Hier der log vom Fix

Code: Alles auswählenAufklappen

ATTFilter

 All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c55054ff-7def-11df-a598-00269eaf48c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c55054ff-7def-11df-a598-00269eaf48c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c55054ff-7def-11df-a598-00269eaf48c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c55054ff-7def-11df-a598-00269eaf48c8}\ not found.
File E:\Launch.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddf8a33e-411a-11e1-ad07-00269eaf48c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddf8a33e-411a-11e1-ad07-00269eaf48c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddf8a33e-411a-11e1-ad07-00269eaf48c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddf8a33e-411a-11e1-ad07-00269eaf48c8}\ not found.
File E:\pushinst.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: ***
->Temp folder emptied: 4463 bytes
->Temporary Internet Files folder emptied: 82322 bytes
->FireFox cache emptied: 46055845 bytes
->Flash cache emptied: 630 bytes
 
User: ***
->Temp folder emptied: 1572938 bytes
 
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 908576 bytes
 
Total Files Cleaned = 46,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: ***
->Flash cache emptied: 0 bytes
 
User: ***
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04162012_152126

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Danke für deine Mühe, wie geht's weiter?

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Das sieht irgendwie böse aus D:

Code: Alles auswählenAufklappen

ATTFilter

 16:30:38.0094 0872	TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:30:40.0100 0872	============================================================
16:30:40.0100 0872	Current date / time: 2012/04/16 16:30:40.0100
16:30:40.0100 0872	SystemInfo:
16:30:40.0100 0872	
16:30:40.0100 0872	OS Version: 6.1.7601 ServicePack: 1.0
16:30:40.0100 0872	Product type: Workstation
16:30:40.0100 0872	ComputerName: KWO-COMPUTER
16:30:40.0101 0872	UserName: ***
16:30:40.0101 0872	Windows directory: C:\Windows
16:30:40.0101 0872	System windows directory: C:\Windows
16:30:40.0101 0872	Running under WOW64
16:30:40.0101 0872	Processor architecture: Intel x64
16:30:40.0101 0872	Number of processors: 2
16:30:40.0101 0872	Page size: 0x1000
16:30:40.0101 0872	Boot type: Normal boot
16:30:40.0101 0872	============================================================
16:30:45.0340 0872	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:30:45.0383 0872	\Device\Harddisk0\DR0:
16:30:45.0383 0872	MBR used
16:30:45.0383 0872	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
16:30:45.0383 0872	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x12D99800
16:30:45.0396 0872	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x145CC800, BlocksNum 0x10E61800
16:30:45.0602 0872	Initialize success
16:30:45.0602 0872	============================================================
16:32:46.0805 2884	============================================================
16:32:46.0805 2884	Scan started
16:32:46.0805 2884	Mode: Manual; SigCheck; TDLFS; 
16:32:46.0806 2884	============================================================
16:32:48.0068 2884	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:32:48.0785 2884	1394ohci - ok
16:32:48.0902 2884	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:32:48.0935 2884	ACPI - ok
16:32:49.0039 2884	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:32:49.0134 2884	AcpiPmi - ok
16:32:49.0259 2884	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:32:49.0288 2884	AdobeARMservice - ok
16:32:49.0413 2884	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:32:49.0475 2884	adp94xx - ok
16:32:49.0541 2884	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:32:49.0573 2884	adpahci - ok
16:32:49.0702 2884	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:32:49.0742 2884	adpu320 - ok
16:32:49.0790 2884	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:32:50.0016 2884	AeLookupSvc - ok
16:32:50.0139 2884	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:32:50.0214 2884	AFD - ok
16:32:50.0296 2884	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:32:50.0324 2884	agp440 - ok
16:32:50.0402 2884	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:32:50.0447 2884	ALG - ok
16:32:50.0483 2884	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:32:50.0503 2884	aliide - ok
16:32:50.0644 2884	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:32:50.0666 2884	amdide - ok
16:32:50.0731 2884	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:32:50.0808 2884	AmdK8 - ok
16:32:50.0826 2884	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:32:50.0901 2884	AmdPPM - ok
16:32:50.0976 2884	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:32:51.0008 2884	amdsata - ok
16:32:51.0054 2884	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:32:51.0081 2884	amdsbs - ok
16:32:51.0112 2884	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:32:51.0133 2884	amdxata - ok
16:32:51.0179 2884	AmUStor         (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
16:32:51.0230 2884	AmUStor - ok
16:32:51.0294 2884	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:32:51.0521 2884	AppID - ok
16:32:51.0582 2884	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:32:51.0694 2884	AppIDSvc - ok
16:32:51.0779 2884	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:32:51.0878 2884	Appinfo - ok
16:32:51.0939 2884	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:32:51.0963 2884	arc - ok
16:32:51.0975 2884	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:32:51.0998 2884	arcsas - ok
16:32:52.0026 2884	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:32:52.0106 2884	AsyncMac - ok
16:32:52.0157 2884	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:32:52.0179 2884	atapi - ok
16:32:52.0252 2884	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:32:52.0355 2884	AudioEndpointBuilder - ok
16:32:52.0372 2884	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:32:52.0437 2884	AudioSrv - ok
16:32:52.0505 2884	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:32:52.0562 2884	AxInstSV - ok
16:32:52.0635 2884	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:32:52.0706 2884	b06bdrv - ok
16:32:52.0758 2884	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:32:52.0814 2884	b57nd60a - ok
16:32:52.0862 2884	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:32:52.0902 2884	BDESVC - ok
16:32:52.0934 2884	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:32:53.0009 2884	Beep - ok
16:32:53.0097 2884	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:32:53.0236 2884	BFE - ok
16:32:53.0276 2884	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:32:53.0483 2884	BITS - ok
16:32:53.0619 2884	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:32:53.0672 2884	blbdrive - ok
16:32:53.0723 2884	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:32:53.0757 2884	bowser - ok
16:32:53.0792 2884	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:32:53.0885 2884	BrFiltLo - ok
