Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner - Start im Abgesicherten Modus nicht möglich (https://www.trojaner-board.de/135054-gvu-trojaner-start-abgesicherten-modus-moeglich.html)

Lapilala 16.05.2013 17:54
GVU Trojaner - Start im Abgesicherten Modus nicht möglich
 
Hallo liebes trojaner-board Team,

ich habe mir unglücklicherweise den GVU Trojaner eingefangen. Damals konnte ich ihn einfach über den abgesicherten Modus löschen, doch diesmal haben sich die Hacker was neues einfallen lassen.
Wenn ich versuche den Computer im abgesicherten Modus zu starten, fährt er sofort wieder runter. Somit komme ich erst gar nicht auf meinen Desktop.
Eine Systemwiederherstellung ist momentan nicht möglich, da ich keinen Wiederherstellungspunkt habe.

Bei mir handelt es sich dabei um exakt dasselbe Problem wie hier:
http://www.trojaner-board.de/135041-...ktioniert.html

Ich hoffe ihr könnt mir da weiterhelfen. :daumenhoc

markusg 16.05.2013 17:57
hi,
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
http://filepony.de/download-isoburner/
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Lapilala 16.05.2013 18:00
Ich habe zwar einen Zweit-PC mit CD-Brenner, aber leider hat mein infizierter Rechner kein DVD/CD Laufwerk.
Könnte man auch das Tool auch auf einen Stick ziehen und dann davon booten?
Danke schonmal im vorraus :)

markusg 16.05.2013 18:02
Hi,
Erstellen wir einen bootbaren USB Stick für OTLPE

Wichtig:
Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht
mehr vorhanden sein.
Downloade dir eeepcfr.zip und entpacke die Datei nach Systemroot (meistens
C:\).
  • Leere den USB Stick auf den Du OTLPE erstellen willst.
  • Navigiere nach C:\eeecpfr und starte usb_prep8.cmd.
  • Drücke
    im DOS Fenster eine beliebige Taste.
  • Gehe nun sicher das der richtige Laufwerksbuchstabe deines USB Sticks ganz oben steht.
    Für Drive Label: gib ein OTLPE.
    Unter Source Path to built BartPE/WinPE Files klicke ... und wähle den vorher erstellten OTLPE Ordner .
    Setze ein Häckchen bei Enable File Copy.
  • Klicke Start, akzeptiere die Nutzungsbestimmungen.
Nun kannst Du mit dem USB Stick dein System starten!

Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device
auswählen)
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt
    wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s)
    for scanning"    , dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.

  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt
    und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste
    den Inhalt von C:\OTL.Txt und Extras.Txt.

Lapilala 16.05.2013 19:11
Nach langem hin und her, findet eeecpfr meinen Stick nicht. Es ist ein 32 GB stick. Habe schon alle Formate (NTFS, Fat32, EXFat) formatiert, und habe es auch schon mit einer kleinen Partitionierung (2GB) versucht.

Was nun? :(

markusg 16.05.2013 19:13
evtl. n anderen stick?

markusg 16.05.2013 19:13
oder pc mal starten f8 drücken und gucken ob der abgesicherte modus geht

Lapilala 16.05.2013 19:35
Also beim infiziertem PC geht der abgesicherte Modus ja leider nicht, da der Rechner beim booten sofort wieder runterfährt.

Einen anderen Stick habe ich leider gerade nicht zur Hand. Ich habe es soeben noch mit einer externen Festplatte probiert, aber das ging leider auch nicht.

Ich werde versuchen auf morgen einen neuen Stick aufzutreiben.

markusg 16.05.2013 23:45
oder an nem andern pc ausprobieren.

Lapilala 20.05.2013 15:18
Vorweg erstmal sorry für die riesigen Bilder, aber ich habe sie auf die schnelle nicht klein bekommen.

Nach langem hin und her habe ich mir die neuste Version von PeToUSB geladen und diese als Administrator gestartet, und nun hat das Tool auch endlich meinen Stick erkannt.

Im Bootmenü hatte ich dann vom Stick her 2 Auswahlmöglichkeiten
hier ein Bild:

http://imageshack.us/a/img838/2863/bild1la.jpg

Wenn ich vom UEFI Stick gebootet hab, passierte gar nichts, und Windows 7 fährt ganz normal hoch, mit GVU Meldung.

Wenn ich im Bootmenü nach dem normalen Stick boote, kommt immer folgende Meldung:

http://imageshack.us/a/img841/5413/bild3aem.jpg

Nach diesem Neustart bootet der Rechner wieder normal in das Windows 7 System.

Nach der ganzen Aktion habe ich mir nun einen externen DVD-Brenner ausgeliehen und habe entsprechend deiner Anleitung verfahren.
Das REATOGO-X-PE System wird diesmal auch erkannt, und es wird auch davon gebootet, doch sobald der Windows XP Ladescreen kommt, erhalte ich einen Bluescreen mit folgender Meldung:

http://imageshack.us/a/img208/3527/bild2lx.jpg


Nun bin ich mit meinem Latein am Ende :headbang:
Hast du vielleicht noch eine rettende Idee? :(

markusg 20.05.2013 16:37
gehe bitte ins bios, dort müsste es die Option, ide bzw ahci mode geben, da den geggenteiligen konfigurieren und die CD starten, da die Bios versionen immer unterschiedlich aussehen kann ich dir nicht genau sagen wo du suchen musst, advanced options aber häufig.

Lapilala 20.05.2013 17:52
Der Mode war standardmäßig bei mir auf AHCI, und habe ihn auf IDE gestellt, und es funktionierte :Boogie:
Danke schonmal dafür.

Also nun habe ich die Log:

