052 atapi - ok
12:50:55.0655 1052 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder D:\Windows\System32\Audiosrv.dll
12:50:55.0686 1052 AudioEndpointBuilder - ok
12:50:55.0686 1052 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv D:\Windows\System32\Audiosrv.dll
12:50:55.0717 1052 AudioSrv - ok
12:50:55.0780 1052 [ AEFC1353D0FB4E92A23CFB7E3372356D ] AVP D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
12:50:55.0795 1052 AVP - ok
12:50:55.0795 1052 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV D:\Windows\System32\AxInstSV.dll
12:50:55.0842 1052 AxInstSV - ok
12:50:55.0889 1052 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv D:\Windows\system32\DRIVERS\bxvbda.sys
12:50:55.0936 1052 b06bdrv - ok
12:50:55.0982 1052 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a D:\Windows\system32\DRIVERS\b57nd60a.sys
12:50:56.0014 1052 b57nd60a - ok
12:50:56.0045 1052 BCM42RLY - ok
12:50:56.0045 1052 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC D:\Windows\System32\bdesvc.dll
12:50:56.0060 1052 BDESVC - ok
12:50:56.0092 1052 [ 16A47CE2DECC9B099349A5F840654746 ] Beep D:\Windows\system32\drivers\Beep.sys
12:50:56.0154 1052 Beep - ok
12:50:56.0185 1052 [ 4992C609A6315671463E30F6512BC022 ] BFE D:\Windows\System32\bfe.dll
12:50:56.0248 1052 BFE - ok
12:50:56.0294 1052 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS D:\Windows\System32\qmgr.dll
12:50:56.0341 1052 BITS - ok
12:50:56.0357 1052 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive D:\Windows\system32\DRIVERS\blbdrive.sys
12:50:56.0372 1052 blbdrive - ok
12:50:56.0528 1052 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service D:\Program Files\Bonjour\mDNSResponder.exe
12:50:56.0544 1052 Bonjour Service - ok
12:50:56.0575 1052 [ 19D20159708E152267E53B66677A4995 ] bowser D:\Windows\system32\DRIVERS\bowser.sys
12:50:56.0638 1052 bowser - ok
12:50:56.0638 1052 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo D:\Windows\system32\DRIVERS\BrFiltLo.sys
12:50:56.0653 1052 BrFiltLo - ok
12:50:56.0653 1052 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp D:\Windows\system32\DRIVERS\BrFiltUp.sys
12:50:56.0669 1052 BrFiltUp - ok
12:50:56.0716 1052 [ 6B054C67AAA87843504E8E3C09102009 ] Browser D:\Windows\System32\browser.dll
12:50:56.0762 1052 Browser - ok
12:50:56.0794 1052 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid D:\Windows\System32\Drivers\Brserid.sys
12:50:56.0840 1052 Brserid - ok
12:50:56.0856 1052 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm D:\Windows\System32\Drivers\BrSerWdm.sys
12:50:56.0887 1052 BrSerWdm - ok
12:50:56.0887 1052 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm D:\Windows\System32\Drivers\BrUsbMdm.sys
12:50:56.0903 1052 BrUsbMdm - ok
12:50:56.0903 1052 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer D:\Windows\System32\Drivers\BrUsbSer.sys
12:50:56.0918 1052 BrUsbSer - ok
12:50:56.0950 1052 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM D:\Windows\system32\DRIVERS\bthmodem.sys
12:50:56.0981 1052 BTHMODEM - ok
12:50:56.0981 1052 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv D:\Windows\system32\bthserv.dll
12:50:57.0028 1052 bthserv - ok
12:50:57.0059 1052 [ B8BD2BB284668C84865658C77574381A ] cdfs D:\Windows\system32\DRIVERS\cdfs.sys
12:50:57.0090 1052 cdfs - ok
12:50:57.0106 1052 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom D:\Windows\system32\DRIVERS\cdrom.sys
12:50:57.0137 1052 cdrom - ok
12:50:57.0168 1052 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc D:\Windows\System32\certprop.dll
12:50:57.0230 1052 CertPropSvc - ok
12:50:57.0262 1052 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass D:\Windows\system32\DRIVERS\circlass.sys
12:50:57.0262 1052 circlass - ok
12:50:57.0293 1052 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS D:\Windows\system32\CLFS.sys
12:50:57.0308 1052 CLFS - ok
12:50:57.0371 1052 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:57.0386 1052 clr_optimization_v2.0.50727_32 - ok
12:50:57.0449 1052 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 D:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:50:57.0464 1052 clr_optimization_v2.0.50727_64 - ok
12:50:57.0527 1052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:57.0542 1052 clr_optimization_v4.0.30319_32 - ok
12:50:57.0574 1052 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:50:57.0589 1052 clr_optimization_v4.0.30319_64 - ok
12:50:57.0589 1052 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt D:\Windows\system32\DRIVERS\CmBatt.sys
12:50:57.0589 1052 CmBatt - ok
12:50:57.0605 1052 [ E19D3F095812725D88F9001985B94EDD ] cmdide D:\Windows\system32\DRIVERS\cmdide.sys
12:50:57.0620 1052 cmdide - ok
12:50:57.0636 1052 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG D:\Windows\system32\Drivers\cng.sys
12:50:57.0652 1052 CNG - ok
12:50:57.0652 1052 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt D:\Windows\system32\DRIVERS\compbatt.sys
12:50:57.0667 1052 Compbatt - ok
12:50:57.0698 1052 [ 11CC395D18FF03E95E8C6A149C84C91B ] CompFilter64 D:\Windows\system32\DRIVERS\lvbflt64.sys
12:50:57.0698 1052 CompFilter64 - ok
12:50:57.0714 1052 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus D:\Windows\system32\DRIVERS\CompositeBus.sys
12:50:57.0745 1052 CompositeBus - ok
12:50:57.0745 1052 COMSysApp - ok
12:50:57.0792 1052 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk D:\Windows\system32\DRIVERS\crcdisk.sys
12:50:57.0808 1052 crcdisk - ok
12:50:57.0823 1052 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc D:\Windows\system32\cryptsvc.dll
12:50:57.0870 1052 CryptSvc - ok
12:50:57.0917 1052 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC D:\Windows\system32\drivers\csc.sys
12:50:57.0979 1052 CSC - ok
12:50:58.0010 1052 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec D:\Windows\system32\DRIVERS\CSCrySec.sys
12:50:58.0026 1052 CSCrySec - ok
12:50:58.0026 1052 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService D:\Windows\System32\cscsvc.dll
12:50:58.0073 1052 CscService - ok
12:50:58.0135 1052 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv D:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
12:50:58.0151 1052 CSObjectsSrv - ok
12:50:58.0182 1052 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv D:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
12:50:58.0182 1052 CSVirtualDiskDrv - ok
12:50:58.0213 1052 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch D:\Windows\system32\rpcss.dll
12:50:58.0244 1052 DcomLaunch - ok
12:50:58.0291 1052 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc D:\Windows\System32\defragsvc.dll
12:50:58.0354 1052 defragsvc - ok
12:50:58.0385 1052 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC D:\Windows\system32\Drivers\dfsc.sys
12:50:58.0463 1052 DfsC - ok
12:50:58.0478 1052 [ CE3B9562D997F69B330D181A8875960F ] Dhcp D:\Windows\system32\dhcpcore.dll
12:50:58.0556 1052 Dhcp - ok
12:50:58.0572 1052 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache D:\Windows\system32\drivers\discache.sys
12:50:58.0619 1052 discache - ok
12:50:58.0650 1052 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk D:\Windows\system32\DRIVERS\disk.sys
12:50:58.0666 1052 Disk - ok
12:50:58.0681 1052 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache D:\Windows\System32\dnsrslvr.dll
12:50:58.0728 1052 Dnscache - ok
12:50:58.0759 1052 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc D:\Windows\System32\dot3svc.dll
12:50:58.0822 1052 dot3svc - ok
12:50:58.0853 1052 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS D:\Windows\system32\dps.dll