16:32:53.0895 2884	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:32:53.0921 2884	BrFiltUp - ok
16:32:53.0969 2884	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:32:54.0062 2884	Browser - ok
16:32:54.0095 2884	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:32:54.0148 2884	Brserid - ok
16:32:54.0159 2884	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:32:54.0192 2884	BrSerWdm - ok
16:32:54.0203 2884	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:32:54.0247 2884	BrUsbMdm - ok
16:32:54.0259 2884	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:32:54.0291 2884	BrUsbSer - ok
16:32:54.0371 2884	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:32:54.0412 2884	BthEnum - ok
16:32:54.0461 2884	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:32:54.0517 2884	BTHMODEM - ok
16:32:54.0560 2884	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:32:54.0609 2884	BthPan - ok
16:32:54.0697 2884	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:32:54.0773 2884	BTHPORT - ok
16:32:54.0828 2884	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:32:54.0914 2884	bthserv - ok
16:32:54.0991 2884	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:32:55.0029 2884	BTHUSB - ok
16:32:55.0081 2884	btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
16:32:55.0247 2884	btusbflt - ok
16:32:55.0403 2884	btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
16:32:55.0420 2884	btwaudio - ok
16:32:55.0487 2884	btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
16:32:55.0510 2884	btwavdt - ok
16:32:55.0593 2884	btwdins         (9b3bd0ecd82cc08409c55a36d8f56b93) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:32:55.0627 2884	btwdins - ok
16:32:55.0735 2884	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:32:55.0758 2884	btwl2cap - ok
16:32:55.0820 2884	btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
16:32:55.0839 2884	btwrchid - ok
16:32:55.0871 2884	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:32:55.0949 2884	cdfs - ok
16:32:56.0010 2884	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:32:56.0057 2884	cdrom - ok
16:32:56.0141 2884	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:32:56.0215 2884	CertPropSvc - ok
16:32:56.0265 2884	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:32:56.0328 2884	circlass - ok
16:32:56.0379 2884	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:32:56.0413 2884	CLFS - ok
16:32:56.0499 2884	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:32:56.0528 2884	clr_optimization_v2.0.50727_32 - ok
16:32:56.0581 2884	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:32:56.0625 2884	clr_optimization_v2.0.50727_64 - ok
16:32:56.0762 2884	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:32:56.0826 2884	clr_optimization_v4.0.30319_32 - ok
16:32:56.0893 2884	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:32:56.0919 2884	clr_optimization_v4.0.30319_64 - ok
16:32:56.0988 2884	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:32:57.0028 2884	CmBatt - ok
16:32:57.0088 2884	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:32:57.0109 2884	cmdide - ok
16:32:57.0164 2884	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:32:57.0244 2884	CNG - ok
16:32:57.0307 2884	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:32:57.0328 2884	Compbatt - ok
16:32:57.0375 2884	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:32:57.0421 2884	CompositeBus - ok
16:32:57.0446 2884	COMSysApp - ok
16:32:57.0464 2884	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:32:57.0486 2884	crcdisk - ok
16:32:57.0551 2884	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:32:57.0633 2884	CryptSvc - ok
16:32:57.0717 2884	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:32:57.0815 2884	DcomLaunch - ok
16:32:57.0852 2884	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:32:57.0940 2884	defragsvc - ok
16:32:58.0012 2884	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:32:58.0100 2884	DfsC - ok
16:32:58.0172 2884	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:32:58.0253 2884	Dhcp - ok
16:32:58.0296 2884	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:32:58.0356 2884	discache - ok
16:32:58.0391 2884	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:32:58.0414 2884	Disk - ok
16:32:58.0495 2884	DKbFltr         (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
16:32:58.0513 2884	DKbFltr - ok
16:32:58.0567 2884	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:32:58.0661 2884	Dnscache - ok
16:32:58.0741 2884	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:32:58.0821 2884	dot3svc - ok
16:32:58.0872 2884	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:32:58.0928 2884	Dot4 - ok
16:32:58.0992 2884	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:32:59.0042 2884	Dot4Print - ok
16:32:59.0089 2884	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:32:59.0131 2884	dot4usb - ok
16:32:59.0176 2884	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:32:59.0269 2884	DPS - ok
16:32:59.0320 2884	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:32:59.0360 2884	drmkaud - ok
16:32:59.0423 2884	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:32:59.0496 2884	DXGKrnl - ok
16:32:59.0533 2884	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:32:59.0609 2884	EapHost - ok
16:32:59.0736 2884	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:32:59.0898 2884	ebdrv - ok
16:32:59.0936 2884	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:32:59.0982 2884	EFS - ok
16:33:00.0078 2884	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:33:00.0155 2884	ehRecvr - ok
16:33:00.0188 2884	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:33:00.0213 2884	ehSched - ok
16:33:00.0303 2884	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:33:00.0351 2884	elxstor - ok
16:33:00.0461 2884	ePowerSvc       (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
16:33:00.0534 2884	ePowerSvc - ok
16:33:00.0654 2884	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:33:00.0701 2884	ErrDev - ok
16:33:00.0762 2884	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:33:00.0861 2884	EventSystem - ok
16:33:00.0951 2884	ewusbnet        (251af86e0a4ddf3a6b181ed5103b06b1) C:\Windows\system32\DRIVERS\ewusbnet.sys
16:33:01.0042 2884	ewusbnet - ok
16:33:01.0082 2884	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:33:01.0146 2884	exfat - ok
16:33:01.0503 2884	F-Secure Gatekeeper (c898cf54315e594c33f915b053e2ec2b) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
16:33:01.0537 2884	F-Secure Gatekeeper - ok
16:33:01.0866 2884	F-Secure Gatekeeper Handler Starter (abf1bd70c5c182ad8ffea8e8e8253846) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32st.exe
16:33:01.0898 2884	F-Secure Gatekeeper Handler Starter - ok
16:33:02.0155 2884	F-Secure HIPS   (40ac3b8a6b385e05ee011049a8bb64fd) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
16:33:02.0184 2884	F-Secure HIPS - ok
16:33:02.0281 2884	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:33:02.0364 2884	fastfat - ok
16:33:02.0459 2884	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:33:02.0520 2884	Fax - ok