Code:
OTL logfile created on: 5/21/2013 1:29:07 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.33 Mb Free Space | 74.33% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 73.98 Mb Free Space | 73.98% Space Free | Partition Type: NTFS
Drive E: | 213.34 Gb Total Space | 12.43 Gb Free Space | 5.82% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 3.76 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive G: | 19.43 Gb Total Space | 2.17 Gb Free Space | 11.17% Space Free | Partition Type: NTFS
Drive H: | 97.56 Gb Total Space | 2.00 Gb Free Space | 2.05% Space Free | Partition Type: NTFS
Drive I: | 833.85 Gb Total Space | 9.18 Gb Free Space | 1.10% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/02 09:39:30 | 000,168,864 | ---- | M] () [Auto] -- H:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/15 11:19:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/26 16:57:24 | 000,570,664 | ---- | M] (AnchorFree Inc.) [Auto] -- H:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/04/26 16:57:04 | 000,390,440 | ---- | M] () [Auto] -- H:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/04/26 16:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) [Auto] -- H:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2013/04/24 15:29:56 | 000,078,512 | ---- | M] () [On_Demand] -- H:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- H:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/12 05:21:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- H:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/10 08:05:52 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012/11/13 01:19:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/20 04:56:06 | 000,136,896 | ---- | M] (Futuremark Corporation) [On_Demand] -- H:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/06/09 07:33:44 | 000,076,888 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/06/08 20:18:08 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto] -- H:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/08 20:17:38 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto] -- H:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/08 19:39:40 | 011,839,488 | ---- | M] () [Auto] -- H:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/06/08 18:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto] -- H:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/05/30 06:38:50 | 000,008,192 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/08/29 17:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto] -- H:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/04/29 19:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/27 11:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto] -- H:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/24 15:18:34 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System] -- H:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/10 08:20:34 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System] -- H:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/07/20 07:49:00 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- H:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/08 20:18:28 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/06/08 20:17:18 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012/06/08 20:16:28 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/06/08 17:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/06/08 17:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/05/02 09:39:14 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto] -- H:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012/04/06 14:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/02/15 06:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/10 13:24:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/07 08:12:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011/08/29 17:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/08 08:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot] -- H:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/10 12:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 07:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 07:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- H:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/12/28 22:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/10 09:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 09:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/27 10:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/10/27 10:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/27 10:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/10/27 10:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/10/27 10:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/10/27 10:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/10/27 10:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/10/27 10:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/04/29 01:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/02 14:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- H:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/01 14:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2005/04/13 17:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- H:\Windows\System32\drivers\tap0801.sys -- (tap0801)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,DefaultNetProfile = 9667429
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA BB C6 79 2A 19 CE 01  [binary data]
IE - HKU\Lapilala_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lapilala_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: H:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120212-0402: H:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: H:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0: H:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2: H:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive: H:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: H:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/12/10 08:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/12/10 08:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/12/10 08:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 05:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/12/27 11:58:26 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Lapilala\AppData\Roaming\Mozilla\Extensions
[2013/05/08 13:05:25 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Lapilala\AppData\Roaming\Mozilla\Firefox\Profiles\onxh8qyq.default\extensions
[2013/05/06 08:01:04 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/12 05:21:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/12 05:21:44 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/12 05:21:44 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/06 08:01:04 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- H:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
() (No name found) -- H:\USERS\LAPILALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ONXH8QYQ.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
() (No name found) -- H:\USERS\LAPILALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ONXH8QYQ.DEFAULT\EXTENSIONS\MYTUBE@ASHISHMISHRA.IN.XPI
[2013/04/12 05:21:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/16 06:15:53 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/08 09:54:03 | 000,002,465 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/16 06:15:53 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/16 06:15:53 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/16 06:15:53 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/16 06:15:53 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/03/03 12:46:26 | 000,000,878 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - H:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - H:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - H:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] H:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] H:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [BCSSync]  File not found
O4:64bit: - HKLM..\Run: [Launch LCore] H:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] H:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] H:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Lapilala_ON_H..\Run: [ApplePhotoStreams]  File not found
O4 - HKU\Lapilala_ON_H..\Run: [DAEMON Tools Lite]  File not found
O4 - HKU\Lapilala_ON_H..\Run: [iCloudServices]  File not found
O4 - HKU\Lapilala_ON_H..\Run: [MicroUpdate] H:\Windows\MSDCSC\msdcsc.exe (Microsoft Corporation)
O4 - HKU\Lapilala_ON_H..\Run: [MobileDocuments]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin]  File not found
O4 - Startup: H:\Users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Lapilala_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - H:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - H:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - H:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\MSDCSC\msdcsc.exe) - H:\Windows\MSDCSC\msdcsc.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Lapilala_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Lapilala_ON_H Winlogon: Shell - (C:\Users\Lapilala\AppData\Roaming\skype.dat) - H:\Users\Lapilala\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\klogon: DllName - %SystemRoot%\System32\klogon.dll - H:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - H:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: EADM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - H:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: openvpn-gui - hkey= - key= - H:\Users\Lapilala\Desktop\USAIP\bin\openvpn-gui.exe ()
MsConfig:64bit - StartUpReg: Razer Mamba Elite Driver - hkey= - key= - H:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - H:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: vmware-tray - hkey= - key= - H:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
MsConfig:64bit - State: "bootini" - 2
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/19 06:15:34 | 000,000,000 | R--D | C] -- H:\Users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/05/15 17:06:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2013/05/15 17:06:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2013/05/15 17:06:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2013/05/15 17:06:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/05/15 17:06:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2013/05/15 17:06:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2013/05/15 17:06:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/05/15 17:06:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2013/05/15 17:06:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/05/15 17:06:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2013/05/15 17:06:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2013/05/15 17:06:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2013/05/15 17:06:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2013/05/15 17:06:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2013/05/15 17:06:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/05/15 17:06:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2013/05/15 17:06:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2013/05/15 17:03:30 | 000,265,064 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 17:03:30 | 000,144,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\cdd.dll
[2013/05/15 17:03:19 | 001,930,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\authui.dll
[2013/05/15 17:03:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shdocvw.dll
[2013/05/15 17:03:11 | 001,796,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\authui.dll
[2013/05/15 17:03:11 | 000,111,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\consent.exe
[2013/05/15 17:03:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wwanprotdim.dll
[2013/05/15 11:19:14 | 009,195,912 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/08 19:27:00 | 000,000,000 | ---D | C] -- H:\Users\Lapilala\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2013/05/07 18:22:23 | 000,000,000 | ---D | C] -- H:\Users\Lapilala\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2013/05/07 18:06:42 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/05/06 08:01:53 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/05/06 08:01:40 | 000,000,000 | ---D | C] -- H:\ProgramData\Hotspot Shield
[2013/05/06 08:01:04 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Hotspot Shield
[2013/05/06 08:00:59 | 000,000,000 | ---D | C] -- H:\Users\Lapilala\AppData\Roaming\Hotspot Shield
[2013/05/03 13:16:25 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013/04/24 15:28:08 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- H:\Windows\System32\drivers\taphss6.sys
[2013/04/24 15:18:34 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- H:\Windows\System32\drivers\hssdrv6.sys
[2013/04/23 11:39:29 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Skype
[4 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[4 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/20 10:36:57 | 000,000,004 | ---- | M] () -- H:\Users\Lapilala\AppData\Roaming\skype.ini
[2013/05/20 10:36:12 | 000,000,266 | ---- | M] () -- H:\Windows\tasks\AutoKMS.job
[2013/05/20 10:36:07 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/05/20 10:35:35 | 2131,877,887 | -HS- | M] () -- H:\hiberfil.sys
[2013/05/19 06:20:47 | 000,020,480 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 06:20:47 | 000,020,480 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 06:19:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/19 06:15:34 | 000,000,035 | ---- | M] () -- H:\Users\Public\Documents\AtherosServiceConfig.ini
[2013/05/19 06:05:37 | 000,699,570 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/05/19 06:05:37 | 000,654,888 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/05/19 06:05:37 | 000,149,392 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/05/19 06:05:37 | 000,122,346 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/05/16 06:23:46 | 000,002,441 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/05/16 06:21:54 | 000,001,005 | ---- | M] () -- H:\Users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013/05/16 06:19:54 | 000,423,952 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/05/15 11:19:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 11:19:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/15 11:19:14 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/07 18:13:37 | 000,001,106 | ---- | M] () -- H:\Users\Public\Desktop\Aufstieg des Hexenkönigs™.lnk
[2013/05/07 18:13:00 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/05/07 18:10:07 | 000,000,000 | R--D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/07 18:07:38 | 000,001,132 | ---- | M] () -- H:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
[2013/05/06 19:04:03 | 000,000,553 | ---- | M] () -- H:\Users\Public\Desktop\Left 4 Dead 2.lnk
[2013/05/06 12:30:00 | 000,778,048 | ---- | M] () -- H:\Users\Lapilala\Desktop\blobby.rar
[2013/05/06 08:02:30 | 000,001,148 | ---- | M] () -- H:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/05/06 08:01:53 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/05/03 13:16:25 | 000,000,987 | ---- | M] () -- H:\Users\Public\Desktop\Blender.lnk
[2013/05/03 13:16:25 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013/04/30 08:43:24 | 000,001,102 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/04/30 08:43:24 | 000,001,090 | ---- | M] () -- H:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- H:\Windows\System32\drivers\taphss6.sys
[2013/04/24 15:18:34 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- H:\Windows\System32\drivers\hssdrv6.sys
[2013/04/22 07:01:23 | 000,000,619 | ---- | M] () -- H:\Users\Public\Desktop\Age of Empire 2 HD Edition.lnk
[2013/04/22 07:01:23 | 000,000,619 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empire 2 HD Edition.lnk
[4 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[4 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/16 07:18:10 | 000,000,004 | ---- | C] () -- H:\Users\Lapilala\AppData\Roaming\skype.ini
[2013/05/16 06:21:54 | 000,001,005 | ---- | C] () -- H:\Users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013/05/07 18:13:37 | 000,001,106 | ---- | C] () -- H:\Users\Public\Desktop\Aufstieg des Hexenkönigs™.lnk
[2013/05/07 18:07:38 | 000,001,132 | ---- | C] () -- H:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
[2013/05/06 19:04:02 | 000,000,553 | ---- | C] () -- H:\Users\Public\Desktop\Left 4 Dead 2.lnk
[2013/05/06 12:29:59 | 000,778,048 | ---- | C] () -- H:\Users\Lapilala\Desktop\blobby.rar
[2013/05/06 08:02:30 | 000,001,148 | ---- | C] () -- H:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/05/03 13:16:25 | 000,000,987 | ---- | C] () -- H:\Users\Public\Desktop\Blender.lnk
[2013/04/22 07:01:23 | 000,000,619 | ---- | C] () -- H:\Users\Public\Desktop\Age of Empire 2 HD Edition.lnk
[2013/04/22 07:01:23 | 000,000,619 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empire 2 HD Edition.lnk
[2012/12/24 16:13:39 | 000,000,000 | ---- | C] () -- H:\Windows\BRPARAM.INI
[2012/12/24 16:11:25 | 000,045,056 | ---- | C] () -- H:\Windows\SysWow64\BRTCPCON.DLL
[2012/12/24 16:11:25 | 000,000,114 | ---- | C] () -- H:\Windows\SysWow64\BRLMW03A.INI
[2012/12/24 16:08:04 | 000,000,060 | R--- | C] () -- H:\Program Files (x86)\BRINST.INI
[2012/11/15 13:17:54 | 000,204,952 | ---- | C] () -- H:\Windows\SysWow64\ativvsvl.dat
[2012/11/15 13:17:54 | 000,157,144 | ---- | C] () -- H:\Windows\SysWow64\ativvsva.dat
[2012/10/07 07:11:19 | 000,000,659 | ---- | C] () -- H:\Users\Lapilala\AppData\Roaming\MPQEditor.ini
[2012/09/27 11:07:50 | 000,000,000 | ---- | C] () -- H:\Windows\SysWow64\cd.dat
[2012/08/22 00:16:24 | 000,429,416 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2012/06/19 10:38:46 | 000,168,864 | ---- | C] () -- H:\Program Files\Common Files\WireHelpSvc.exe
[2012/06/11 12:06:52 | 001,598,712 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/10 09:19:52 | 000,000,320 | ---- | C] () -- H:\Windows\WPE PRO - modified.INI
[2012/05/30 06:39:01 | 000,077,824 | ---- | C] () -- H:\Windows\KMService.exe
[2012/05/30 06:39:01 | 000,008,192 | ---- | C] () -- H:\Windows\SysWow64\srvany.exe
[2012/05/29 03:40:16 | 000,017,408 | ---- | C] () -- H:\Users\Lapilala\AppData\Local\WebpageIcons.db
[2012/05/02 08:58:10 | 000,029,184 | ---- | C] () -- H:\Windows\SysWow64\kdbsdk32.dll
[2012/04/22 07:20:26 | 000,281,520 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2012/04/22 07:20:25 | 000,076,888 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2012/01/11 08:31:03 | 000,074,752 | ---- | C] () -- H:\Users\Lapilala\AppData\Roaming\skype.dat
[2011/12/30 06:36:37 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2011/12/27 12:02:54 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2011/12/27 11:36:01 | 000,001,769 | ---- | C] () -- H:\Windows\Language_trs.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2007/04/27 05:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2013/03/23 04:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/21 02:18:45 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/06/19 09:15:41 | 000,000,000 | ---D | M] -- H:\ProgramData\Battle.net
[2012/05/01 15:34:20 | 000,000,000 | ---D | M] -- H:\ProgramData\ClubSanDisk
[2012/02/10 13:24:23 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2012/04/22 06:45:19 | 000,000,000 | ---D | M] -- H:\ProgramData\EA Core
[2012/04/22 10:50:41 | 000,000,000 | ---D | M] -- H:\ProgramData\EA Logs
[2012/04/22 07:57:12 | 000,000,000 | ---D | M] -- H:\ProgramData\Electronic Arts
[2012/06/19 10:38:37 | 000,000,000 | ---D | M] -- H:\ProgramData\ESL Wire
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2013/05/06 08:31:42 | 000,000,000 | ---D | M] -- H:\ProgramData\Hotspot Shield
[2012/08/20 19:41:24 | 000,000,000 | ---D | M] -- H:\ProgramData\id Software
[2013/02/03 09:59:12 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/30 09:16:10 | 000,000,000 | ---D | M] -- H:\ProgramData\Origin
[2012/09/30 14:56:35 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/06/23 12:51:34 | 000,000,000 | ---D | M] -- H:\ProgramData\PMS
[2012/02/10 05:40:06 | 000,000,000 | ---D | M] -- H:\ProgramData\PopCap Games
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2013/04/22 07:03:26 | 000,000,000 | ---D | M] -- H:\ProgramData\Steam
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/12/28 18:25:20 | 000,000,000 | ---D | M] -- H:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/05/20 10:36:12 | 000,000,266 | ---- | M] () -- H:\Windows\Tasks\AutoKMS.job
[2013/05/14 03:22:00 | 000,032,640 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/27 10:42:31 | 000,000,000 | -HSD | M] -- H:\$Recycle.Bin
[2013/01/21 02:07:27 | 000,000,000 | ---D | M] -- H:\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\Documents and Settings
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\Dokumente und Einstellungen
[2011/12/27 11:36:02 | 000,000,000 | ---D | M] -- H:\Intel
[2012/05/30 07:02:14 | 000,000,000 | RH-D | M] -- H:\MSOCache
[2012/09/26 09:46:10 | 000,000,000 | ---D | M] -- H:\NVIDIA
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- H:\PerfLogs
[2013/03/23 04:59:47 | 000,000,000 | R--D | M] -- H:\Program Files
[2013/05/06 08:01:04 | 000,000,000 | R--D | M] -- H:\Program Files (x86)
[2013/05/06 08:01:40 | 000,000,000 | -H-D | M] -- H:\ProgramData
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\Programme
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\Recovery
[2013/05/15 17:05:30 | 000,000,000 | -HSD | M] -- H:\System Volume Information
[2012/09/26 09:48:26 | 000,000,000 | ---D | M] -- H:\temp
[2012/09/27 11:35:16 | 000,000,000 | R--D | M] -- H:\Users
[2013/05/16 07:24:12 | 000,000,000 | ---D | M] -- H:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011/04/26 06:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- H:\Windows\System32\drivers\iaStor.sys
[2011/04/26 06:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- H:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- H:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- H:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- H:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- H:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- H:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- H:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- H:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- H:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 H:\Windows\system32\*.tmp files -> H:\Windows\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Hoffe du kannst was damit anfangen, und danke nochmal für die Hilfe bis hier hin :daumenhoc