12:50:58.0900 1052 DPS - ok
12:50:58.0931 1052 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud D:\Windows\system32\drivers\drmkaud.sys
12:50:58.0962 1052 drmkaud - ok
12:50:58.0993 1052 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl D:\Windows\System32\drivers\dxgkrnl.sys
12:50:59.0024 1052 DXGKrnl - ok
12:50:59.0056 1052 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost D:\Windows\System32\eapsvc.dll
12:50:59.0087 1052 EapHost - ok
12:50:59.0149 1052 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv D:\Windows\system32\DRIVERS\evbda.sys
12:50:59.0196 1052 ebdrv - ok
12:50:59.0227 1052 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS D:\Windows\System32\lsass.exe
12:50:59.0258 1052 EFS - ok
12:50:59.0368 1052 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr D:\Windows\ehome\ehRecvr.exe
12:50:59.0414 1052 ehRecvr - ok
12:50:59.0446 1052 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched D:\Windows\ehome\ehsched.exe
12:50:59.0477 1052 ehSched - ok
12:50:59.0508 1052 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor D:\Windows\system32\DRIVERS\elxstor.sys
12:50:59.0524 1052 elxstor - ok
12:50:59.0539 1052 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev D:\Windows\system32\DRIVERS\errdev.sys
12:50:59.0555 1052 ErrDev - ok
12:50:59.0602 1052 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem D:\Windows\system32\es.dll
12:50:59.0633 1052 EventSystem - ok
12:50:59.0633 1052 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat D:\Windows\system32\drivers\exfat.sys
12:50:59.0664 1052 exfat - ok
12:50:59.0664 1052 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat D:\Windows\system32\drivers\fastfat.sys
12:50:59.0711 1052 fastfat - ok
12:50:59.0758 1052 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax D:\Windows\system32\fxssvc.exe
12:50:59.0820 1052 Fax - ok
12:50:59.0836 1052 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc D:\Windows\system32\DRIVERS\fdc.sys
12:50:59.0867 1052 fdc - ok
12:50:59.0898 1052 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost D:\Windows\system32\fdPHost.dll
12:50:59.0960 1052 fdPHost - ok
12:50:59.0976 1052 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub D:\Windows\system32\fdrespub.dll
12:51:00.0023 1052 FDResPub - ok
12:51:00.0038 1052 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo D:\Windows\system32\drivers\fileinfo.sys
12:51:00.0054 1052 FileInfo - ok
12:51:00.0054 1052 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace D:\Windows\system32\drivers\filetrace.sys
12:51:00.0116 1052 Filetrace - ok
12:51:00.0116 1052 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk D:\Windows\system32\DRIVERS\flpydisk.sys
12:51:00.0116 1052 flpydisk - ok
12:51:00.0163 1052 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr D:\Windows\system32\drivers\fltmgr.sys
12:51:00.0163 1052 FltMgr - ok
12:51:00.0210 1052 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache D:\Windows\system32\FntCache.dll
12:51:00.0257 1052 FontCache - ok
12:51:00.0319 1052 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 D:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:51:00.0335 1052 FontCache3.0.0.0 - ok
12:51:00.0335 1052 [ D43703496149971890703B4B1B723EAC ] FsDepends D:\Windows\system32\drivers\FsDepends.sys
12:51:00.0350 1052 FsDepends - ok
12:51:00.0366 1052 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec D:\Windows\system32\drivers\Fs_Rec.sys
12:51:00.0382 1052 Fs_Rec - ok
12:51:00.0413 1052 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol D:\Windows\system32\DRIVERS\fvevol.sys
12:51:00.0428 1052 fvevol - ok
12:51:00.0460 1052 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx D:\Windows\system32\DRIVERS\gagp30kx.sys
12:51:00.0475 1052 gagp30kx - ok
12:51:00.0584 1052 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM D:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:51:00.0584 1052 GEARAspiWDM - ok
12:51:00.0616 1052 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc D:\Windows\System32\gpsvc.dll
12:51:00.0694 1052 gpsvc - ok
12:51:00.0803 1052 [ F02A533F517EB38333CB12A9E8963773 ] gupdate D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:51:00.0803 1052 gupdate - ok
12:51:00.0818 1052 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:51:00.0818 1052 gupdatem - ok
12:51:00.0881 1052 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc D:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:51:00.0896 1052 gusvc - ok
12:51:00.0928 1052 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir D:\Windows\system32\drivers\hcw85cir.sys
12:51:00.0959 1052 hcw85cir - ok
12:51:01.0021 1052 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService D:\Windows\system32\drivers\HdAudio.sys
12:51:01.0068 1052 HdAudAddService - ok
12:51:01.0115 1052 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus D:\Windows\system32\DRIVERS\HDAudBus.sys
12:51:01.0162 1052 HDAudBus - ok
12:51:01.0177 1052 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt D:\Windows\system32\DRIVERS\HidBatt.sys
12:51:01.0208 1052 HidBatt - ok
12:51:01.0208 1052 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth D:\Windows\system32\DRIVERS\hidbth.sys
12:51:01.0224 1052 HidBth - ok
12:51:01.0240 1052 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr D:\Windows\system32\DRIVERS\hidir.sys
12:51:01.0302 1052 HidIr - ok
12:51:01.0318 1052 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv D:\Windows\system32\hidserv.dll
12:51:01.0364 1052 hidserv - ok
12:51:01.0396 1052 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb D:\Windows\system32\DRIVERS\hidusb.sys
12:51:01.0427 1052 HidUsb - ok
12:51:01.0474 1052 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc D:\Windows\system32\kmsvc.dll
12:51:01.0520 1052 hkmsvc - ok
12:51:01.0552 1052 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener D:\Windows\system32\ListSvc.dll
12:51:01.0614 1052 HomeGroupListener - ok
12:51:01.0661 1052 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider D:\Windows\system32\provsvc.dll
12:51:01.0708 1052 HomeGroupProvider - ok
12:51:01.0754 1052 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD D:\Windows\system32\DRIVERS\HpSAMD.sys
12:51:01.0770 1052 HpSAMD - ok
12:51:01.0801 1052 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP D:\Windows\system32\drivers\HTTP.sys
12:51:01.0832 1052 HTTP - ok
12:51:01.0848 1052 [ F17766A19145F111856378DF337A5D79 ] hwpolicy D:\Windows\system32\drivers\hwpolicy.sys
12:51:01.0848 1052 hwpolicy - ok
12:51:01.0879 1052 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt D:\Windows\system32\DRIVERS\i8042prt.sys
12:51:01.0895 1052 i8042prt - ok
12:51:01.0942 1052 [ B75E45C564E944A2657167D197AB29DA ] iaStorV D:\Windows\system32\drivers\iaStorV.sys
12:51:01.0957 1052 iaStorV - ok
12:51:02.0004 1052 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:51:02.0020 1052 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:51:02.0020 1052 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:51:02.0113 1052 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc D:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:51:02.0129 1052 idsvc - ok
12:51:02.0129 1052 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp D:\Windows\system32\DRIVERS\iirsp.sys
12:51:02.0144 1052 iirsp - ok
12:51:02.0191 1052 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT D:\Windows\System32\ikeext.dll
12:51:02.0269 1052 IKEEXT - ok
12:51:02.0285 1052 [ F00F20E70C6EC3AA366910083A0518AA ] intelide D:\Windows\system32\DRIVERS\intelide.sys
12:51:02.0300 1052 intelide - ok