16:33:02.0634 2884	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:33:02.0687 2884	fdc - ok
16:33:02.0736 2884	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:33:02.0826 2884	fdPHost - ok
16:33:02.0849 2884	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:33:02.0934 2884	FDResPub - ok
16:33:02.0986 2884	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:33:03.0014 2884	FileInfo - ok
16:33:03.0035 2884	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:33:03.0114 2884	Filetrace - ok
16:33:03.0155 2884	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:33:03.0207 2884	flpydisk - ok
16:33:03.0277 2884	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:33:03.0306 2884	FltMgr - ok
16:33:03.0362 2884	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:33:03.0464 2884	FontCache - ok
16:33:03.0546 2884	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:33:03.0572 2884	FontCache3.0.0.0 - ok
16:33:03.0766 2884	fsccsys1331654251 (4ab32767bb7ccd6fd67452f906e93955) C:\Windows\System32\drivers\fsccsys.sys
16:33:03.0786 2884	fsccsys1331654251 - ok
16:33:03.0838 2884	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:33:03.0861 2884	FsDepends - ok
16:33:04.0148 2884	FSDFWD          (778d74f5e8deb3b3f82acec9a0656fdb) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
16:33:04.0226 2884	FSDFWD - ok
16:33:04.0342 2884	FSES            (669cfcb1996e06b562f438ff051ec82e) C:\Windows\system32\drivers\fses.sys
16:33:04.0370 2884	FSES - ok
16:33:04.0456 2884	FSFW            (bb636a0ba1f077861aee5494fa06c32c) C:\Windows\system32\drivers\fsdfw.sys
16:33:04.0477 2884	FSFW - ok
16:33:04.0708 2884	fshoster        (42d816de816eeef5a739e780145b38bf) C:\Program Files (x86)\F-Secure\fshoster32.exe
16:33:04.0743 2884	fshoster - ok
16:33:04.0894 2884	FSMA            (f46abb441ee8b700821c479fae5877e6) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
16:33:04.0916 2884	FSMA - ok
16:33:05.0129 2884	FSORSPClient    (86d7a8ecdc94a0a798eee2323f77a427) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
16:33:05.0157 2884	FSORSPClient - ok
16:33:05.0302 2884	fsvista         (6bb0b8462c295af79872af82341142fd) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
16:33:05.0319 2884	fsvista - ok
16:33:05.0406 2884	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:33:05.0436 2884	Fs_Rec - ok
16:33:05.0500 2884	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:33:05.0534 2884	fvevol - ok
16:33:05.0574 2884	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:33:05.0625 2884	gagp30kx - ok
16:33:05.0690 2884	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:33:05.0801 2884	gpsvc - ok
16:33:05.0893 2884	Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
16:33:05.0963 2884	Greg_Service - ok
16:33:06.0089 2884	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:33:06.0115 2884	hamachi - ok
16:33:06.0195 2884	Hamachi2Svc - ok
16:33:06.0274 2884	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:33:06.0316 2884	hcw85cir - ok
16:33:06.0391 2884	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:33:06.0427 2884	HdAudAddService - ok
16:33:06.0474 2884	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:33:06.0516 2884	HDAudBus - ok
16:33:06.0558 2884	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:33:06.0582 2884	HidBatt - ok
16:33:06.0658 2884	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:33:06.0723 2884	HidBth - ok
16:33:06.0737 2884	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:33:06.0783 2884	HidIr - ok
16:33:06.0817 2884	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:33:06.0896 2884	hidserv - ok
16:33:06.0962 2884	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:33:07.0000 2884	HidUsb - ok
16:33:07.0052 2884	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:33:07.0112 2884	hkmsvc - ok
16:33:07.0158 2884	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:33:07.0202 2884	HomeGroupListener - ok
16:33:07.0243 2884	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:33:07.0301 2884	HomeGroupProvider - ok
16:33:07.0446 2884	hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) D:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
16:33:07.0478 2884	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:33:07.0478 2884	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:33:07.0520 2884	hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) D:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
16:33:07.0541 2884	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:33:07.0541 2884	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:33:07.0717 2884	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:33:07.0748 2884	HpSAMD - ok
16:33:07.0841 2884	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:33:07.0971 2884	HTTP - ok
16:33:08.0020 2884	hwdatacard      (4b5c07db91a0099272faae732e1152bd) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:33:08.0060 2884	hwdatacard - ok
16:33:08.0099 2884	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:33:08.0118 2884	hwpolicy - ok
16:33:08.0175 2884	hwusbfake       (9c13a2691ac410cc7469f298684dca5d) C:\Windows\system32\DRIVERS\ewusbfake.sys
16:33:08.0211 2884	hwusbfake - ok
16:33:08.0252 2884	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:33:08.0276 2884	i8042prt - ok
16:33:08.0368 2884	IAANTMON        (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:33:08.0405 2884	IAANTMON - ok
16:33:08.0524 2884	iaStor          (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
16:33:08.0550 2884	iaStor - ok
16:33:08.0640 2884	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:33:08.0700 2884	iaStorV - ok
16:33:08.0811 2884	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:33:08.0884 2884	idsvc - ok
16:33:09.0267 2884	igfx            (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:33:09.0706 2884	igfx - ok
16:33:09.0847 2884	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:33:09.0868 2884	iirsp - ok
16:33:09.0950 2884	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:33:10.0071 2884	IKEEXT - ok
16:33:10.0160 2884	int15.sys       (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
16:33:10.0180 2884	int15.sys - ok
16:33:10.0283 2884	IntcAzAudAddService (e200f72882c1e4e45fa2c4b66f19f7fb) C:\Windows\system32\drivers\RTKVHD64.sys
16:33:10.0394 2884	IntcAzAudAddService - ok
16:33:10.0441 2884	IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
16:33:10.0493 2884	IntcHdmiAddService - ok
16:33:10.0522 2884	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:33:10.0543 2884	intelide - ok
16:33:10.0580 2884	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:33:10.0657 2884	intelppm - ok
16:33:10.0714 2884	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:33:10.0791 2884	IPBusEnum - ok
16:33:10.0919 2884	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:33:11.0011 2884	IpFilterDriver - ok
16:33:11.0067 2884	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:33:11.0161 2884	iphlpsvc - ok
16:33:11.0203 2884	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:33:11.0226 2884	IPMIDRV - ok
16:33:11.0257 2884	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:33:11.0341 2884	IPNAT - ok