markusg 20.05.2013 20:08
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O20 - HKU\Lapilala_ON_H Winlogon: Shell - (C:\Users\Lapilala\AppData\Roaming\skype.dat) - H:\Users\Lapilala\AppData\Roaming\skype.dat ()
[2013/05/20 10:36:57 | 000,000,004 | ---- | M] () -- H:\Users\Lapilala\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, stelle den Modus im Bios wieder um.
windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Lapilala 20.05.2013 20:41
Hat soweit alles geklappt und komme wieder in mein System rein.
Leider hat Windows nicht automatisch neugestartet und entsprechend auch keine otl.exe geöffnet.

Dafür hat sich eine txt File direkt nach dem Fix geöffnet. Ich poste sie hier mal:

Code:
========== OTL ==========
Registry value HKEY_USERS\Lapilala_ON_H\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Lapilala\AppData\Roaming\skype.dat deleted successfully.
H:\Users\Lapilala\AppData\Roaming\skype.dat moved successfully.
H:\Users\Lapilala\AppData\Roaming\skype.ini moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Lapilala
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Lapilala
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 7001600 bytes
%systemroot%\System32 (64bit) .tmp files removed: 8556032 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39022282 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
 
Total Files Cleaned = 52.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05212013_042437
Den Ordner mit moved Files habe ich entsprechend gepackt und erflogreich hochgeladen :)

markusg 20.05.2013 20:45
Hi
ist ja das richtige Log, also, alles schick.
Wenn du nicht manuell neugestartet hast, mach das mal, du solltest wieder in deinen Account kommen.
Wenn dem so ist:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Lapilala 20.05.2013 21:12
Ereldigt :)