12:51:02.0316 1052 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm D:\Windows\system32\DRIVERS\intelppm.sys
12:51:02.0347 1052 intelppm - ok
12:51:02.0347 1052 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum D:\Windows\system32\ipbusenum.dll
12:51:02.0394 1052 IPBusEnum - ok
12:51:02.0410 1052 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver D:\Windows\system32\DRIVERS\ipfltdrv.sys
12:51:02.0441 1052 IpFilterDriver - ok
12:51:02.0472 1052 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc D:\Windows\System32\iphlpsvc.dll
12:51:02.0534 1052 iphlpsvc - ok
12:51:02.0534 1052 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV D:\Windows\system32\DRIVERS\IPMIDrv.sys
12:51:02.0550 1052 IPMIDRV - ok
12:51:02.0550 1052 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT D:\Windows\system32\drivers\ipnat.sys
12:51:02.0581 1052 IPNAT - ok
12:51:02.0675 1052 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service D:\Program Files\iPod\bin\iPodService.exe
12:51:02.0706 1052 iPod Service - ok
12:51:02.0722 1052 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM D:\Windows\system32\drivers\irenum.sys
12:51:02.0737 1052 IRENUM - ok
12:51:02.0737 1052 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp D:\Windows\system32\DRIVERS\isapnp.sys
12:51:02.0753 1052 isapnp - ok
12:51:02.0784 1052 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt D:\Windows\system32\DRIVERS\msiscsi.sys
12:51:02.0800 1052 iScsiPrt - ok
12:51:02.0878 1052 [ C8A3C909F0EFF13CAE0C17503B1F5DB2 ] iusb3hcs D:\Windows\system32\DRIVERS\iusb3hcs.sys
12:51:02.0893 1052 iusb3hcs - ok
12:51:02.0924 1052 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass D:\Windows\system32\DRIVERS\kbdclass.sys
12:51:02.0924 1052 kbdclass - ok
12:51:02.0940 1052 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid D:\Windows\system32\DRIVERS\kbdhid.sys
12:51:02.0987 1052 kbdhid - ok
12:51:03.0002 1052 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso D:\Windows\system32\lsass.exe
12:51:03.0018 1052 KeyIso - ok
12:51:03.0065 1052 [ 73BF91EFBE1F788D0615A396A9211A4B ] KL1 D:\Windows\system32\DRIVERS\kl1.sys
12:51:03.0096 1052 KL1 - ok
12:51:03.0127 1052 [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2 D:\Windows\system32\DRIVERS\kl2.sys
12:51:03.0143 1052 kl2 - ok
12:51:03.0190 1052 [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF D:\Windows\system32\DRIVERS\klif.sys
12:51:03.0221 1052 KLIF - ok
12:51:03.0221 1052 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 D:\Windows\system32\DRIVERS\klim6.sys
12:51:03.0236 1052 KLIM6 - ok
12:51:03.0236 1052 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt D:\Windows\system32\DRIVERS\klmouflt.sys
12:51:03.0252 1052 klmouflt - ok
12:51:03.0268 1052 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD D:\Windows\system32\Drivers\ksecdd.sys
12:51:03.0283 1052 KSecDD - ok
12:51:03.0299 1052 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg D:\Windows\system32\Drivers\ksecpkg.sys
12:51:03.0314 1052 KSecPkg - ok
12:51:03.0330 1052 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk D:\Windows\system32\drivers\ksthunk.sys
12:51:03.0377 1052 ksthunk - ok
12:51:03.0439 1052 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm D:\Windows\system32\msdtckrm.dll
12:51:03.0502 1052 KtmRm - ok
12:51:03.0533 1052 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer D:\Windows\system32\srvsvc.dll
12:51:03.0580 1052 LanmanServer - ok
12:51:03.0626 1052 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation D:\Windows\System32\wkssvc.dll
12:51:03.0689 1052 LanmanWorkstation - ok
12:51:03.0720 1052 [ 1538831CF8AD2979A04C423779465827 ] lltdio D:\Windows\system32\DRIVERS\lltdio.sys
12:51:03.0751 1052 lltdio - ok
12:51:03.0767 1052 [ C1185803384AB3FEED115F79F109427F ] lltdsvc D:\Windows\System32\lltdsvc.dll
12:51:03.0814 1052 lltdsvc - ok
12:51:03.0829 1052 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts D:\Windows\System32\lmhsvc.dll
12:51:03.0860 1052 lmhosts - ok
12:51:03.0876 1052 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC D:\Windows\system32\DRIVERS\lsi_fc.sys
12:51:03.0892 1052 LSI_FC - ok
12:51:03.0892 1052 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS D:\Windows\system32\DRIVERS\lsi_sas.sys
12:51:03.0907 1052 LSI_SAS - ok
12:51:03.0907 1052 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 D:\Windows\system32\DRIVERS\lsi_sas2.sys
12:51:03.0923 1052 LSI_SAS2 - ok
12:51:03.0923 1052 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI D:\Windows\system32\DRIVERS\lsi_scsi.sys
12:51:03.0923 1052 LSI_SCSI - ok
12:51:03.0954 1052 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv D:\Windows\system32\drivers\luafv.sys
12:51:04.0001 1052 luafv - ok
12:51:04.0110 1052 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 D:\Windows\system32\DRIVERS\lvuvc64.sys
12:51:04.0172 1052 LVUVC64 - ok
12:51:04.0188 1052 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc D:\Windows\system32\Mcx2Svc.dll
12:51:04.0219 1052 Mcx2Svc - ok
12:51:04.0235 1052 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas D:\Windows\system32\DRIVERS\megasas.sys
12:51:04.0250 1052 megasas - ok
12:51:04.0250 1052 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR D:\Windows\system32\DRIVERS\MegaSR.sys
12:51:04.0266 1052 MegaSR - ok
12:51:04.0266 1052 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS D:\Windows\system32\mmcss.dll
12:51:04.0313 1052 MMCSS - ok
12:51:04.0328 1052 [ 800BA92F7010378B09F9ED9270F07137 ] Modem D:\Windows\system32\drivers\modem.sys
12:51:04.0375 1052 Modem - ok
12:51:04.0406 1052 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor D:\Windows\system32\DRIVERS\monitor.sys
12:51:04.0453 1052 monitor - ok
12:51:04.0484 1052 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass D:\Windows\system32\DRIVERS\mouclass.sys
12:51:04.0500 1052 mouclass - ok
12:51:04.0516 1052 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid D:\Windows\system32\DRIVERS\mouhid.sys
12:51:04.0547 1052 mouhid - ok
12:51:04.0578 1052 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr D:\Windows\system32\drivers\mountmgr.sys
12:51:04.0594 1052 mountmgr - ok
12:51:04.0594 1052 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio D:\Windows\system32\DRIVERS\mpio.sys
12:51:04.0609 1052 mpio - ok
12:51:04.0609 1052 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv D:\Windows\system32\drivers\mpsdrv.sys
12:51:04.0625 1052 mpsdrv - ok
12:51:04.0656 1052 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc D:\Windows\system32\mpssvc.dll
12:51:04.0703 1052 MpsSvc - ok
12:51:04.0718 1052 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV D:\Windows\system32\drivers\mrxdav.sys
12:51:04.0734 1052 MRxDAV - ok
12:51:04.0781 1052 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb D:\Windows\system32\DRIVERS\mrxsmb.sys
12:51:04.0812 1052 mrxsmb - ok
12:51:04.0843 1052 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 D:\Windows\system32\DRIVERS\mrxsmb10.sys
12:51:04.0843 1052 mrxsmb10 - ok
12:51:04.0859 1052 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 D:\Windows\system32\DRIVERS\mrxsmb20.sys
12:51:04.0890 1052 mrxsmb20 - ok
12:51:04.0890 1052 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci D:\Windows\system32\DRIVERS\msahci.sys
12:51:04.0906 1052 msahci - ok
12:51:04.0921 1052 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm D:\Windows\system32\DRIVERS\msdsm.sys
12:51:04.0921 1052 msdsm - ok
12:51:04.0937 1052 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC D:\Windows\System32\msdtc.exe
12:51:04.0952 1052 MSDTC - ok