16:33:11.0379 2884	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:33:11.0448 2884	IRENUM - ok
16:33:11.0479 2884	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:33:11.0500 2884	isapnp - ok
16:33:11.0542 2884	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:33:11.0571 2884	iScsiPrt - ok
16:33:11.0671 2884	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:33:11.0705 2884	kbdclass - ok
16:33:11.0747 2884	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:33:11.0790 2884	kbdhid - ok
16:33:11.0822 2884	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:11.0844 2884	KeyIso - ok
16:33:11.0873 2884	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:33:11.0896 2884	KSecDD - ok
16:33:11.0917 2884	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:33:11.0941 2884	KSecPkg - ok
16:33:11.0983 2884	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:33:12.0061 2884	ksthunk - ok
16:33:12.0106 2884	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:33:12.0191 2884	KtmRm - ok
16:33:12.0245 2884	L1C             (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:33:12.0299 2884	L1C - ok
16:33:12.0373 2884	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:33:12.0456 2884	LanmanServer - ok
16:33:12.0518 2884	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:33:12.0595 2884	LanmanWorkstation - ok
16:33:12.0674 2884	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:33:12.0760 2884	lltdio - ok
16:33:12.0803 2884	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:33:12.0899 2884	lltdsvc - ok
16:33:12.0931 2884	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:33:12.0992 2884	lmhosts - ok
16:33:13.0049 2884	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:33:13.0073 2884	LSI_FC - ok
16:33:13.0096 2884	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:33:13.0119 2884	LSI_SAS - ok
16:33:13.0135 2884	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:33:13.0157 2884	LSI_SAS2 - ok
16:33:13.0170 2884	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:33:13.0194 2884	LSI_SCSI - ok
16:33:13.0228 2884	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:33:13.0307 2884	luafv - ok
16:33:13.0357 2884	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:33:13.0397 2884	Mcx2Svc - ok
16:33:13.0429 2884	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:33:13.0451 2884	megasas - ok
16:33:13.0471 2884	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:33:13.0499 2884	MegaSR - ok
16:33:13.0535 2884	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:33:13.0614 2884	MMCSS - ok
16:33:13.0644 2884	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:33:13.0706 2884	Modem - ok
16:33:13.0743 2884	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:33:13.0783 2884	monitor - ok
16:33:13.0836 2884	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:33:13.0857 2884	mouclass - ok
16:33:13.0894 2884	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:33:13.0932 2884	mouhid - ok
16:33:13.0977 2884	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:33:14.0001 2884	mountmgr - ok
16:33:14.0040 2884	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:33:14.0066 2884	mpio - ok
16:33:14.0105 2884	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:33:14.0166 2884	mpsdrv - ok
16:33:14.0230 2884	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:33:14.0339 2884	MpsSvc - ok
16:33:14.0387 2884	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:33:14.0419 2884	MRxDAV - ok
16:33:14.0460 2884	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:33:14.0500 2884	mrxsmb - ok
16:33:14.0544 2884	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:33:14.0593 2884	mrxsmb10 - ok
16:33:14.0646 2884	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:33:14.0670 2884	mrxsmb20 - ok
16:33:14.0711 2884	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:33:14.0733 2884	msahci - ok
16:33:14.0771 2884	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:33:14.0797 2884	msdsm - ok
16:33:14.0841 2884	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:33:14.0943 2884	MSDTC - ok
16:33:15.0006 2884	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:33:15.0066 2884	Msfs - ok
16:33:15.0083 2884	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:33:15.0142 2884	mshidkmdf - ok
16:33:15.0177 2884	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:33:15.0198 2884	msisadrv - ok
16:33:15.0240 2884	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:33:15.0318 2884	MSiSCSI - ok
16:33:15.0327 2884	msiserver - ok
16:33:15.0387 2884	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:33:15.0458 2884	MSKSSRV - ok
16:33:15.0481 2884	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:33:15.0563 2884	MSPCLOCK - ok
16:33:15.0608 2884	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:33:15.0692 2884	MSPQM - ok
16:33:15.0747 2884	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:33:15.0779 2884	MsRPC - ok
16:33:15.0818 2884	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:33:15.0840 2884	mssmbios - ok
16:33:15.0867 2884	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:33:15.0942 2884	MSTEE - ok
16:33:15.0973 2884	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:33:16.0013 2884	MTConfig - ok
16:33:16.0049 2884	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:33:16.0072 2884	Mup - ok
16:33:16.0125 2884	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:33:16.0146 2884	mwlPSDFilter - ok
16:33:16.0170 2884	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:33:16.0186 2884	mwlPSDNServ - ok
16:33:16.0199 2884	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:33:16.0216 2884	mwlPSDVDisk - ok
16:33:16.0325 2884	MWLService      (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
16:33:16.0356 2884	MWLService - ok
16:33:16.0419 2884	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:33:16.0518 2884	napagent - ok
16:33:16.0636 2884	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:33:16.0712 2884	NativeWifiP - ok
16:33:16.0803 2884	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:33:16.0880 2884	NDIS - ok
16:33:16.0906 2884	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:33:16.0965 2884	NdisCap - ok
16:33:17.0023 2884	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:33:17.0104 2884	NdisTapi - ok
16:33:17.0150 2884	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:33:17.0222 2884	Ndisuio - ok
16:33:17.0269 2884	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:33:17.0344 2884	NdisWan - ok
16:33:17.0409 2884	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:33:17.0486 2884	NDProxy - ok
16:33:17.0538 2884	Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
16:33:17.0574 2884	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:33:17.0574 2884	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:33:17.0655 2884	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:33:17.0742 2884	NetBIOS - ok
16:33:17.0793 2884	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:33:17.0877 2884	NetBT - ok
16:33:17.0914 2884	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:17.0937 2884	Netlogon - ok