Code:
05:08:03.0014 6392  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
05:08:03.0178 6392  ============================================================
05:08:03.0178 6392  Current date / time: 2013/05/21 05:08:03.0178
05:08:03.0178 6392  SystemInfo:
05:08:03.0178 6392 
05:08:03.0178 6392  OS Version: 6.1.7601 ServicePack: 1.0
05:08:03.0178 6392  Product type: Workstation
05:08:03.0179 6392  ComputerName: LAPILALA-PC
05:08:03.0179 6392  UserName: Lapilala
05:08:03.0179 6392  Windows directory: C:\Windows
05:08:03.0179 6392  System windows directory: C:\Windows
05:08:03.0179 6392  Running under WOW64
05:08:03.0179 6392  Processor architecture: Intel x64
05:08:03.0179 6392  Number of processors: 4
05:08:03.0179 6392  Page size: 0x1000
05:08:03.0179 6392  Boot type: Normal boot
05:08:03.0179 6392  ============================================================
05:08:09.0205 6392  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
05:08:09.0222 6392  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:08:09.0226 6392  ============================================================
05:08:09.0226 6392  \Device\Harddisk0\DR0:
05:08:09.0230 6392  MBR partitions:
05:08:09.0230 6392  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:08:09.0230 6392  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x26DE800
05:08:09.0240 6392  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1AAAF00B
05:08:09.0240 6392  \Device\Harddisk1\DR1:
05:08:09.0240 6392  MBR partitions:
05:08:09.0240 6392  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:08:09.0240 6392  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
05:08:09.0240 6392  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x683B5800
05:08:09.0240 6392  ============================================================
05:08:09.0249 6392  C: <-> \Device\Harddisk1\DR1\Partition2
05:08:09.0265 6392  E: <-> \Device\Harddisk0\DR0\Partition3
05:08:09.0302 6392  F: <-> \Device\Harddisk1\DR1\Partition3
05:08:09.0331 6392  G: <-> \Device\Harddisk0\DR0\Partition2
05:08:09.0360 6392  H: <-> \Device\Harddisk1\DR1\Partition1
05:08:09.0360 6392  ============================================================
05:08:09.0360 6392  Initialize success
05:08:09.0360 6392  ============================================================
05:08:40.0174 6408  ============================================================
05:08:40.0174 6408  Scan started
05:08:40.0174 6408  Mode: Manual; SigCheck; TDLFS;
05:08:40.0174 6408  ============================================================
05:08:40.0579 6408  ================ Scan system memory ========================
05:08:40.0579 6408  System memory - ok
05:08:40.0579 6408  ================ Scan services =============================
05:08:40.0696 6408  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
05:08:40.0743 6408  1394ohci - ok
05:08:40.0776 6408  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
05:08:40.0788 6408  ACPI - ok
05:08:40.0831 6408  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
05:08:40.0914 6408  AcpiPmi - ok
05:08:41.0054 6408  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
05:08:41.0063 6408  AdobeARMservice - ok
05:08:41.0259 6408  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
05:08:41.0267 6408  AdobeFlashPlayerUpdateSvc - ok
05:08:41.0287 6408  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
05:08:41.0301 6408  adp94xx - ok
05:08:41.0319 6408  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
05:08:41.0330 6408  adpahci - ok
05:08:41.0339 6408  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
05:08:41.0349 6408  adpu320 - ok
05:08:41.0374 6408  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
05:08:41.0463 6408  AeLookupSvc - ok
05:08:41.0654 6408  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
05:08:41.0721 6408  AFD - ok
05:08:41.0728 6408  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
05:08:41.0737 6408  agp440 - ok
05:08:41.0750 6408  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
05:08:41.0791 6408  ALG - ok
05:08:41.0802 6408  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
05:08:41.0810 6408  aliide - ok
05:08:41.0862 6408  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
05:08:41.0937 6408  AMD External Events Utility - ok
05:08:41.0965 6408  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
05:08:41.0973 6408  amdide - ok
05:08:41.0987 6408  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
05:08:42.0014 6408  AmdK8 - ok
05:08:42.0560 6408  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
05:08:42.0803 6408  amdkmdag - ok
05:08:42.0835 6408  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
05:08:42.0878 6408  amdkmdap - ok
05:08:42.0881 6408  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
05:08:42.0890 6408  AmdPPM - ok
05:08:42.0929 6408  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
05:08:42.0939 6408  amdsata - ok
05:08:42.0969 6408  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
05:08:42.0978 6408  amdsbs - ok
05:08:42.0997 6408  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
05:08:43.0005 6408  amdxata - ok
05:08:43.0044 6408  [ 363571BC0C79E394E69300D1F2E3DDAE ] androidusb      C:\Windows\system32\Drivers\androidusb.sys
05:08:43.0078 6408  androidusb - ok
05:08:43.0120 6408  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
05:08:44.0512 6408  AppID - ok
05:08:44.0535 6408  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
05:08:44.0559 6408  AppIDSvc - ok
05:08:44.0751 6408  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo        C:\Windows\System32\appinfo.dll
05:08:44.0805 6408  Appinfo - ok
05:08:44.0909 6408  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
05:08:44.0916 6408  Apple Mobile Device - ok
05:08:44.0948 6408  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\Windows\System32\appmgmts.dll
05:08:45.0040 6408  AppMgmt - ok
05:08:45.0043 6408  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
05:08:45.0051 6408  arc - ok
05:08:45.0058 6408  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
05:08:45.0066 6408  arcsas - ok
05:08:45.0175 6408  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
05:08:45.0183 6408  aspnet_state - ok
05:08:45.0214 6408  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
05:08:45.0260 6408  AsyncMac - ok
05:08:45.0282 6408  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
05:08:45.0289 6408  atapi - ok
05:08:45.0322 6408  [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort      C:\Windows\system32\DRIVERS\btath_flt.sys
05:08:45.0327 6408  AthBTPort - ok
05:08:45.0358 6408  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
05:08:45.0369 6408  ATHDFU - ok
05:08:45.0387 6408  [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
05:08:45.0411 6408  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
05:08:45.0411 6408  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
05:08:45.0439 6408  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
05:08:45.0485 6408  AtiHDAudioService - ok
05:08:45.0522 6408  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:08:45.0584 6408  AudioEndpointBuilder - ok
05:08:45.0593 6408  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
05:08:45.0620 6408  AudioSrv - ok
05:08:45.0697 6408  [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP            C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
05:08:45.0705 6408  AVP - ok
05:08:45.0739 6408  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
05:08:45.0823 6408  AxInstSV - ok
05:08:45.0840 6408  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
05:08:45.0886 6408  b06bdrv - ok
05:08:45.0946 6408  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
05:08:45.0973 6408  b57nd60a - ok
05:08:46.0011 6408  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
05:08:46.0032 6408  BDESVC - ok
05:08:46.0040 6408  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
05:08:46.0075 6408  Beep - ok
05:08:46.0148 6408  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
05:08:46.0178 6408  BFE - ok
05:08:46.0200 6408  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
05:08:46.0244 6408  BITS - ok
05:08:46.0283 6408  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
05:08:46.0312 6408  blbdrive - ok
05:08:46.0415 6408  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
05:08:46.0424 6408  Bonjour Service - ok
05:08:46.0466 6408  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
05:08:46.0481 6408  bowser - ok
05:08:46.0484 6408  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:08:46.0531 6408  BrFiltLo - ok
05:08:46.0538 6408  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:08:46.0548 6408  BrFiltUp - ok
05:08:46.0575 6408  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
05:08:46.0587 6408  Browser - ok
05:08:46.0592 6408  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
05:08:46.0647 6408  Brserid - ok
05:08:46.0650 6408  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
05:08:46.0676 6408  BrSerWdm - ok
05:08:46.0680 6408  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
05:08:46.0736 6408  BrUsbMdm - ok
05:08:46.0740 6408  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
05:08:46.0748 6408  BrUsbSer - ok
05:08:46.0798 6408  [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
05:08:46.0807 6408  BTATH_A2DP - ok
05:08:46.0839 6408  [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS      C:\Windows\system32\DRIVERS\btath_bus.sys
05:08:46.0844 6408  BTATH_BUS - ok
05:08:46.0857 6408  [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
05:08:46.0864 6408  BTATH_HCRP - ok
05:08:46.0871 6408  [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT    C:\Windows\system32\DRIVERS\btath_lwflt.sys
05:08:46.0877 6408  BTATH_LWFLT - ok
05:08:46.0899 6408  [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP      C:\Windows\system32\DRIVERS\btath_rcp.sys
05:08:46.0905 6408  BTATH_RCP - ok
05:08:46.0947 6408  [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
05:08:46.0955 6408  BtFilter - ok
05:08:46.0997 6408  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
05:08:47.0058 6408  BthEnum - ok
05:08:47.0061 6408  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
05:08:47.0081 6408  BTHMODEM - ok
05:08:47.0101 6408  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
05:08:47.0121 6408  BthPan - ok
05:08:47.0154 6408  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
05:08:47.0195 6408  BTHPORT - ok
05:08:47.0240 6408  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
05:08:47.0279 6408  bthserv - ok
05:08:47.0316 6408  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
05:08:47.0335 6408  BTHUSB - ok
05:08:47.0338 6408  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
05:08:47.0363 6408  cdfs - ok
05:08:47.0431 6408  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
05:08:47.0442 6408  cdrom - ok
05:08:47.0480 6408  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
05:08:47.0503 6408  CertPropSvc - ok
05:08:47.0506 6408  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
05:08:47.0636 6408  circlass - ok
05:08:47.0673 6408  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
05:08:47.0685 6408  CLFS - ok
05:08:47.0728 6408  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:08:47.0735 6408  clr_optimization_v2.0.50727_32 - ok
05:08:47.0765 6408  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:08:47.0774 6408  clr_optimization_v2.0.50727_64 - ok
05:08:47.0824 6408  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:08:47.0832 6408  clr_optimization_v4.0.30319_32 - ok
05:08:47.0842 6408  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:08:47.0849 6408  clr_optimization_v4.0.30319_64 - ok
05:08:47.0853 6408  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
05:08:47.0871 6408  CmBatt - ok
05:08:47.0902 6408  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
05:08:47.0910 6408  cmdide - ok
05:08:47.0964 6408  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
05:08:47.0986 6408  CNG - ok
05:08:48.0000 6408  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
05:08:48.0007 6408  Compbatt - ok
05:08:48.0045 6408  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
05:08:48.0068 6408  CompositeBus - ok
05:08:48.0075 6408  COMSysApp - ok
05:08:48.0106 6408  cpuz135 - ok
05:08:48.0110 6408  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
05:08:48.0117 6408  crcdisk - ok
05:08:48.0164 6408  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
05:08:48.0191 6408  CryptSvc - ok
05:08:48.0232 6408  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC            C:\Windows\system32\drivers\csc.sys
05:08:48.0289 6408  CSC - ok
05:08:48.0330 6408  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
05:08:48.0362 6408  CscService - ok
05:08:48.0387 6408  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
05:08:48.0425 6408  DcomLaunch - ok
05:08:48.0464 6408  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
05:08:48.0493 6408  defragsvc - ok
05:08:48.0538 6408  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
05:08:48.0582 6408  DfsC - ok
05:08:48.0615 6408  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
05:08:48.0638 6408  Dhcp - ok
05:08:48.0655 6408  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
05:08:48.0692 6408  discache - ok
05:08:48.0753 6408  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
05:08:48.0761 6408  Disk - ok
05:08:48.0804 6408  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
05:08:48.0838 6408  Dnscache - ok
05:08:48.0868 6408  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
05:08:48.0893 6408  dot3svc - ok
05:08:48.0944 6408  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
05:08:48.0969 6408  DPS - ok
05:08:49.0004 6408  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
05:08:49.0030 6408  drmkaud - ok
05:08:49.0067 6408  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
05:08:49.0075 6408  dtsoftbus01 - ok
05:08:49.0104 6408  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
05:08:49.0121 6408  DXGKrnl - ok
05:08:49.0157 6408  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
05:08:49.0183 6408  EapHost - ok
05:08:49.0258 6408  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
05:08:49.0338 6408  ebdrv - ok
05:08:49.0387 6408  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
05:08:49.0405 6408  EFS - ok