12:51:04.0984 1052 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs D:\Windows\system32\drivers\Msfs.sys
12:51:04.0999 1052 Msfs - ok
12:51:05.0015 1052 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf D:\Windows\System32\drivers\mshidkmdf.sys
12:51:05.0046 1052 mshidkmdf - ok
12:51:05.0093 1052 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv D:\Windows\system32\DRIVERS\msisadrv.sys
12:51:05.0093 1052 msisadrv - ok
12:51:05.0140 1052 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI D:\Windows\system32\iscsiexe.dll
12:51:05.0171 1052 MSiSCSI - ok
12:51:05.0171 1052 msiserver - ok
12:51:05.0202 1052 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV D:\Windows\system32\drivers\MSKSSRV.sys
12:51:05.0264 1052 MSKSSRV - ok
12:51:05.0311 1052 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK D:\Windows\system32\drivers\MSPCLOCK.sys
12:51:05.0374 1052 MSPCLOCK - ok
12:51:05.0374 1052 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM D:\Windows\system32\drivers\MSPQM.sys
12:51:05.0405 1052 MSPQM - ok
12:51:05.0436 1052 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC D:\Windows\system32\drivers\MsRPC.sys
12:51:05.0452 1052 MsRPC - ok
12:51:05.0452 1052 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios D:\Windows\system32\DRIVERS\mssmbios.sys
12:51:05.0467 1052 mssmbios - ok
12:51:05.0483 1052 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE D:\Windows\system32\drivers\MSTEE.sys
12:51:05.0530 1052 MSTEE - ok
12:51:05.0545 1052 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig D:\Windows\system32\DRIVERS\MTConfig.sys
12:51:05.0561 1052 MTConfig - ok
12:51:05.0623 1052 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor D:\Windows\system32\DRIVERS\ASACPI.sys
12:51:05.0623 1052 MTsensor - ok
12:51:05.0654 1052 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup D:\Windows\system32\Drivers\mup.sys
12:51:05.0670 1052 Mup - ok
12:51:05.0686 1052 [ 4987E079A4530FA737A128BE54B63B12 ] napagent D:\Windows\system32\qagentRT.dll
12:51:05.0764 1052 napagent - ok
12:51:05.0826 1052 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP D:\Windows\system32\DRIVERS\nwifi.sys
12:51:05.0857 1052 NativeWifiP - ok
12:51:05.0888 1052 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS D:\Windows\system32\drivers\ndis.sys
12:51:05.0904 1052 NDIS - ok
12:51:05.0935 1052 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap D:\Windows\system32\DRIVERS\ndiscap.sys
12:51:05.0966 1052 NdisCap - ok
12:51:05.0998 1052 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi D:\Windows\system32\DRIVERS\ndistapi.sys
12:51:06.0029 1052 NdisTapi - ok
12:51:06.0060 1052 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio D:\Windows\system32\DRIVERS\ndisuio.sys
12:51:06.0107 1052 Ndisuio - ok
12:51:06.0122 1052 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan D:\Windows\system32\DRIVERS\ndiswan.sys
12:51:06.0154 1052 NdisWan - ok
12:51:06.0154 1052 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy D:\Windows\system32\drivers\NDProxy.sys
12:51:06.0200 1052 NDProxy - ok
12:51:06.0232 1052 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS D:\Windows\system32\DRIVERS\netbios.sys
12:51:06.0263 1052 NetBIOS - ok
12:51:06.0263 1052 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT D:\Windows\system32\DRIVERS\netbt.sys
12:51:06.0310 1052 NetBT - ok
12:51:06.0341 1052 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon D:\Windows\system32\lsass.exe
12:51:06.0341 1052 Netlogon - ok
12:51:06.0372 1052 [ 847D3AE376C0817161A14A82C8922A9E ] Netman D:\Windows\System32\netman.dll
12:51:06.0388 1052 Netman - ok
12:51:06.0403 1052 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm D:\Windows\System32\netprofm.dll
12:51:06.0450 1052 netprofm - ok
12:51:06.0481 1052 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing D:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:51:06.0497 1052 NetTcpPortSharing - ok
12:51:06.0512 1052 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 D:\Windows\system32\DRIVERS\nfrd960.sys
12:51:06.0512 1052 nfrd960 - ok
12:51:06.0544 1052 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc D:\Windows\System32\nlasvc.dll
12:51:06.0575 1052 NlaSvc - ok
12:51:06.0637 1052 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF D:\Windows\system32\drivers\npf.sys
12:51:06.0653 1052 NPF - ok
12:51:06.0668 1052 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs D:\Windows\system32\drivers\Npfs.sys
12:51:06.0715 1052 Npfs - ok
12:51:06.0746 1052 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi D:\Windows\system32\nsisvc.dll
12:51:06.0778 1052 nsi - ok
12:51:06.0793 1052 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy D:\Windows\system32\drivers\nsiproxy.sys
12:51:06.0824 1052 nsiproxy - ok
12:51:06.0887 1052 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs D:\Windows\system32\drivers\Ntfs.sys
12:51:06.0934 1052 Ntfs - ok
12:51:06.0934 1052 [ 9899284589F75FA8724FF3D16AED75C1 ] Null D:\Windows\system32\drivers\Null.sys
12:51:06.0980 1052 Null - ok
12:51:07.0183 1052 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm D:\Windows\system32\DRIVERS\nvlddmkm.sys
12:51:07.0292 1052 nvlddmkm - ok
12:51:07.0324 1052 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid D:\Windows\system32\drivers\nvraid.sys
12:51:07.0324 1052 nvraid - ok
12:51:07.0370 1052 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor D:\Windows\system32\drivers\nvstor.sys
12:51:07.0370 1052 nvstor - ok
12:51:07.0448 1052 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc D:\Windows\system32\nvvsvc.exe
12:51:07.0464 1052 nvsvc - ok
12:51:07.0495 1052 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:51:07.0511 1052 nvUpdatusService - ok
12:51:07.0526 1052 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp D:\Windows\system32\DRIVERS\nv_agp.sys
12:51:07.0542 1052 nv_agp - ok
12:51:07.0667 1052 [ 9CF7E8EF673BB0B8BBF520AB1F0331E2 ] OfficeSvc D:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
12:51:07.0698 1052 OfficeSvc - ok
12:51:07.0698 1052 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 D:\Windows\system32\DRIVERS\ohci1394.sys
12:51:07.0714 1052 ohci1394 - ok
12:51:07.0792 1052 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose D:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:51:07.0807 1052 ose - ok
12:51:08.0010 1052 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:51:08.0057 1052 osppsvc - ok
12:51:08.0072 1052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc D:\Windows\system32\pnrpsvc.dll
12:51:08.0135 1052 p2pimsvc - ok
12:51:08.0150 1052 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc D:\Windows\system32\p2psvc.dll
12:51:08.0166 1052 p2psvc - ok
12:51:08.0182 1052 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport D:\Windows\system32\DRIVERS\parport.sys
12:51:08.0197 1052 Parport - ok
12:51:08.0228 1052 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr D:\Windows\system32\drivers\partmgr.sys
12:51:08.0244 1052 partmgr - ok
12:51:08.0244 1052 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc D:\Windows\System32\pcasvc.dll
12:51:08.0275 1052 PcaSvc - ok
12:51:08.0306 1052 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci D:\Windows\system32\DRIVERS\pci.sys
12:51:08.0322 1052 pci - ok
12:51:08.0338 1052 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide D:\Windows\system32\DRIVERS\pciide.sys
12:51:08.0338 1052 pciide - ok
12:51:08.0369 1052 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia D:\Windows\system32\DRIVERS\pcmcia.sys
12:51:08.0384 1052 pcmcia - ok