16:33:17.0990 2884	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:33:18.0109 2884	Netman - ok
16:33:18.0138 2884	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:33:18.0230 2884	netprofm - ok
16:33:18.0314 2884	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:33:18.0334 2884	NetTcpPortSharing - ok
16:33:18.0609 2884	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:33:19.0000 2884	NETw5s64 - ok
16:33:19.0252 2884	netw5v64        (bc9a55a6deef3f9a328e3cb2b31aafd3) C:\Windows\system32\DRIVERS\netw5v64.sys
16:33:19.0506 2884	netw5v64 - ok
16:33:19.0640 2884	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:33:19.0674 2884	nfrd960 - ok
16:33:19.0767 2884	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:33:19.0892 2884	NlaSvc - ok
16:33:19.0914 2884	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:33:19.0976 2884	Npfs - ok
16:33:20.0002 2884	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:33:20.0076 2884	nsi - ok
16:33:20.0098 2884	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:33:20.0178 2884	nsiproxy - ok
16:33:20.0288 2884	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:33:20.0395 2884	Ntfs - ok
16:33:20.0473 2884	NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
16:33:20.0499 2884	NTI IScheduleSvc - ok
16:33:20.0582 2884	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
16:33:20.0606 2884	NTIDrvr - ok
16:33:20.0642 2884	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:33:20.0723 2884	Null - ok
16:33:20.0771 2884	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:33:20.0796 2884	nvraid - ok
16:33:20.0827 2884	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:33:20.0853 2884	nvstor - ok
16:33:20.0880 2884	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:33:20.0910 2884	nv_agp - ok
16:33:21.0054 2884	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:33:21.0081 2884	odserv - ok
16:33:21.0172 2884	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:33:21.0214 2884	ohci1394 - ok
16:33:21.0335 2884	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:33:21.0355 2884	ose - ok
16:33:21.0461 2884	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:33:21.0523 2884	p2pimsvc - ok
16:33:21.0569 2884	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:33:21.0641 2884	p2psvc - ok
16:33:21.0684 2884	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:33:21.0708 2884	Parport - ok
16:33:21.0764 2884	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:33:21.0787 2884	partmgr - ok
16:33:21.0809 2884	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:33:21.0859 2884	PcaSvc - ok
16:33:21.0916 2884	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:33:21.0950 2884	pccsmcfd - ok
16:33:21.0992 2884	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:33:22.0019 2884	pci - ok
16:33:22.0044 2884	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:33:22.0065 2884	pciide - ok
16:33:22.0100 2884	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:33:22.0128 2884	pcmcia - ok
16:33:22.0153 2884	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:33:22.0174 2884	pcw - ok
16:33:22.0204 2884	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:33:22.0307 2884	PEAUTH - ok
16:33:22.0385 2884	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:33:22.0428 2884	PerfHost - ok
16:33:22.0569 2884	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:33:22.0757 2884	pla - ok
16:33:22.0807 2884	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:33:22.0850 2884	PlugPlay - ok
16:33:22.0916 2884	Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
16:33:22.0937 2884	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:33:22.0937 2884	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:33:22.0976 2884	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:33:23.0017 2884	PNRPAutoReg - ok
16:33:23.0051 2884	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:33:23.0079 2884	PNRPsvc - ok
16:33:23.0145 2884	Point64         (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
16:33:23.0167 2884	Point64 - ok
16:33:23.0230 2884	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:33:23.0326 2884	PolicyAgent - ok
16:33:23.0364 2884	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:33:23.0455 2884	Power - ok
16:33:23.0540 2884	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:33:23.0618 2884	PptpMiniport - ok
16:33:23.0675 2884	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:33:23.0715 2884	Processor - ok
16:33:23.0781 2884	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:33:23.0880 2884	ProfSvc - ok
16:33:23.0918 2884	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:23.0940 2884	ProtectedStorage - ok
16:33:24.0021 2884	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:33:24.0096 2884	Psched - ok
16:33:24.0163 2884	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:33:24.0253 2884	ql2300 - ok
16:33:24.0266 2884	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:33:24.0290 2884	ql40xx - ok
16:33:24.0326 2884	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:33:24.0379 2884	QWAVE - ok
16:33:24.0411 2884	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:33:24.0439 2884	QWAVEdrv - ok
16:33:24.0450 2884	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:33:24.0529 2884	RasAcd - ok
16:33:24.0580 2884	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:33:24.0640 2884	RasAgileVpn - ok
16:33:24.0715 2884	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:33:24.0785 2884	RasAuto - ok
16:33:24.0844 2884	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:33:24.0941 2884	Rasl2tp - ok
16:33:25.0013 2884	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:33:25.0098 2884	RasMan - ok
16:33:25.0140 2884	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:33:25.0215 2884	RasPppoe - ok
16:33:25.0245 2884	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:33:25.0326 2884	RasSstp - ok
16:33:25.0380 2884	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:33:25.0460 2884	rdbss - ok
16:33:25.0489 2884	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:33:25.0532 2884	rdpbus - ok
16:33:25.0560 2884	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:33:25.0639 2884	RDPCDD - ok
16:33:25.0684 2884	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:33:25.0758 2884	RDPENCDD - ok
16:33:25.0779 2884	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:33:25.0837 2884	RDPREFMP - ok
16:33:25.0886 2884	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:33:25.0926 2884	RDPWD - ok
16:33:25.0992 2884	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:33:26.0049 2884	rdyboost - ok
16:33:26.0078 2884	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:33:26.0158 2884	RemoteAccess - ok
16:33:26.0186 2884	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:33:26.0268 2884	RemoteRegistry - ok
16:33:26.0338 2884	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:33:26.0400 2884	RFCOMM - ok
16:33:26.0441 2884	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:33:26.0504 2884	RpcEptMapper - ok
16:33:26.0538 2884	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:33:26.0580 2884	RpcLocator - ok