05:08:49.0447 6408  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
05:08:49.0499 6408  ehRecvr - ok
05:08:49.0513 6408  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
05:08:49.0550 6408  ehSched - ok
05:08:49.0563 6408  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
05:08:49.0577 6408  elxstor - ok
05:08:49.0602 6408  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
05:08:49.0624 6408  ErrDev - ok
05:08:49.0691 6408  [ ABC24F129C616E5DEE5CE58683606C84 ] ESLWireAC      C:\Windows\system32\drivers\ESLWireACD.sys
05:08:49.0699 6408  ESLWireAC - ok
05:08:49.0713 6408  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
05:08:49.0741 6408  EventSystem - ok
05:08:49.0770 6408  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
05:08:49.0796 6408  exfat - ok
05:08:49.0811 6408  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
05:08:49.0852 6408  fastfat - ok
05:08:49.0889 6408  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
05:08:49.0931 6408  Fax - ok
05:08:49.0934 6408  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
05:08:49.0942 6408  fdc - ok
05:08:49.0950 6408  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
05:08:49.0987 6408  fdPHost - ok
05:08:50.0005 6408  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
05:08:50.0030 6408  FDResPub - ok
05:08:50.0041 6408  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
05:08:50.0049 6408  FileInfo - ok
05:08:50.0056 6408  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
05:08:50.0119 6408  Filetrace - ok
05:08:50.0122 6408  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
05:08:50.0130 6408  flpydisk - ok
05:08:50.0163 6408  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
05:08:50.0173 6408  FltMgr - ok
05:08:50.0204 6408  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
05:08:50.0269 6408  FontCache - ok
05:08:50.0323 6408  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:08:50.0330 6408  FontCache3.0.0.0 - ok
05:08:50.0343 6408  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
05:08:50.0351 6408  FsDepends - ok
05:08:50.0376 6408  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
05:08:50.0383 6408  Fs_Rec - ok
05:08:50.0449 6408  [ C5A4A998EEA6297A235169CCD1F2D93F ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
05:08:50.0459 6408  Futuremark SystemInfo Service - ok
05:08:50.0495 6408  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
05:08:50.0507 6408  fvevol - ok
05:08:50.0510 6408  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
05:08:50.0517 6408  gagp30kx - ok
05:08:50.0553 6408  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
05:08:50.0558 6408  GEARAspiWDM - ok
05:08:50.0598 6408  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
05:08:50.0640 6408  gpsvc - ok
05:08:50.0712 6408  [ ADB4348DA1345877B04E22203AFC8993 ] hcmon          C:\Windows\system32\drivers\hcmon.sys
05:08:50.0719 6408  hcmon - ok
05:08:50.0726 6408  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
05:08:50.0740 6408  hcw85cir - ok
05:08:50.0791 6408  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:08:50.0804 6408  HdAudAddService - ok
05:08:50.0813 6408  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
05:08:50.0838 6408  HDAudBus - ok
05:08:50.0840 6408  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
05:08:50.0875 6408  HidBatt - ok
05:08:50.0889 6408  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
05:08:50.0900 6408  HidBth - ok
05:08:50.0917 6408  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
05:08:50.0937 6408  HidIr - ok
05:08:50.0966 6408  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
05:08:51.0009 6408  hidserv - ok
05:08:51.0209 6408  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
05:08:51.0218 6408  HidUsb - ok
05:08:51.0241 6408  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
05:08:51.0282 6408  hkmsvc - ok
05:08:51.0310 6408  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:08:51.0355 6408  HomeGroupListener - ok
05:08:51.0392 6408  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:08:51.0424 6408  HomeGroupProvider - ok
05:08:51.0446 6408  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
05:08:51.0454 6408  HpSAMD - ok
05:08:51.0551 6408  [ 8B4D1FDD3F31F2DD39B3C658A22208EE ] hshld          C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
05:08:51.0562 6408  hshld - ok
05:08:51.0596 6408  [ A57FF4C6A3CC4AA2F0C0E15E29259A8B ] HssDRV6        C:\Windows\system32\DRIVERS\hssdrv6.sys
05:08:51.0603 6408  HssDRV6 - ok
05:08:51.0623 6408  [ FDA5E88BE1333B69BED57AADAA16991F ] HssSrv          C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
05:08:51.0633 6408  HssSrv - ok
05:08:51.0673 6408  [ F74A9985264504E905B696CFEADCBAC4 ] HssTrayService  C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
05:08:51.0680 6408  HssTrayService - ok
05:08:51.0732 6408  [ EDFE7B17B537397DF184E8D7AD55378B ] HssWd          C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
05:08:51.0742 6408  HssWd - ok
05:08:51.0774 6408  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
05:08:51.0815 6408  HTTP - ok
05:08:51.0877 6408  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
05:08:51.0885 6408  hwpolicy - ok
05:08:51.0920 6408  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
05:08:51.0930 6408  i8042prt - ok
05:08:51.0954 6408  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
05:08:51.0965 6408  iaStor - ok
05:08:52.0015 6408  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
05:08:52.0020 6408  IAStorDataMgrSvc - ok
05:08:52.0041 6408  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
05:08:52.0053 6408  iaStorV - ok
05:08:52.0081 6408  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:08:52.0098 6408  idsvc - ok
05:08:52.0120 6408  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
05:08:52.0127 6408  iirsp - ok
05:08:52.0147 6408  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
05:08:52.0179 6408  IKEEXT - ok
05:08:52.0297 6408  [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
05:08:52.0329 6408  IntcAzAudAddService - ok
05:08:52.0374 6408  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
05:08:52.0383 6408  intelide - ok
05:08:52.0398 6408  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
05:08:52.0420 6408  intelppm - ok
05:08:52.0452 6408  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
05:08:52.0496 6408  IPBusEnum - ok
05:08:52.0531 6408  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:08:52.0564 6408  IpFilterDriver - ok
05:08:52.0606 6408  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
05:08:52.0630 6408  iphlpsvc - ok
05:08:52.0641 6408  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
05:08:52.0651 6408  IPMIDRV - ok
05:08:52.0675 6408  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
05:08:52.0713 6408  IPNAT - ok
05:08:52.0772 6408  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
05:08:52.0786 6408  iPod Service - ok
05:08:52.0799 6408  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
05:08:52.0825 6408  IRENUM - ok
05:08:52.0844 6408  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
05:08:52.0851 6408  isapnp - ok
05:08:52.0867 6408  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
05:08:52.0878 6408  iScsiPrt - ok
05:08:52.0889 6408  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
05:08:52.0896 6408  kbdclass - ok
05:08:52.0929 6408  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
05:08:52.0938 6408  kbdhid - ok
05:08:52.0966 6408  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
05:08:52.0975 6408  KeyIso - ok
05:08:53.0027 6408  [ E656FE10D6D27794AFA08136685A69E8 ] KL1            C:\Windows\system32\DRIVERS\kl1.sys
05:08:53.0040 6408  KL1 - ok
05:08:53.0052 6408  [ D865DD8B0448E3F963D68C04C532858F ] kl2            C:\Windows\system32\DRIVERS\kl2.sys
05:08:53.0057 6408  kl2 - ok
05:08:53.0129 6408  [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
05:08:53.0142 6408  KLIF - ok
05:08:53.0148 6408  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6          C:\Windows\system32\DRIVERS\klim6.sys
05:08:53.0154 6408  KLIM6 - ok
05:08:53.0187 6408  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
05:08:53.0193 6408  klmouflt - ok
05:08:53.0196 6408  KMService - ok
05:08:53.0243 6408  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
05:08:53.0250 6408  KSecDD - ok
05:08:53.0280 6408  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
05:08:53.0295 6408  KSecPkg - ok
05:08:53.0310 6408  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
05:08:53.0341 6408  ksthunk - ok
05:08:53.0382 6408  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
05:08:53.0433 6408  KtmRm - ok
05:08:53.0471 6408  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
05:08:53.0510 6408  LanmanServer - ok
05:08:53.0669 6408  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:08:53.0714 6408  LanmanWorkstation - ok
05:08:53.0741 6408  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum      C:\Windows\system32\drivers\LGBusEnum.sys
05:08:53.0747 6408  LGBusEnum - ok
05:08:53.0775 6408  [ F705A641C18DF31B48B5DBDA94B425E4 ] LGPBTDD        C:\Windows\system32\Drivers\LGPBTDD.sys
05:08:53.0782 6408  LGPBTDD - ok
05:08:53.0814 6408  [ 14179E7B64F8A17AEA464D4E2D271FAA ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
05:08:53.0821 6408  LGSHidFilt - ok
05:08:53.0834 6408  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
05:08:53.0839 6408  LGVirHid - ok
05:08:53.0869 6408  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
05:08:53.0907 6408  lltdio - ok
05:08:53.0939 6408  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
05:08:53.0975 6408  lltdsvc - ok
05:08:53.0995 6408  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
05:08:54.0019 6408  lmhosts - ok
05:08:54.0054 6408  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
05:08:54.0063 6408  LSI_FC - ok
05:08:54.0066 6408  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
05:08:54.0075 6408  LSI_SAS - ok
05:08:54.0081 6408  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:08:54.0090 6408  LSI_SAS2 - ok
05:08:54.0094 6408  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:08:54.0103 6408  LSI_SCSI - ok
05:08:54.0116 6408  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
05:08:54.0156 6408  luafv - ok
05:08:54.0184 6408  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
05:08:54.0203 6408  Mcx2Svc - ok
05:08:54.0223 6408  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
05:08:54.0230 6408  megasas - ok
05:08:54.0242 6408  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
05:08:54.0253 6408  MegaSR - ok
05:08:54.0269 6408  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
05:08:54.0275 6408  MEIx64 - ok
05:08:54.0353 6408  Microsoft SharePoint Workspace Audit Service - ok
05:08:54.0377 6408  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
05:08:54.0530 6408  MMCSS - ok
05:08:54.0533 6408  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
05:08:54.0588 6408  Modem - ok
05:08:54.0643 6408  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
05:08:54.0664 6408  monitor - ok
05:08:54.0681 6408  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
05:08:54.0689 6408  mouclass - ok
05:08:54.0718 6408  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
05:08:54.0727 6408  mouhid - ok
05:08:54.0756 6408  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
05:08:54.0764 6408  mountmgr - ok
05:08:54.0859 6408  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
05:08:54.0873 6408  MozillaMaintenance - ok
05:08:54.0914 6408  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
05:08:54.0923 6408  mpio - ok
05:08:54.0937 6408  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
05:08:54.0990 6408  mpsdrv - ok
05:08:55.0029 6408  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
05:08:55.0061 6408  MpsSvc - ok
05:08:55.0098 6408  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
05:08:55.0111 6408  MRxDAV - ok
05:08:55.0145 6408  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
05:08:55.0174 6408  mrxsmb - ok
05:08:55.0192 6408  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:08:55.0223 6408  mrxsmb10 - ok
05:08:55.0251 6408  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:08:55.0268 6408  mrxsmb20 - ok
05:08:55.0295 6408  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
05:08:55.0302 6408  msahci - ok
05:08:55.0337 6408  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
05:08:55.0345 6408  msdsm - ok
05:08:55.0360 6408  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
05:08:55.0378 6408  MSDTC - ok
05:08:55.0382 6408  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
05:08:55.0405 6408  Msfs - ok
05:08:55.0510 6408  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
05:08:55.0546 6408  mshidkmdf - ok
05:08:55.0578 6408  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
05:08:55.0584 6408  msisadrv - ok
05:08:55.0611 6408  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
05:08:55.0636 6408  MSiSCSI - ok
05:08:55.0638 6408  msiserver - ok
05:08:55.0664 6408  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
05:08:55.0697 6408  MSKSSRV - ok
05:08:55.0699 6408  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
05:08:55.0746 6408  MSPCLOCK - ok
05:08:55.0780 6408  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
05:08:55.0814 6408  MSPQM - ok
05:08:55.0855 6408  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
05:08:55.0866 6408  MsRPC - ok
05:08:55.0878 6408  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
05:08:55.0885 6408  mssmbios - ok
05:08:55.0888 6408  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
05:08:55.0927 6408  MSTEE - ok
05:08:55.0930 6408  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
05:08:55.0938 6408  MTConfig - ok
05:08:55.0963 6408  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
05:08:55.0970 6408  Mup - ok
05:08:56.0005 6408  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
05:08:56.0032 6408  napagent - ok
05:08:56.0059 6408  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
05:08:56.0084 6408  NativeWifiP - ok
05:08:56.0136 6408  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
05:08:56.0156 6408  NDIS - ok
05:08:56.0159 6408  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
05:08:56.0183 6408  NdisCap - ok
05:08:56.0206 6408  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