12:51:08.0400 1052 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw D:\Windows\system32\drivers\pcw.sys
12:51:08.0416 1052 pcw - ok
12:51:08.0431 1052 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH D:\Windows\system32\drivers\peauth.sys
12:51:08.0478 1052 PEAUTH - ok
12:51:08.0525 1052 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc D:\Windows\system32\peerdistsvc.dll
12:51:08.0572 1052 PeerDistSvc - ok
12:51:08.0665 1052 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost D:\Windows\SysWow64\perfhost.exe
12:51:08.0712 1052 PerfHost - ok
12:51:08.0759 1052 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla D:\Windows\system32\pla.dll
12:51:08.0821 1052 pla - ok
12:51:08.0868 1052 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay D:\Windows\system32\umpnpmgr.dll
12:51:08.0946 1052 PlugPlay - ok
12:51:08.0977 1052 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg D:\Windows\system32\pnrpauto.dll
12:51:08.0993 1052 PNRPAutoReg - ok
12:51:09.0008 1052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc D:\Windows\system32\pnrpsvc.dll
12:51:09.0024 1052 PNRPsvc - ok
12:51:09.0040 1052 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent D:\Windows\System32\ipsecsvc.dll
12:51:09.0118 1052 PolicyAgent - ok
12:51:09.0149 1052 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power D:\Windows\system32\umpo.dll
12:51:09.0180 1052 Power - ok
12:51:09.0227 1052 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport D:\Windows\system32\DRIVERS\raspptp.sys
12:51:09.0274 1052 PptpMiniport - ok
12:51:09.0274 1052 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor D:\Windows\system32\DRIVERS\processr.sys
12:51:09.0289 1052 Processor - ok
12:51:09.0352 1052 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc D:\Windows\system32\profsvc.dll
12:51:09.0398 1052 ProfSvc - ok
12:51:09.0430 1052 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage D:\Windows\system32\lsass.exe
12:51:09.0445 1052 ProtectedStorage - ok
12:51:09.0492 1052 [ EE992183BD8EAEFD9973F352E587A299 ] Psched D:\Windows\system32\DRIVERS\pacer.sys
12:51:09.0554 1052 Psched - ok
12:51:09.0632 1052 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 D:\Windows\system32\DRIVERS\ql2300.sys
12:51:09.0679 1052 ql2300 - ok
12:51:09.0679 1052 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx D:\Windows\system32\DRIVERS\ql40xx.sys
12:51:09.0695 1052 ql40xx - ok
12:51:09.0695 1052 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE D:\Windows\system32\qwave.dll
12:51:09.0710 1052 QWAVE - ok
12:51:09.0726 1052 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv D:\Windows\system32\drivers\qwavedrv.sys
12:51:09.0726 1052 QWAVEdrv - ok
12:51:09.0742 1052 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd D:\Windows\system32\DRIVERS\rasacd.sys
12:51:09.0773 1052 RasAcd - ok
12:51:09.0835 1052 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn D:\Windows\system32\DRIVERS\AgileVpn.sys
12:51:09.0851 1052 RasAgileVpn - ok
12:51:09.0866 1052 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto D:\Windows\System32\rasauto.dll
12:51:09.0882 1052 RasAuto - ok
12:51:09.0913 1052 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp D:\Windows\system32\DRIVERS\rasl2tp.sys
12:51:09.0960 1052 Rasl2tp - ok
12:51:10.0007 1052 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan D:\Windows\System32\rasmans.dll
12:51:10.0038 1052 RasMan - ok
12:51:10.0038 1052 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe D:\Windows\system32\DRIVERS\raspppoe.sys
12:51:10.0069 1052 RasPppoe - ok
12:51:10.0085 1052 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp D:\Windows\system32\DRIVERS\rassstp.sys
12:51:10.0132 1052 RasSstp - ok
12:51:10.0147 1052 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss D:\Windows\system32\DRIVERS\rdbss.sys
12:51:10.0210 1052 rdbss - ok
12:51:10.0225 1052 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus D:\Windows\system32\DRIVERS\rdpbus.sys
12:51:10.0241 1052 rdpbus - ok
12:51:10.0256 1052 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD D:\Windows\system32\DRIVERS\RDPCDD.sys
12:51:10.0272 1052 RDPCDD - ok
12:51:10.0303 1052 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR D:\Windows\system32\drivers\rdpdr.sys
12:51:10.0366 1052 RDPDR - ok
12:51:10.0381 1052 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD D:\Windows\system32\drivers\rdpencdd.sys
12:51:10.0444 1052 RDPENCDD - ok
12:51:10.0475 1052 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP D:\Windows\system32\drivers\rdprefmp.sys
12:51:10.0506 1052 RDPREFMP - ok
12:51:10.0537 1052 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD D:\Windows\system32\drivers\RDPWD.sys
12:51:10.0568 1052 RDPWD - ok
12:51:10.0600 1052 [ 634B9A2181D98F15941236886164EC8B ] rdyboost D:\Windows\system32\drivers\rdyboost.sys
12:51:10.0615 1052 rdyboost - ok
12:51:10.0615 1052 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess D:\Windows\System32\mprdim.dll
12:51:10.0678 1052 RemoteAccess - ok
12:51:10.0693 1052 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry D:\Windows\system32\regsvc.dll
12:51:10.0709 1052 RemoteRegistry - ok
12:51:10.0740 1052 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper D:\Windows\System32\RpcEpMap.dll
12:51:10.0756 1052 RpcEptMapper - ok
12:51:10.0771 1052 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator D:\Windows\system32\locator.exe
12:51:10.0818 1052 RpcLocator - ok
12:51:10.0849 1052 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs D:\Windows\system32\rpcss.dll
12:51:10.0896 1052 RpcSs - ok
12:51:10.0896 1052 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr D:\Windows\system32\DRIVERS\rspndr.sys
12:51:10.0943 1052 rspndr - ok
12:51:10.0990 1052 [ B358C047E081AC70035017BD1D7ED818 ] RTL8167 D:\Windows\system32\DRIVERS\Rt64win7.sys
12:51:11.0021 1052 RTL8167 - ok
12:51:11.0036 1052 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap D:\Windows\system32\DRIVERS\vms3cap.sys
12:51:11.0099 1052 s3cap - ok
12:51:11.0099 1052 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs D:\Windows\system32\lsass.exe
12:51:11.0114 1052 SamSs - ok
12:51:11.0161 1052 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port D:\Windows\system32\DRIVERS\sbp2port.sys
12:51:11.0177 1052 sbp2port - ok
12:51:11.0192 1052 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr D:\Windows\System32\SCardSvr.dll
12:51:11.0224 1052 SCardSvr - ok
12:51:11.0224 1052 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter D:\Windows\system32\DRIVERS\scfilter.sys
12:51:11.0255 1052 scfilter - ok
12:51:11.0317 1052 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule D:\Windows\system32\schedsvc.dll
12:51:11.0395 1052 Schedule - ok
12:51:11.0426 1052 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc D:\Windows\System32\certprop.dll
12:51:11.0458 1052 SCPolicySvc - ok
12:51:11.0458 1052 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC D:\Windows\System32\SDRSVC.dll
12:51:11.0520 1052 SDRSVC - ok
12:51:11.0520 1052 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv D:\Windows\system32\drivers\secdrv.sys
12:51:11.0551 1052 secdrv - ok
12:51:11.0567 1052 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon D:\Windows\system32\seclogon.dll
12:51:11.0598 1052 seclogon - ok
12:51:11.0629 1052 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS D:\Windows\System32\sens.dll
12:51:11.0692 1052 SENS - ok
12:51:11.0707 1052 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc D:\Windows\system32\sensrsvc.dll
12:51:11.0754 1052 SensrSvc - ok