16:33:26.0660 2884	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:33:26.0729 2884	RpcSs - ok
16:33:26.0774 2884	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:33:26.0849 2884	rspndr - ok
16:33:26.0909 2884	S6000KNT        (23b29b8ca68e9d21a70b7ff253d1e179) C:\Windows\system32\Drivers\S6000KNT.sys
16:33:26.0931 2884	S6000KNT - ok
16:33:26.0954 2884	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:26.0975 2884	SamSs - ok
16:33:27.0005 2884	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:33:27.0029 2884	sbp2port - ok
16:33:27.0065 2884	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:33:27.0132 2884	SCardSvr - ok
16:33:27.0194 2884	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:33:27.0270 2884	scfilter - ok
16:33:27.0340 2884	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:33:27.0476 2884	Schedule - ok
16:33:27.0517 2884	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:33:27.0573 2884	SCPolicySvc - ok
16:33:27.0665 2884	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:33:27.0736 2884	SDRSVC - ok
16:33:27.0800 2884	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:33:27.0863 2884	secdrv - ok
16:33:27.0935 2884	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:33:28.0016 2884	seclogon - ok
16:33:28.0063 2884	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:33:28.0126 2884	SENS - ok
16:33:28.0161 2884	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:33:28.0204 2884	SensrSvc - ok
16:33:28.0271 2884	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:33:28.0299 2884	Serenum - ok
16:33:28.0329 2884	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:33:28.0364 2884	Serial - ok
16:33:28.0401 2884	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:33:28.0442 2884	sermouse - ok
16:33:28.0498 2884	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:33:28.0578 2884	SessionEnv - ok
16:33:28.0667 2884	sfdrv01         (a48b9f81d3c2ba989ae2d566747b4623) C:\Windows\system32\drivers\sfdrv01.sys
16:33:28.0696 2884	sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
16:33:28.0697 2884	sfdrv01 - detected UnsignedFile.Multi.Generic (1)
16:33:28.0745 2884	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:33:28.0804 2884	sffdisk - ok
16:33:28.0832 2884	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:33:28.0919 2884	sffp_mmc - ok
16:33:28.0947 2884	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:33:28.0984 2884	sffp_sd - ok
16:33:29.0037 2884	sfhlp02         (9e0ecda6c72c5d0d8cf3f0fba076422b) C:\Windows\system32\drivers\sfhlp02.sys
16:33:29.0055 2884	sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0055 2884	sfhlp02 - detected UnsignedFile.Multi.Generic (1)
16:33:29.0100 2884	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:33:29.0163 2884	sfloppy - ok
16:33:29.0195 2884	sfvfs02         (f65d13175ebf3fa49b1f7f948926a16e) C:\Windows\system32\drivers\sfvfs02.sys
16:33:29.0203 2884	sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0203 2884	sfvfs02 - detected UnsignedFile.Multi.Generic (1)
16:33:29.0253 2884	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:33:29.0344 2884	SharedAccess - ok
16:33:29.0390 2884	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:33:29.0474 2884	ShellHWDetection - ok
16:33:29.0546 2884	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:33:29.0570 2884	SiSRaid2 - ok
16:33:29.0605 2884	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:33:29.0628 2884	SiSRaid4 - ok
16:33:29.0738 2884	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) D:\Programme\Skype\Updater\Updater.exe
16:33:29.0767 2884	SkypeUpdate - ok
16:33:29.0780 2884	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:33:29.0841 2884	Smb - ok
16:33:29.0914 2884	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:33:29.0958 2884	SNMPTRAP - ok
16:33:29.0987 2884	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:33:30.0007 2884	spldr - ok
16:33:30.0071 2884	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:33:30.0155 2884	Spooler - ok
16:33:30.0304 2884	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:33:30.0512 2884	sppsvc - ok
16:33:30.0552 2884	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:33:30.0631 2884	sppuinotify - ok
16:33:30.0686 2884	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:33:30.0769 2884	srv - ok
16:33:30.0815 2884	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:33:30.0868 2884	srv2 - ok
16:33:30.0903 2884	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:33:30.0949 2884	srvnet - ok
16:33:31.0018 2884	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:33:31.0134 2884	SSDPSRV - ok
16:33:31.0164 2884	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:33:31.0227 2884	SstpSvc - ok
16:33:31.0265 2884	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:33:31.0287 2884	stexstor - ok
16:33:31.0361 2884	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:33:31.0446 2884	stisvc - ok
16:33:31.0489 2884	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:33:31.0510 2884	swenum - ok
16:33:31.0583 2884	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:33:31.0680 2884	swprv - ok
16:33:31.0741 2884	SynTP           (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
16:33:31.0766 2884	SynTP - ok
16:33:31.0861 2884	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:33:31.0990 2884	SysMain - ok
16:33:32.0054 2884	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:33:32.0109 2884	TabletInputService - ok
16:33:32.0206 2884	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:33:32.0316 2884	TapiSrv - ok
16:33:32.0348 2884	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:33:32.0409 2884	TBS - ok
16:33:32.0505 2884	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:33:32.0625 2884	Tcpip - ok
16:33:32.0684 2884	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:33:32.0749 2884	TCPIP6 - ok
16:33:32.0801 2884	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:33:32.0872 2884	tcpipreg - ok
16:33:32.0919 2884	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:33:32.0940 2884	TDPIPE - ok
16:33:32.0977 2884	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:33:33.0019 2884	TDTCP - ok
16:33:33.0104 2884	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:33:33.0188 2884	tdx - ok
16:33:33.0227 2884	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:33:33.0249 2884	TermDD - ok
16:33:33.0281 2884	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:33:33.0363 2884	TermService - ok
16:33:33.0425 2884	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:33:33.0478 2884	Themes - ok
16:33:33.0515 2884	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:33:33.0576 2884	THREADORDER - ok
16:33:33.0644 2884	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:33:33.0732 2884	TrkWks - ok
16:33:33.0801 2884	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:33:33.0880 2884	TrustedInstaller - ok
16:33:33.0958 2884	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:33:34.0028 2884	tssecsrv - ok
16:33:34.0095 2884	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:33:34.0133 2884	TsUsbFlt - ok