05:08:56.0230 6408  NdisTapi - ok
05:08:56.0271 6408  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
05:08:56.0295 6408  Ndisuio - ok
05:08:56.0319 6408  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
05:08:56.0356 6408  NdisWan - ok
05:08:56.0380 6408  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
05:08:56.0417 6408  NDProxy - ok
05:08:56.0442 6408  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
05:08:56.0479 6408  NetBIOS - ok
05:08:56.0505 6408  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
05:08:56.0530 6408  NetBT - ok
05:08:56.0538 6408  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
05:08:56.0546 6408  Netlogon - ok
05:08:56.0587 6408  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
05:08:56.0626 6408  Netman - ok
05:08:56.0680 6408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
05:08:56.0688 6408  NetMsmqActivator - ok
05:08:56.0691 6408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
05:08:56.0697 6408  NetPipeActivator - ok
05:08:56.0703 6408  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
05:08:56.0745 6408  netprofm - ok
05:08:56.0749 6408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
05:08:56.0755 6408  NetTcpActivator - ok
05:08:56.0758 6408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
05:08:56.0764 6408  NetTcpPortSharing - ok
05:08:56.0799 6408  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
05:08:56.0807 6408  nfrd960 - ok
05:08:56.0822 6408  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
05:08:56.0853 6408  NlaSvc - ok
05:08:56.0871 6408  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
05:08:56.0895 6408  Npfs - ok
05:08:56.0903 6408  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
05:08:56.0936 6408  nsi - ok
05:08:56.0948 6408  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
05:08:56.0984 6408  nsiproxy - ok
05:08:57.0075 6408  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
05:08:57.0125 6408  Ntfs - ok
05:08:57.0139 6408  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
05:08:57.0162 6408  Null - ok
05:08:57.0209 6408  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
05:08:57.0224 6408  nusb3hub - ok
05:08:57.0252 6408  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
05:08:57.0280 6408  nusb3xhc - ok
05:08:57.0330 6408  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
05:08:57.0339 6408  NVHDA - ok
05:08:57.0352 6408  nvlddmkm - ok
05:08:57.0383 6408  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
05:08:57.0391 6408  nvraid - ok
05:08:57.0432 6408  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
05:08:57.0441 6408  nvstor - ok
05:08:57.0470 6408  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
05:08:57.0479 6408  nv_agp - ok
05:08:57.0503 6408  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
05:08:57.0512 6408  ohci1394 - ok
05:08:57.0605 6408  [ 34B98278B3C9F0F53088A360B63B0A97 ] OpenVPNService  F:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
05:08:57.0614 6408  OpenVPNService - ok
05:08:57.0661 6408  [ 4965B005492CBA7719E82B71E3245495 ] ose64          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:08:57.0669 6408  ose64 - ok
05:08:57.0801 6408  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
05:08:57.0906 6408  osppsvc - ok
05:08:57.0935 6408  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
05:08:57.0956 6408  p2pimsvc - ok
05:08:57.0983 6408  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
05:08:57.0996 6408  p2psvc - ok
05:08:58.0010 6408  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
05:08:58.0020 6408  Parport - ok
05:08:58.0048 6408  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
05:08:58.0057 6408  partmgr - ok
05:08:58.0070 6408  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
05:08:58.0098 6408  PcaSvc - ok
05:08:58.0124 6408  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
05:08:58.0132 6408  pci - ok
05:08:58.0142 6408  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
05:08:58.0149 6408  pciide - ok
05:08:58.0163 6408  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
05:08:58.0173 6408  pcmcia - ok
05:08:58.0182 6408  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
05:08:58.0189 6408  pcw - ok
05:08:58.0207 6408  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
05:08:58.0243 6408  PEAUTH - ok
05:08:58.0279 6408  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
05:08:58.0349 6408  PeerDistSvc - ok
05:08:58.0396 6408  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
05:08:58.0415 6408  PerfHost - ok
05:08:58.0509 6408  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
05:08:58.0568 6408  pla - ok
05:08:58.0617 6408  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
05:08:58.0638 6408  PlugPlay - ok
05:08:58.0668 6408  PnkBstrA - ok
05:08:58.0696 6408  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
05:08:58.0724 6408  PNRPAutoReg - ok
05:08:58.0784 6408  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
05:08:58.0795 6408  PNRPsvc - ok
05:08:58.0843 6408  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
05:08:58.0898 6408  PolicyAgent - ok
05:08:59.0046 6408  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
05:08:59.0088 6408  Power - ok
05:08:59.0179 6408  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
05:08:59.0222 6408  PptpMiniport - ok
05:08:59.0247 6408  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
05:08:59.0270 6408  Processor - ok
05:08:59.0303 6408  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
05:08:59.0345 6408  ProfSvc - ok
05:08:59.0351 6408  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:08:59.0358 6408  ProtectedStorage - ok
05:08:59.0387 6408  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
05:08:59.0427 6408  Psched - ok
05:08:59.0467 6408  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
05:08:59.0508 6408  ql2300 - ok
05:08:59.0522 6408  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
05:08:59.0531 6408  ql40xx - ok
05:08:59.0548 6408  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
05:08:59.0562 6408  QWAVE - ok
05:08:59.0571 6408  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
05:08:59.0603 6408  QWAVEdrv - ok
05:08:59.0617 6408  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
05:08:59.0641 6408  RasAcd - ok
05:08:59.0654 6408  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
05:08:59.0677 6408  RasAgileVpn - ok
05:08:59.0698 6408  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
05:08:59.0744 6408  RasAuto - ok
05:08:59.0768 6408  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
05:08:59.0810 6408  Rasl2tp - ok
05:08:59.0854 6408  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
05:08:59.0890 6408  RasMan - ok
05:08:59.0910 6408  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
05:08:59.0946 6408  RasPppoe - ok
05:08:59.0959 6408  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
05:08:59.0985 6408  RasSstp - ok
05:09:00.0027 6408  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
05:09:00.0068 6408  rdbss - ok
05:09:00.0085 6408  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
05:09:00.0096 6408  rdpbus - ok
05:09:00.0120 6408  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
05:09:00.0143 6408  RDPCDD - ok
05:09:00.0172 6408  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
05:09:00.0193 6408  RDPDR - ok
05:09:00.0205 6408  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
05:09:00.0248 6408  RDPENCDD - ok
05:09:00.0269 6408  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
05:09:00.0292 6408  RDPREFMP - ok
05:09:00.0339 6408  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
05:09:00.0373 6408  RdpVideoMiniport - ok
05:09:00.0401 6408  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
05:09:00.0421 6408  RDPWD - ok
05:09:00.0449 6408  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
05:09:00.0458 6408  rdyboost - ok
05:09:00.0476 6408  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
05:09:00.0517 6408  RemoteAccess - ok
05:09:00.0530 6408  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
05:09:00.0568 6408  RemoteRegistry - ok
05:09:00.0602 6408  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
05:09:00.0613 6408  RFCOMM - ok
05:09:00.0625 6408  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
05:09:00.0666 6408  RpcEptMapper - ok
05:09:00.0679 6408  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
05:09:00.0689 6408  RpcLocator - ok
05:09:00.0715 6408  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
05:09:00.0741 6408  RpcSs - ok
05:09:00.0753 6408  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
05:09:00.0778 6408  rspndr - ok
05:09:00.0859 6408  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
05:09:00.0869 6408  RTL8167 - ok
05:09:00.0914 6408  [ E60C0A09F997826C7627B244195AB581 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
05:09:00.0931 6408  s3cap - ok
05:09:00.0941 6408  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
05:09:00.0949 6408  SamSs - ok
05:09:00.0982 6408  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
05:09:00.0991 6408  sbp2port - ok
05:09:01.0003 6408  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
05:09:01.0048 6408  SCardSvr - ok
05:09:01.0075 6408  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
05:09:01.0132 6408  scfilter - ok
05:09:01.0221 6408  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
05:09:01.0270 6408  Schedule - ok
05:09:01.0298 6408  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
05:09:01.0321 6408  SCPolicySvc - ok
05:09:01.0328 6408  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
05:09:01.0342 6408  SDRSVC - ok
05:09:01.0384 6408  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
05:09:01.0430 6408  secdrv - ok
05:09:01.0446 6408  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
05:09:01.0471 6408  seclogon - ok
05:09:01.0503 6408  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
05:09:01.0542 6408  SENS - ok
05:09:01.0560 6408  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
05:09:01.0596 6408  SensrSvc - ok
05:09:01.0632 6408  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
05:09:01.0659 6408  Serenum - ok
05:09:01.0672 6408  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
05:09:01.0693 6408  Serial - ok
05:09:01.0791 6408  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
05:09:01.0802 6408  sermouse - ok
05:09:01.0854 6408  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
05:09:01.0914 6408  SessionEnv - ok
05:09:01.0948 6408  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
05:09:01.0986 6408  sffdisk - ok
05:09:02.0024 6408  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
05:09:02.0034 6408  sffp_mmc - ok
05:09:02.0080 6408  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
05:09:02.0128 6408  sffp_sd - ok
05:09:02.0181 6408  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
05:09:02.0190 6408  sfloppy - ok
05:09:02.0209 6408  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
05:09:02.0257 6408  SharedAccess - ok
05:09:02.0285 6408  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:09:02.0325 6408  ShellHWDetection - ok
05:09:02.0336 6408  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
05:09:02.0344 6408  SiSRaid2 - ok
05:09:02.0347 6408  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
05:09:02.0355 6408  SiSRaid4 - ok
05:09:02.0470 6408  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
05:09:02.0478 6408  SkypeUpdate - ok
05:09:02.0490 6408  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
05:09:02.0515 6408  Smb - ok
05:09:02.0618 6408  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
05:09:02.0678 6408  SNMPTRAP - ok
05:09:02.0725 6408  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
05:09:02.0732 6408  spldr - ok
05:09:02.0773 6408  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
05:09:02.0814 6408  Spooler - ok
05:09:02.0883 6408  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
05:09:02.0972 6408  sppsvc - ok
05:09:03.0004 6408  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
05:09:03.0051 6408  sppuinotify - ok
05:09:03.0082 6408  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
05:09:03.0132 6408  srv - ok
05:09:03.0175 6408  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
05:09:03.0195 6408  srv2 - ok
05:09:03.0226 6408  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
05:09:03.0259 6408  srvnet - ok
05:09:03.0291 6408  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
05:09:03.0340 6408  SSDPSRV - ok
05:09:03.0360 6408  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
05:09:03.0385 6408  SstpSvc - ok
05:09:03.0437 6408  Steam Client Service - ok
05:09:03.0456 6408  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
05:09:03.0463 6408  stexstor - ok
05:09:03.0501 6408  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
05:09:03.0532 6408  stisvc - ok
05:09:03.0552 6408  [ 7785DC213270D2FC066538DAF94087E7 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
05:09:03.0559 6408  storflt - ok
05:09:03.0572 6408  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
05:09:03.0580 6408  storvsc - ok
05:09:03.0608 6408  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
05:09:03.0615 6408  swenum - ok
05:09:03.0634 6408  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
05:09:03.0679 6408  swprv - ok
05:09:03.0711 6408  Synth3dVsc - ok
05:09:03.0785 6408  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
05:09:03.0848 6408  SysMain - ok
05:09:03.0880 6408  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:09:03.0893 6408  TabletInputService - ok
05:09:03.0926 6408  [ 8502BFC9C990567E4049358EC063D621 ] tap0801        C:\Windows\system32\DRIVERS\tap0801.sys
05:09:03.0941 6408  tap0801 ( UnsignedFile.Multi.Generic ) - warning
05:09:03.0941 6408  tap0801 - detected UnsignedFile.Multi.Generic (1)
05:09:03.0967 6408  [ 2C1686795B9307265F649249AD11D629 ] tap0901        C:\Windows\system32\DRIVERS\tap0901.sys
05:09:03.0974 6408  tap0901 - ok
05:09:04.0001 6408  [ B70DF208E97536CA9F29289E609F5B16 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
05:09:04.0009 6408  taphss - ok
05:09:04.0060 6408  [ 83C57F165F0216E5CE40D7E4E00DC76D ] taphss6        C:\Windows\system32\DRIVERS\taphss6.sys
05:09:04.0066 6408  taphss6 - ok