12:51:11.0785 1052 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum D:\Windows\system32\DRIVERS\serenum.sys
12:51:11.0801 1052 Serenum - ok
12:51:11.0848 1052 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial D:\Windows\system32\DRIVERS\serial.sys
12:51:11.0879 1052 Serial - ok
12:51:11.0879 1052 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse D:\Windows\system32\DRIVERS\sermouse.sys
12:51:11.0894 1052 sermouse - ok
12:51:11.0926 1052 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv D:\Windows\system32\sessenv.dll
12:51:11.0957 1052 SessionEnv - ok
12:51:11.0957 1052 [ A554811BCD09279536440C964AE35BBF ] sffdisk D:\Windows\system32\DRIVERS\sffdisk.sys
12:51:11.0988 1052 sffdisk - ok
12:51:12.0004 1052 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc D:\Windows\system32\DRIVERS\sffp_mmc.sys
12:51:12.0035 1052 sffp_mmc - ok
12:51:12.0035 1052 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd D:\Windows\system32\DRIVERS\sffp_sd.sys
12:51:12.0050 1052 sffp_sd - ok
12:51:12.0050 1052 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy D:\Windows\system32\DRIVERS\sfloppy.sys
12:51:12.0082 1052 sfloppy - ok
12:51:12.0113 1052 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess D:\Windows\System32\ipnathlp.dll
12:51:12.0144 1052 SharedAccess - ok
12:51:12.0160 1052 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection D:\Windows\System32\shsvcs.dll
12:51:12.0191 1052 ShellHWDetection - ok
12:51:12.0191 1052 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 D:\Windows\system32\DRIVERS\SiSRaid2.sys
12:51:12.0206 1052 SiSRaid2 - ok
12:51:12.0222 1052 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 D:\Windows\system32\DRIVERS\sisraid4.sys
12:51:12.0238 1052 SiSRaid4 - ok
12:51:12.0253 1052 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb D:\Windows\system32\DRIVERS\smb.sys
12:51:12.0284 1052 Smb - ok
12:51:12.0316 1052 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP D:\Windows\System32\snmptrap.exe
12:51:12.0316 1052 SNMPTRAP - ok
12:51:12.0331 1052 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr D:\Windows\system32\drivers\spldr.sys
12:51:12.0347 1052 spldr - ok
12:51:12.0362 1052 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler D:\Windows\System32\spoolsv.exe
12:51:12.0425 1052 Spooler - ok
12:51:12.0503 1052 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc D:\Windows\system32\sppsvc.exe
12:51:12.0581 1052 sppsvc - ok
12:51:12.0628 1052 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify D:\Windows\system32\sppuinotify.dll
12:51:12.0690 1052 sppuinotify - ok
12:51:12.0752 1052 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv D:\Windows\system32\DRIVERS\srv.sys
12:51:12.0830 1052 srv - ok
12:51:12.0862 1052 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 D:\Windows\system32\DRIVERS\srv2.sys
12:51:12.0908 1052 srv2 - ok
12:51:12.0924 1052 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet D:\Windows\system32\DRIVERS\srvnet.sys
12:51:12.0955 1052 srvnet - ok
12:51:13.0002 1052 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV D:\Windows\System32\ssdpsrv.dll
12:51:13.0049 1052 SSDPSRV - ok
12:51:13.0064 1052 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc D:\Windows\system32\sstpsvc.dll
12:51:13.0096 1052 SstpSvc - ok
12:51:13.0111 1052 [ F3817967ED533D08327DC73BC4D5542A ] stexstor D:\Windows\system32\DRIVERS\stexstor.sys
12:51:13.0127 1052 stexstor - ok
12:51:13.0142 1052 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc D:\Windows\System32\wiaservc.dll
12:51:13.0158 1052 stisvc - ok
12:51:13.0174 1052 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt D:\Windows\system32\DRIVERS\vmstorfl.sys
12:51:13.0174 1052 storflt - ok
12:51:13.0205 1052 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc D:\Windows\system32\DRIVERS\storvsc.sys
12:51:13.0220 1052 storvsc - ok
12:51:13.0267 1052 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum D:\Windows\system32\DRIVERS\swenum.sys
12:51:13.0267 1052 swenum - ok
12:51:13.0283 1052 [ E08E46FDD841B7184194011CA1955A0B ] swprv D:\Windows\System32\swprv.dll
12:51:13.0330 1052 swprv - ok
12:51:13.0392 1052 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain D:\Windows\system32\sysmain.dll
12:51:13.0454 1052 SysMain - ok
12:51:13.0470 1052 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService D:\Windows\System32\TabSvc.dll
12:51:13.0517 1052 TabletInputService - ok
12:51:13.0548 1052 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv D:\Windows\System32\tapisrv.dll
12:51:13.0610 1052 TapiSrv - ok
12:51:13.0626 1052 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS D:\Windows\System32\tbssvc.dll
12:51:13.0657 1052 TBS - ok
12:51:13.0704 1052 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip D:\Windows\system32\drivers\tcpip.sys
12:51:13.0735 1052 Tcpip - ok
12:51:13.0751 1052 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 D:\Windows\system32\DRIVERS\tcpip.sys
12:51:13.0782 1052 TCPIP6 - ok
12:51:13.0798 1052 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg D:\Windows\system32\drivers\tcpipreg.sys
12:51:13.0813 1052 tcpipreg - ok
12:51:13.0844 1052 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE D:\Windows\system32\drivers\tdpipe.sys
12:51:13.0876 1052 TDPIPE - ok
12:51:13.0907 1052 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP D:\Windows\system32\drivers\tdtcp.sys
12:51:13.0938 1052 TDTCP - ok
12:51:13.0985 1052 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx D:\Windows\system32\DRIVERS\tdx.sys
12:51:14.0032 1052 tdx - ok
12:51:14.0032 1052 [ C448651339196C0E869A355171875522 ] TermDD D:\Windows\system32\DRIVERS\termdd.sys
12:51:14.0047 1052 TermDD - ok
12:51:14.0063 1052 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService D:\Windows\System32\termsrv.dll
12:51:14.0110 1052 TermService - ok
12:51:14.0141 1052 [ F0344071948D1A1FA732231785A0664C ] Themes D:\Windows\system32\themeservice.dll
12:51:14.0188 1052 Themes - ok
12:51:14.0203 1052 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER D:\Windows\system32\mmcss.dll
12:51:14.0234 1052 THREADORDER - ok
12:51:14.0250 1052 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks D:\Windows\System32\trkwks.dll
12:51:14.0281 1052 TrkWks - ok
12:51:14.0375 1052 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller D:\Windows\servicing\TrustedInstaller.exe
12:51:14.0406 1052 TrustedInstaller - ok
12:51:14.0437 1052 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv D:\Windows\system32\DRIVERS\tssecsrv.sys
12:51:14.0484 1052 tssecsrv - ok
12:51:14.0500 1052 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel D:\Windows\system32\DRIVERS\tunnel.sys
12:51:14.0515 1052 tunnel - ok
12:51:14.0546 1052 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 D:\Windows\system32\DRIVERS\uagp35.sys
12:51:14.0546 1052 uagp35 - ok
12:51:14.0562 1052 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs D:\Windows\system32\DRIVERS\udfs.sys
12:51:14.0609 1052 udfs - ok
12:51:14.0640 1052 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect D:\Windows\system32\UI0Detect.exe
12:51:14.0656 1052 UI0Detect - ok
12:51:14.0671 1052 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx D:\Windows\system32\DRIVERS\uliagpkx.sys
12:51:14.0671 1052 uliagpkx - ok
12:51:14.0734 1052 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus D:\Windows\system32\DRIVERS\umbus.sys
12:51:14.0765 1052 umbus - ok
12:51:14.0765 1052 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass D:\Windows\system32\DRIVERS\umpass.sys
12:51:14.0796 1052 UmPass - ok