16:33:34.0218 2884	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:33:34.0307 2884	tunnel - ok
16:33:34.0353 2884	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:33:34.0377 2884	uagp35 - ok
16:33:34.0400 2884	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
16:33:34.0415 2884	UBHelper - ok
16:33:34.0486 2884	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:33:34.0573 2884	udfs - ok
16:33:34.0642 2884	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:33:34.0682 2884	UI0Detect - ok
16:33:34.0716 2884	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:33:34.0739 2884	uliagpkx - ok
16:33:34.0778 2884	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:33:34.0819 2884	umbus - ok
16:33:34.0856 2884	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:33:34.0893 2884	UmPass - ok
16:33:34.0974 2884	Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:33:35.0009 2884	Updater Service - ok
16:33:35.0054 2884	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:33:35.0142 2884	upnphost - ok
16:33:35.0198 2884	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:33:35.0246 2884	usbccgp - ok
16:33:35.0295 2884	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:33:35.0324 2884	usbcir - ok
16:33:35.0343 2884	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:33:35.0398 2884	usbehci - ok
16:33:35.0435 2884	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:33:35.0478 2884	usbhub - ok
16:33:35.0511 2884	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:33:35.0572 2884	usbohci - ok
16:33:35.0675 2884	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:33:35.0734 2884	usbprint - ok
16:33:35.0776 2884	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:33:35.0803 2884	usbscan - ok
16:33:35.0845 2884	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
16:33:35.0884 2884	usbser - ok
16:33:35.0925 2884	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:33:35.0963 2884	USBSTOR - ok
16:33:36.0001 2884	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:33:36.0035 2884	usbuhci - ok
16:33:36.0091 2884	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:33:36.0122 2884	usbvideo - ok
16:33:36.0155 2884	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:33:36.0234 2884	UxSms - ok
16:33:36.0271 2884	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:36.0291 2884	VaultSvc - ok
16:33:36.0333 2884	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:33:36.0353 2884	vdrvroot - ok
16:33:36.0414 2884	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:33:36.0497 2884	vds - ok
16:33:36.0532 2884	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:33:36.0557 2884	vga - ok
16:33:36.0577 2884	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:33:36.0674 2884	VgaSave - ok
16:33:36.0713 2884	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:33:36.0738 2884	vhdmp - ok
16:33:36.0778 2884	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:33:36.0800 2884	viaide - ok
16:33:36.0829 2884	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:33:36.0851 2884	volmgr - ok
16:33:36.0902 2884	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:33:36.0934 2884	volmgrx - ok
16:33:36.0966 2884	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:33:36.0997 2884	volsnap - ok
16:33:37.0048 2884	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:33:37.0075 2884	vsmraid - ok
16:33:37.0171 2884	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:33:37.0313 2884	VSS - ok
16:33:37.0338 2884	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:33:37.0386 2884	vwifibus - ok
16:33:37.0430 2884	VWiFiFlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:33:37.0459 2884	VWiFiFlt - ok
16:33:37.0493 2884	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:33:37.0522 2884	vwifimp - ok
16:33:37.0599 2884	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:33:37.0669 2884	W32Time - ok
16:33:37.0687 2884	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:33:37.0729 2884	WacomPen - ok
16:33:37.0792 2884	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:37.0864 2884	WANARP - ok
16:33:37.0871 2884	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:37.0929 2884	Wanarpv6 - ok
16:33:37.0999 2884	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:33:38.0084 2884	WatAdminSvc - ok
16:33:38.0174 2884	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:33:38.0259 2884	wbengine - ok
16:33:38.0297 2884	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:33:38.0335 2884	WbioSrvc - ok
16:33:38.0392 2884	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:33:38.0442 2884	wcncsvc - ok
16:33:38.0468 2884	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:33:38.0507 2884	WcsPlugInService - ok
16:33:38.0566 2884	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:33:38.0594 2884	Wd - ok
16:33:38.0652 2884	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:33:38.0702 2884	Wdf01000 - ok
16:33:38.0719 2884	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:33:38.0841 2884	WdiServiceHost - ok
16:33:38.0851 2884	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:33:38.0883 2884	WdiSystemHost - ok
16:33:38.0929 2884	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:33:38.0987 2884	WebClient - ok
16:33:39.0022 2884	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:33:39.0108 2884	Wecsvc - ok
16:33:39.0138 2884	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:33:39.0218 2884	wercplsupport - ok
16:33:39.0257 2884	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:33:39.0336 2884	WerSvc - ok
16:33:39.0394 2884	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:33:39.0462 2884	WfpLwf - ok
16:33:39.0533 2884	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:33:39.0558 2884	WIMMount - ok
16:33:39.0668 2884	WinDefend - ok
16:33:39.0686 2884	WinHttpAutoProxySvc - ok
16:33:39.0748 2884	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:33:39.0838 2884	Winmgmt - ok
16:33:39.0928 2884	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:33:40.0103 2884	WinRM - ok
16:33:40.0220 2884	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:33:40.0280 2884	WinUsb - ok
16:33:40.0339 2884	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:33:40.0434 2884	Wlansvc - ok
16:33:40.0629 2884	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:33:40.0773 2884	wlidsvc - ok
16:33:40.0861 2884	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:33:40.0912 2884	WmiAcpi - ok
16:33:40.0987 2884	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:33:41.0014 2884	wmiApSrv - ok
16:33:41.0076 2884	WMPNetworkSvc - ok
16:33:41.0115 2884	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:33:41.0138 2884	WPCSvc - ok
16:33:41.0198 2884	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:33:41.0227 2884	WPDBusEnum - ok
16:33:41.0282 2884	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:33:41.0343 2884	ws2ifsl - ok
16:33:41.0368 2884	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:33:41.0424 2884	wscsvc - ok
16:33:41.0465 2884	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:33:41.0514 2884	WSDPrintDevice - ok
16:33:41.0528 2884	WSearch - ok