05:09:04.0081 6408  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
05:09:04.0121 6408  TapiSrv - ok
05:09:04.0143 6408  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
05:09:04.0176 6408  TBS - ok
05:09:04.0357 6408  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
05:09:04.0401 6408  Tcpip - ok
05:09:04.0447 6408  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
05:09:04.0473 6408  TCPIP6 - ok
05:09:04.0504 6408  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
05:09:04.0535 6408  tcpipreg - ok
05:09:04.0560 6408  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
05:09:04.0590 6408  TDPIPE - ok
05:09:04.0620 6408  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
05:09:04.0628 6408  TDTCP - ok
05:09:04.0650 6408  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
05:09:04.0673 6408  tdx - ok
05:09:04.0790 6408  [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
05:09:04.0830 6408  TeamViewer8 - ok
05:09:04.0877 6408  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
05:09:04.0884 6408  TermDD - ok
05:09:04.0901 6408  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
05:09:04.0940 6408  TermService - ok
05:09:04.0963 6408  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
05:09:04.0988 6408  Themes - ok
05:09:05.0008 6408  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
05:09:05.0031 6408  THREADORDER - ok
05:09:05.0039 6408  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
05:09:05.0065 6408  TrkWks - ok
05:09:05.0114 6408  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:09:05.0154 6408  TrustedInstaller - ok
05:09:05.0186 6408  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
05:09:05.0221 6408  tssecsrv - ok
05:09:05.0250 6408  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
05:09:05.0268 6408  TsUsbFlt - ok
05:09:05.0270 6408  tsusbhub - ok
05:09:05.0307 6408  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
05:09:05.0331 6408  tunnel - ok
05:09:05.0346 6408  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
05:09:05.0354 6408  uagp35 - ok
05:09:05.0366 6408  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
05:09:05.0400 6408  udfs - ok
05:09:05.0420 6408  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
05:09:05.0446 6408  UI0Detect - ok
05:09:05.0464 6408  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
05:09:05.0472 6408  uliagpkx - ok
05:09:05.0506 6408  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
05:09:05.0527 6408  umbus - ok
05:09:05.0537 6408  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
05:09:05.0545 6408  UmPass - ok
05:09:05.0562 6408  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
05:09:05.0580 6408  UmRdpService - ok
05:09:05.0603 6408  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
05:09:05.0631 6408  upnphost - ok
05:09:05.0671 6408  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
05:09:05.0674 6408  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
05:09:05.0674 6408  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
05:09:05.0686 6408  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
05:09:05.0707 6408  usbccgp - ok
05:09:05.0757 6408  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
05:09:05.0768 6408  usbcir - ok
05:09:05.0792 6408  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
05:09:05.0800 6408  usbehci - ok
05:09:05.0815 6408  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
05:09:05.0835 6408  usbhub - ok
05:09:05.0855 6408  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
05:09:05.0874 6408  usbohci - ok
05:09:05.0892 6408  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
05:09:05.0902 6408  usbprint - ok
05:09:05.0911 6408  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:09:05.0946 6408  USBSTOR - ok
05:09:05.0958 6408  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
05:09:05.0975 6408  usbuhci - ok
05:09:05.0991 6408  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
05:09:06.0028 6408  UxSms - ok
05:09:06.0045 6408  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
05:09:06.0052 6408  VaultSvc - ok
05:09:06.0064 6408  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
05:09:06.0071 6408  vdrvroot - ok
05:09:06.0086 6408  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
05:09:06.0115 6408  vds - ok
05:09:06.0118 6408  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
05:09:06.0128 6408  vga - ok
05:09:06.0140 6408  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
05:09:06.0183 6408  VgaSave - ok
05:09:06.0203 6408  VGPU - ok
05:09:06.0229 6408  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
05:09:06.0240 6408  vhdmp - ok
05:09:06.0252 6408  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
05:09:06.0259 6408  viaide - ok
05:09:06.0307 6408  [ 1562A089B46C821487AFF8D01EE5547E ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
05:09:06.0310 6408  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
05:09:06.0310 6408  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
05:09:06.0322 6408  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus          C:\Windows\system32\drivers\vmbus.sys
05:09:06.0331 6408  vmbus - ok
05:09:06.0340 6408  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
05:09:06.0357 6408  VMBusHID - ok
05:09:06.0406 6408  [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
05:09:06.0413 6408  vmci - ok
05:09:06.0435 6408  [ DE41918B7ABAE9056EB1E62540D229D3 ] vmkbd          C:\Windows\system32\drivers\VMkbd.sys
05:09:06.0441 6408  vmkbd - ok
05:09:06.0451 6408  [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
05:09:06.0457 6408  VMnetAdapter - ok
05:09:06.0466 6408  [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge    C:\Windows\system32\DRIVERS\vmnetbridge.sys
05:09:06.0472 6408  VMnetBridge - ok
05:09:06.0474 6408  VMnetDHCP - ok
05:09:06.0476 6408  [ 41F8BFC7A658FF4FA27AC10E9C5D14A7 ] VMnetuserif    C:\Windows\system32\drivers\vmnetuserif.sys
05:09:06.0482 6408  VMnetuserif - ok
05:09:06.0520 6408  [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
05:09:06.0536 6408  VMUSBArbService - ok
05:09:06.0553 6408  VMware NAT Service - ok
05:09:06.0705 6408  [ 09895634295862AE7087C08BBF17B346 ] VMwareHostd    C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
05:09:07.0203 6408  VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
05:09:07.0203 6408  VMwareHostd - detected UnsignedFile.Multi.Generic (1)
05:09:07.0245 6408  [ 61B270C2437EE87455864E4EEDD8867D ] vmx86          C:\Windows\system32\drivers\vmx86.sys
05:09:07.0250 6408  vmx86 - ok
05:09:07.0261 6408  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
05:09:07.0269 6408  volmgr - ok
05:09:07.0304 6408  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
05:09:07.0315 6408  volmgrx - ok
05:09:07.0332 6408  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
05:09:07.0342 6408  volsnap - ok
05:09:07.0382 6408  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
05:09:07.0392 6408  vsmraid - ok
05:09:07.0442 6408  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
05:09:07.0503 6408  VSS - ok
05:09:07.0539 6408  [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
05:09:07.0544 6408  vstor2-mntapi10-shared - ok
05:09:07.0550 6408  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
05:09:07.0576 6408  vwifibus - ok
05:09:07.0615 6408  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
05:09:07.0667 6408  W32Time - ok
05:09:07.0719 6408  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
05:09:07.0747 6408  WacomPen - ok
05:09:07.0786 6408  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
05:09:07.0824 6408  WANARP - ok
05:09:07.0843 6408  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
05:09:07.0865 6408  Wanarpv6 - ok
05:09:07.0935 6408  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
05:09:07.0977 6408  wbengine - ok
05:09:08.0015 6408  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
05:09:08.0030 6408  WbioSrvc - ok
05:09:08.0062 6408  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
05:09:08.0079 6408  wcncsvc - ok
05:09:08.0081 6408  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:09:08.0125 6408  WcsPlugInService - ok
05:09:08.0127 6408  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
05:09:08.0135 6408  Wd - ok
05:09:08.0171 6408  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
05:09:08.0189 6408  Wdf01000 - ok
05:09:08.0453 6408  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
05:09:08.0523 6408  WdiServiceHost - ok
05:09:08.0525 6408  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
05:09:08.0538 6408  WdiSystemHost - ok
05:09:08.0569 6408  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
05:09:08.0593 6408  WebClient - ok
05:09:08.0612 6408  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
05:09:08.0652 6408  Wecsvc - ok
05:09:08.0675 6408  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
05:09:08.0712 6408  wercplsupport - ok
05:09:08.0740 6408  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
05:09:08.0765 6408  WerSvc - ok
05:09:08.0778 6408  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
05:09:08.0825 6408  WfpLwf - ok
05:09:08.0827 6408  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
05:09:08.0834 6408  WIMMount - ok
05:09:08.0915 6408  WinDefend - ok
05:09:08.0919 6408  WinHttpAutoProxySvc - ok
05:09:08.0956 6408  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
05:09:08.0998 6408  Winmgmt - ok
05:09:09.0068 6408  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
05:09:09.0130 6408  WinRM - ok
05:09:09.0188 6408  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
05:09:09.0214 6408  WinUsb - ok
05:09:09.0289 6408  [ EE5619C43CB3940A4471BD7596B04B7A ] WireHelpSvc    C:\Program Files\Common Files\WireHelpSvc.exe
05:09:09.0298 6408  WireHelpSvc - ok
05:09:09.0312 6408  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
05:09:09.0334 6408  Wlansvc - ok
05:09:09.0387 6408  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
05:09:09.0395 6408  WmiAcpi - ok
05:09:09.0406 6408  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
05:09:09.0427 6408  wmiApSrv - ok
05:09:09.0448 6408  WMPNetworkSvc - ok
05:09:09.0457 6408  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
05:09:09.0467 6408  WPCSvc - ok
05:09:09.0478 6408  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
05:09:09.0491 6408  WPDBusEnum - ok
05:09:09.0518 6408  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
05:09:09.0541 6408  ws2ifsl - ok
05:09:09.0568 6408  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
05:09:09.0589 6408  wscsvc - ok
05:09:09.0618 6408  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
05:09:09.0650 6408  WSDPrintDevice - ok
05:09:09.0693 6408  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan        C:\Windows\system32\DRIVERS\WSDScan.sys
05:09:09.0703 6408  WSDScan - ok
05:09:09.0705 6408  WSearch - ok
05:09:09.0752 6408  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
05:09:09.0823 6408  wuauserv - ok
05:09:09.0849 6408  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
05:09:09.0927 6408  WudfPf - ok
05:09:09.0979 6408  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
05:09:09.0990 6408  WUDFRd - ok
05:09:10.0082 6408  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
05:09:10.0107 6408  wudfsvc - ok
05:09:10.0132 6408  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc        C:\Windows\System32\wwansvc.dll
05:09:10.0171 6408  WwanSvc - ok
05:09:10.0216 6408  ================ Scan global ===============================
05:09:10.0234 6408  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
05:09:10.0258 6408  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
05:09:10.0265 6408  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
05:09:10.0294 6408  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
05:09:10.0312 6408  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
05:09:10.0314 6408  [Global] - ok
05:09:10.0314 6408  ================ Scan MBR ==================================
05:09:10.0326 6408  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
05:09:10.0537 6408  \Device\Harddisk0\DR0 - ok
05:09:10.0543 6408  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
05:09:10.0991 6408  \Device\Harddisk1\DR1 - ok
05:09:10.0991 6408  ================ Scan VBR ==================================
05:09:10.0993 6408  [ 7A8F8DB3EE0024EE69525B27CE8A0600 ] \Device\Harddisk0\DR0\Partition1
05:09:10.0994 6408  \Device\Harddisk0\DR0\Partition1 - ok
05:09:11.0017 6408  [ C7C3F46018511AEC78640CCE001DE094 ] \Device\Harddisk0\DR0\Partition2
05:09:11.0018 6408  \Device\Harddisk0\DR0\Partition2 - ok
05:09:11.0027 6408  [ 10E58431CA96664A76C67F4717D14763 ] \Device\Harddisk0\DR0\Partition3
05:09:11.0028 6408  \Device\Harddisk0\DR0\Partition3 - ok
05:09:11.0061 6408  [ FE814BA5F2318652FB76507B39B71701 ] \Device\Harddisk1\DR1\Partition1
05:09:11.0063 6408  \Device\Harddisk1\DR1\Partition1 - ok
05:09:11.0089 6408  [ 496628293BF55E961A819E72E10CA404 ] \Device\Harddisk1\DR1\Partition2
05:09:11.0091 6408  \Device\Harddisk1\DR1\Partition2 - ok
05:09:11.0104 6408  [ AF6588E74257C08B4AD094AB10C1FA1F ] \Device\Harddisk1\DR1\Partition3
05:09:11.0105 6408  \Device\Harddisk1\DR1\Partition3 - ok
05:09:11.0105 6408  ============================================================
05:09:11.0105 6408  Scan finished
05:09:11.0105 6408  ============================================================
05:09:11.0111 6996  Detected object count: 5
05:09:11.0111 6996  Actual detected object count: 5
05:09:47.0779 6996  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
05:09:47.0779 6996  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:09:47.0779 6996  tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
05:09:47.0779 6996  tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:09:47.0780 6996  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
05:09:47.0780 6996  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:09:47.0786 6996  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
05:09:47.0786 6996  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:09:47.0787 6996  VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
05:09:47.0787 6996  VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 20.05.2013 21:13
Hi,
passt
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Lapilala 20.05.2013 21:44
ComboFix ist durch :)