12:51:14.0843 1052 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService D:\Windows\System32\umrdp.dll
12:51:14.0843 1052 UmRdpService - ok
12:51:14.0890 1052 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv D:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:51:14.0921 1052 UMVPFSrv - ok
12:51:14.0936 1052 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost D:\Windows\System32\upnphost.dll
12:51:14.0968 1052 upnphost - ok
12:51:14.0999 1052 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 D:\Windows\system32\Drivers\usbaapl64.sys
12:51:15.0046 1052 USBAAPL64 - ok
12:51:15.0108 1052 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio D:\Windows\system32\drivers\usbaudio.sys
12:51:15.0139 1052 usbaudio - ok
12:51:15.0155 1052 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp D:\Windows\system32\DRIVERS\usbccgp.sys
12:51:15.0186 1052 usbccgp - ok
12:51:15.0186 1052 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir D:\Windows\system32\DRIVERS\usbcir.sys
12:51:15.0233 1052 usbcir - ok
12:51:15.0248 1052 [ 92969BA5AC44E229C55A332864F79677 ] usbehci D:\Windows\system32\DRIVERS\usbehci.sys
12:51:15.0264 1052 usbehci - ok
12:51:15.0280 1052 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub D:\Windows\system32\DRIVERS\usbhub.sys
12:51:15.0326 1052 usbhub - ok
12:51:15.0326 1052 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci D:\Windows\system32\drivers\usbohci.sys
12:51:15.0358 1052 usbohci - ok
12:51:15.0373 1052 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint D:\Windows\system32\DRIVERS\usbprint.sys
12:51:15.0436 1052 usbprint - ok
12:51:15.0482 1052 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan D:\Windows\system32\DRIVERS\usbscan.sys
12:51:15.0514 1052 usbscan - ok
12:51:15.0560 1052 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR D:\Windows\system32\DRIVERS\USBSTOR.SYS
12:51:15.0576 1052 USBSTOR - ok
12:51:15.0607 1052 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci D:\Windows\system32\DRIVERS\usbuhci.sys
12:51:15.0638 1052 usbuhci - ok
12:51:15.0654 1052 [ D501E12614B00A3252073101D6A1A74B ] usbvideo D:\Windows\system32\Drivers\usbvideo.sys
12:51:15.0685 1052 usbvideo - ok
12:51:15.0716 1052 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms D:\Windows\System32\uxsms.dll
12:51:15.0779 1052 UxSms - ok
12:51:15.0794 1052 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc D:\Windows\system32\lsass.exe
12:51:15.0810 1052 VaultSvc - ok
12:51:15.0857 1052 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot D:\Windows\system32\DRIVERS\vdrvroot.sys
12:51:15.0872 1052 vdrvroot - ok
12:51:15.0888 1052 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds D:\Windows\System32\vds.exe
12:51:15.0904 1052 vds - ok
12:51:15.0935 1052 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga D:\Windows\system32\DRIVERS\vgapnp.sys
12:51:15.0950 1052 vga - ok
12:51:16.0013 1052 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave D:\Windows\System32\drivers\vga.sys
12:51:16.0075 1052 VgaSave - ok
12:51:16.0075 1052 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp D:\Windows\system32\DRIVERS\vhdmp.sys
12:51:16.0091 1052 vhdmp - ok
12:51:16.0122 1052 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide D:\Windows\system32\DRIVERS\viaide.sys
12:51:16.0138 1052 viaide - ok
12:51:16.0231 1052 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus D:\Windows\system32\DRIVERS\vmbus.sys
12:51:16.0262 1052 vmbus - ok
12:51:16.0294 1052 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID D:\Windows\system32\DRIVERS\VMBusHID.sys
12:51:16.0418 1052 VMBusHID - ok
12:51:16.0481 1052 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr D:\Windows\system32\DRIVERS\volmgr.sys
12:51:16.0496 1052 volmgr - ok
12:51:16.0512 1052 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx D:\Windows\system32\drivers\volmgrx.sys
12:51:16.0528 1052 volmgrx - ok
12:51:16.0559 1052 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap D:\Windows\system32\DRIVERS\volsnap.sys
12:51:16.0590 1052 volsnap - ok
12:51:16.0606 1052 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid D:\Windows\system32\DRIVERS\vsmraid.sys
12:51:16.0621 1052 vsmraid - ok
12:51:16.0652 1052 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS D:\Windows\system32\vssvc.exe
12:51:16.0699 1052 VSS - ok
12:51:16.0699 1052 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus D:\Windows\system32\DRIVERS\vwifibus.sys
12:51:16.0715 1052 vwifibus - ok
12:51:16.0746 1052 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt D:\Windows\system32\DRIVERS\vwififlt.sys
12:51:16.0777 1052 vwififlt - ok
12:51:16.0808 1052 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time D:\Windows\system32\w32time.dll
12:51:16.0886 1052 W32Time - ok
12:51:16.0886 1052 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen D:\Windows\system32\DRIVERS\wacompen.sys
12:51:16.0902 1052 WacomPen - ok
12:51:16.0949 1052 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP D:\Windows\system32\DRIVERS\wanarp.sys
12:51:16.0996 1052 WANARP - ok
12:51:16.0996 1052 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 D:\Windows\system32\DRIVERS\wanarp.sys
12:51:17.0027 1052 Wanarpv6 - ok
12:51:17.0089 1052 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc D:\Windows\system32\Wat\WatAdminSvc.exe
12:51:17.0136 1052 WatAdminSvc - ok
12:51:17.0183 1052 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine D:\Windows\system32\wbengine.exe
12:51:17.0245 1052 wbengine - ok
12:51:17.0261 1052 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc D:\Windows\System32\wbiosrvc.dll
12:51:17.0292 1052 WbioSrvc - ok
12:51:17.0308 1052 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc D:\Windows\System32\wcncsvc.dll
12:51:17.0354 1052 wcncsvc - ok
12:51:17.0386 1052 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService D:\Windows\System32\WcsPlugInService.dll
12:51:17.0432 1052 WcsPlugInService - ok
12:51:17.0448 1052 [ 72889E16FF12BA0F235467D6091B17DC ] Wd D:\Windows\system32\DRIVERS\wd.sys
12:51:17.0464 1052 Wd - ok
12:51:17.0495 1052 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 D:\Windows\system32\drivers\Wdf01000.sys
12:51:17.0510 1052 Wdf01000 - ok
12:51:17.0526 1052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost D:\Windows\system32\wdi.dll
12:51:17.0588 1052 WdiServiceHost - ok
12:51:17.0588 1052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost D:\Windows\system32\wdi.dll
12:51:17.0604 1052 WdiSystemHost - ok
12:51:17.0651 1052 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient D:\Windows\System32\webclnt.dll
12:51:17.0729 1052 WebClient - ok
12:51:17.0744 1052 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc D:\Windows\system32\wecsvc.dll
12:51:17.0791 1052 Wecsvc - ok
12:51:17.0822 1052 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport D:\Windows\System32\wercplsupport.dll
12:51:17.0869 1052 wercplsupport - ok
12:51:17.0916 1052 [ 6D137963730144698CBD10F202E9F251 ] WerSvc D:\Windows\System32\WerSvc.dll
12:51:17.0932 1052 WerSvc - ok
12:51:17.0947 1052 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf D:\Windows\system32\DRIVERS\wfplwf.sys
12:51:17.0994 1052 WfpLwf - ok
12:51:18.0041 1052 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount D:\Windows\system32\drivers\wimmount.sys
12:51:18.0041 1052 WIMMount - ok
12:51:18.0103 1052 WinDefend - ok
12:51:18.0119 1052 WinHttpAutoProxySvc - ok
12:51:18.0166 1052 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt D:\Windows\system32\wbem\WMIsvc.dll
12:51:18.0197 1052 Winmgmt - ok
12:51:18.0228 1052 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM D:\Windows\system32\WsmSvc.dll
12:51:18.0290 1052 WinRM - ok
12:51:18.0400 1052 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb D:\Windows\system32\DRIVERS\WinUsb.sys
12:51:18.0431 1052 WinUsb - ok
12:51:18.0462 1052 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc D:\Windows\System32\wlansvc.dll
12:51:18.0509 1052 Wlansvc - ok
12:51:18.0524 1052 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi D:\Windows\system32\DRIVERS\wmiacpi.sys
12:51:18.0540 1052 WmiAcpi - ok
12:51:18.0571 1052 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv D:\Windows\system32\wbem\WmiApSrv.exe
12:51:18.0587 1052 wmiApSrv - ok
12:51:18.0634 1052 WMPNetworkSvc - ok
12:51:18.0649 1052 [ B12BEB4E6B33A9E3EDE3BA0B41525C79 ] WNDA6200 D:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
12:51:18.0665 1052 WNDA6200 - ok
12:51:18.0680 1052 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc D:\Windows\System32\wpcsvc.dll
12:51:18.0680 1052 WPCSvc - ok
12:51:18.0696 1052 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum D:\Windows\system32\wpdbusenum.dll
12:51:18.0727 1052 WPDBusEnum - ok
12:51:18.0743 1052 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl D:\Windows\system32\drivers\ws2ifsl.sys
12:51:18.0790 1052 ws2ifsl - ok
12:51:18.0805 1052 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc D:\Windows\System32\wscsvc.dll
12:51:18.0868 1052 wscsvc - ok
12:51:18.0868 1052 WSearch - ok
12:51:18.0946 1052 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv D:\Windows\system32\wuaueng.dll
12:51:18.0992 1052 wuauserv - ok
12:51:19.0008 1052 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf D:\Windows\system32\drivers\WudfPf.sys
12:51:19.0055 1052 WudfPf - ok
12:51:19.0070 1052 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd D:\Windows\system32\DRIVERS\WUDFRd.sys
12:51:19.0102 1052 WUDFRd - ok
12:51:19.0133 1052 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc D:\Windows\System32\WUDFSvc.dll
12:51:19.0148 1052 wudfsvc - ok
12:51:19.0180 1052 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc D:\Windows\System32\wwansvc.dll
12:51:19.0226 1052 WwanSvc - ok
12:51:19.0258 1052 ================ Scan global ===============================
12:51:19.0273 1052 [ BA0CD8C393E8C9F83354106093832C7B ] D:\Windows\system32\basesrv.dll
12:51:19.0289 1052 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] D:\Windows\system32\winsrv.dll
12:51:19.0289 1052 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] D:\Windows\system32\winsrv.dll
12:51:19.0320 1052 [ D6160F9D869BA3AF0B787F971DB56368 ] D:\Windows\system32\sxssrv.dll
12:51:19.0336 1052 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] D:\Windows\system32\services.exe
12:51:19.0336 1052 [Global] - ok
12:51:19.0336 1052 ================ Scan MBR ==================================
12:51:19.0336 1052 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:51:19.0429 1052 \Device\Harddisk1\DR1 - ok
12:51:19.0429 1052 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
12:51:19.0476 1052 \Device\Harddisk2\DR2 - ok
12:51:19.0492 1052 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:51:19.0632 1052 \Device\Harddisk0\DR0 - ok
12:51:19.0632 1052 ================ Scan VBR ==================================
12:51:19.0632 1052 [ 07155A201DDC82F8E2A6975AD34FFEFB ] \Device\Harddisk1\DR1\Partition1
12:51:19.0632 1052 \Device\Harddisk1\DR1\Partition1 - ok
12:51:19.0632 1052 [ D6DF185BC1CEBEF43524A6E929F6A0E5 ] \Device\Harddisk2\DR2\Partition1
12:51:19.0632 1052 \Device\Harddisk2\DR2\Partition1 - ok
12:51:19.0632 1052 [ 15898218A8C16807892E9C3DD0106DD1 ] \Device\Harddisk0\DR0\Partition1
12:51:19.0632 1052 \Device\Harddisk0\DR0\Partition1 - ok
12:51:19.0632 1052 ============================================================
12:51:19.0632 1052 Scan finished
12:51:19.0632 1052 ============================================================
12:51:19.0648 4620 Detected object count: 1
12:51:19.0648 4620 Actual detected object count: 1
12:53:19.0175 4620 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:19.0175 4620 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:12.0369 5488 Deinitialize success
|
|
06.03.2013, 13:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware.Generic Du hast leider das falsche Log von MBAR gepostet, bitte die Anleitungen richtig lesen und umsetzen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2013, 14:09
| #11 |
| | Adware.Generic Tut mir leid, dieses hier ist aus dem Ordner, das andere war auf dem Desktop. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.05.03
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Urs Fellmann :: URSFELLMANN-PC [administrator]
05.03.2013 17:54:58
mbar-log-2013-03-05 (17-54-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29358
Time elapsed: 4 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
06.03.2013, 14:15
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware.Generic Unauffällig  JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 20:57
| #13 |
| | Adware.Generic Ich hoffe, es geht dir gut. Ich war ortsabwesend. Hier nun die Logs nach Durchführung der Massnahmen. OTL muss ich leider zippen und anhängen, weil alles zusammen zu gross wurde - sorry. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Urs Fellmann on 11.03.2013 at 19:19:54.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.03.2013 at 19:24:04.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.114 - Datei am 11/03/2013 um 19:28:56 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzer : Urs Fellmann - URSFELLMANN-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Urs Fellmann\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : D:\Users\Urs Fellmann\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1375 octets] - [06/03/2013 20:47:20]
AdwCleaner[R2].txt - [1435 octets] - [06/03/2013 20:48:22]
AdwCleaner[S1].txt - [1336 octets] - [06/03/2013 20:48:46]
AdwCleaner[S2].txt - [1034 octets] - [06/03/2013 22:42:05]
AdwCleaner[S3].txt - [965 octets] - [11/03/2013 19:28:56]
########## EOF - D:\AdwCleaner[S3].txt - [1024 octets] ##########
Anhang 51519 |
|
12.03.2013, 09:39
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware.GenericZitat:
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 09:34
| #15 |
| | Adware.Generic Guten Morgen MBAR hat einen Fund, ESET nicht. Die Logs sind unten. Ad Win 7 Ultimate: Ich wollte wegen FSX & Co ein System mit i7, als dieser neu auf dem Markt war und habe darum bei einem Assembler gekauft. Der hat Ultimate draufgetan, warum, weiss ich auch nicht. Log MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.12.07
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Urs Fellmann :: URSFELLMANN-PC [administrator]
12.03.2013 19:30:05
mbar-log-2013-03-12 (19-30-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29453
Time elapsed: 4 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
d:\Windows\SysWOW64\esftchk5.dll (Trojan.Scar) -> Delete on reboot.
(end)
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ac58c056acb5924ca13c7b14d4416ff0
# engine=13367
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-12 11:50:08
# local_time=2013-03-13 12:50:08 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 95075 115537879 0 0
# scanned=562539
# found=0
# cleaned=0
# scan_time=18595
|
|
| Themen zu Adware.Generic |
| adware generic, avg, control, eingefangen, empfehlung, entdeck, entdeckt, files, foren, forum, guten, heur, heur trojaner, java, kaspersky, malware, neu, problem, scan, september, system, tools, trojaner, update, verschiedene, win |
Linear-Darstellung