Code:
ComboFix 13-05-20.01 - Lapilala 21.05.2013  5:23.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8172.6097 [GMT 2:00]
ausgeführt von:: c:\users\Lapilala\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lapilala\AppData\Roaming\dclogs
c:\users\Lapilala\AppData\Roaming\dclogs\2012-06-22-6.dc
c:\users\Lapilala\AppData\Roaming\dclogs\2012-06-23-7.dc
c:\users\Lapilala\AppData\Roaming\Help\coredb\storage
c:\windows\MSDCSC\msdcsc.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\windupdate
c:\windows\windupdate\WinSocks.sw
E:\install.exe
F:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-21 bis 2013-05-21  ))))))))))))))))))))))))))))))
.
.
2013-05-21 08:24 . 2013-05-21 02:35        --------        d-----w-        C:\_OTL
2013-05-21 03:32 . 2013-05-21 03:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-21 03:27 . 2013-05-21 03:27        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{89FC2E40-578C-43F4-9C2D-02E12BA9A060}\offreg.dll
2013-05-21 02:37 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{89FC2E40-578C-43F4-9C2D-02E12BA9A060}\mpengine.dll
2013-05-15 21:07 . 2013-05-05 21:36        17818624        ----a-w-        c:\windows\system32\mshtml.dll
2013-05-15 21:07 . 2013-05-05 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-15 21:07 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-05-15 21:03 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 15:19 . 2013-05-15 15:19        9195912        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-08 23:27 . 2013-05-08 23:27        --------        d-----w-        c:\users\Lapilala\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2013-05-07 22:22 . 2013-05-08 23:31        --------        d-----w-        c:\users\Lapilala\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2013-05-06 12:01 . 2013-05-06 12:31        --------        d-----w-        c:\programdata\Hotspot Shield
2013-05-06 12:01 . 2013-05-06 16:42        --------        d-----w-        c:\program files (x86)\Hotspot Shield
2013-05-06 12:00 . 2013-05-06 12:00        --------        d-----w-        c:\users\Lapilala\AppData\Roaming\Hotspot Shield
2013-05-03 17:16 . 2013-05-03 17:16        --------        d-----w-        c:\users\Lapilala\.thumbnails
2013-04-24 19:28 . 2013-04-24 19:28        42184        ----a-w-        c:\windows\system32\drivers\taphss6.sys
2013-04-24 19:18 . 2013-04-24 19:18        46792        ----a-w-        c:\windows\system32\drivers\hssdrv6.sys
2013-04-24 11:01 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-23 15:39 . 2013-04-23 15:39        --------        d-----w-        c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 21:11 . 2012-02-03 06:02        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-15 15:19 . 2012-04-07 12:30        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 15:19 . 2011-12-27 17:20        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2011-12-27 16:20        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 21:03        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 21:03        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 21:03        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 21:03        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 21:03        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 21:03        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 08:33        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 08:33        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 08:33        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:33        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 08:33        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 08:33        112640        ----a-w-        c:\windows\system32\smss.exe
2013-03-06 14:08 . 2013-03-06 14:08        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 14:08 . 2012-08-31 10:06        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-06 14:08 . 2012-06-25 14:25        861088        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 13:39 . 2012-06-19 14:38        168864        ----a-w-        c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2013-04-22 19:11        233288        ----a-w-        c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="f:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-12-10 206448]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files\Logitech Gaming Software\EReg\eReg.exe [2012-9-28 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-06-08 11839488]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-10 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-24 46792]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-05-02 147472]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-04-26 570664]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-04-26 390440]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-05-02 168864]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-02-07 66328]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 96849900
*Deregistered* - 96849900
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:19]
.
2013-05-21 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-05-30 10:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"BCSSync"="f:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - f:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Lapilala\AppData\Roaming\Mozilla\Firefox\Profiles\onxh8qyq.default\
FF - ExtSQL: 2013-05-06 14:01; afurladvisor@anchorfree.com; c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-21  05:42:12
ComboFix-quarantined-files.txt  2013-05-21 03:42
.
Vor Suchlauf: 1.732.558.848 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 11.436.806.144 Bytes frei
.
- - End Of File - - 9FC438CE58206626F17A6109B214C847

markusg 20.05.2013 21:48
Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19