16:33:41.0646 2884	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:33:41.0828 2884	wuauserv - ok
16:33:41.0891 2884	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:33:41.0974 2884	WudfPf - ok
16:33:42.0018 2884	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:33:42.0102 2884	WUDFRd - ok
16:33:42.0154 2884	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:33:42.0216 2884	wudfsvc - ok
16:33:42.0246 2884	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:33:42.0305 2884	WwanSvc - ok
16:33:42.0379 2884	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:33:42.0635 2884	\Device\Harddisk0\DR0 - ok
16:33:42.0645 2884	Boot (0x1200)   (c63f64a8b150df958a8d2d720ca3ead0) \Device\Harddisk0\DR0\Partition0
16:33:42.0647 2884	\Device\Harddisk0\DR0\Partition0 - ok
16:33:42.0675 2884	Boot (0x1200)   (9383cddef1eba5c38d3955fd0e88351e) \Device\Harddisk0\DR0\Partition1
16:33:42.0677 2884	\Device\Harddisk0\DR0\Partition1 - ok
16:33:42.0699 2884	Boot (0x1200)   (032147b4facc522059f87ef8049f90c5) \Device\Harddisk0\DR0\Partition2
16:33:42.0701 2884	\Device\Harddisk0\DR0\Partition2 - ok
16:33:42.0701 2884	============================================================
16:33:42.0701 2884	Scan finished
16:33:42.0701 2884	============================================================
16:33:42.0870 5004	Detected object count: 7
16:33:42.0870 5004	Actual detected object count: 7
16:34:10.0121 5004	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:10.0121 5004	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:34:10.0122 5004	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:10.0122 5004	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:34:10.0125 5004	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:10.0126 5004	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:34:10.0128 5004	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:10.0128 5004	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:34:10.0131 5004	sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:10.0131 5004	sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:34:10.0133 5004	sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:10.0133 5004	sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:34:10.0136 5004	sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:10.0136 5004	sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Nö, das ist ok

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier der ComboFix.txt

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-04-16.01 - *** 16.04.2012  17:13:40.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3999.1517 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Computer Security *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-16 bis 2012-04-16  ))))))))))))))))))))))))))))))
.
.
2012-04-16 13:21 . 2012-04-16 13:21	--------	d-----w-	C:\_OTL
2012-04-14 17:39 . 2012-04-16 14:24	--------	d-----w-	c:\users\***\AppData\Roaming\\.minecraft
2012-04-14 17:39 . 2012-04-16 14:24	--------	d-----w-	c:\users\***\AppData\Roaming\.minecraft
2012-04-14 13:32 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7540078-2D14-46C1-9762-2FE76EEC8413}\mpengine.dll
2012-04-13 15:23 . 2012-04-13 15:23	--------	d-----w-	c:\program files (x86)\ESET
2012-04-13 14:07 . 2012-04-13 14:07	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-04-13 14:07 . 2012-04-13 14:07	--------	d-----w-	c:\users\***\AppData\Roaming\\Malwarebytes
2012-04-13 14:07 . 2012-04-13 14:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-13 14:07 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-12 16:33 . 2012-03-06 06:53	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-12 16:33 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 16:33 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 16:30 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-12 16:30 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-12 16:30 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-12 16:30 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-12 16:30 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-12 16:30 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-12 16:30 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-10 00:37 . 2012-04-14 18:06	--------	d-----w-	c:\users\***\AppData\Roaming\gtk-2.0
2012-04-10 00:37 . 2012-04-14 18:06	--------	d-----w-	c:\users\***\AppData\Roaming\\gtk-2.0
2012-04-08 15:15 . 2012-04-08 15:15	--------	d-----w-	c:\users\***\\.thumbnails
2012-04-08 15:15 . 2012-04-08 15:15	--------	d-----w-	c:\users\***\.thumbnails
2012-03-26 18:16 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-26 18:16 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-26 18:16 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-26 18:16 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-26 18:16 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-26 18:16 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-26 18:16 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-26 18:16 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-26 18:16 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-26 18:16 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 10:39 . 2011-06-15 20:36	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 07:18 . 2010-05-19 22:02	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-07 09:02 . 2012-02-07 09:02	1070352	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-10-07 866824]
"F-Secure Hoster"="c:\program files (x86)\F-Secure\fshoster32.exe" [2011-12-14 160424]
"F-Secure Manager"="c:\program files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2011-12-19 310936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;d:\programme\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-03-12 61976]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2011-12-19 13976]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\F-Secure\fshoster32.exe [2011-12-14 160424]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [2011-12-12 61120]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-03-06 198808]
S3 fsccsys1331654251;F-Secure Content Control Driver;c:\windows\System32\drivers\fsccsys.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 59059924
*Deregistered* - 59059924
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-21 8115744]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1820pt&r=273605100516l0423z165t4573e328
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - d:\office~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cxgae4ay.default\
FF - prefs.js: browser.startup.homepage - goggle.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files (x86)\F-Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="f005f03d-e0bc-4bab-a27f-f40ca1ef86cf"
"AuthorizationCode"="CRHeCAtwx69ZwrnsgLVVGmZZD5z8ZyNF3dUPTMi*e4ktMMGXyurEFg"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-16  17:27:10
ComboFix-quarantined-files.txt  2012-04-16 15:27
.
Vor Suchlauf: 8 Verzeichnis(se), 122.874.580.992 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 122.577.526.784 Bytes frei
.
- - End Of File - - 99C85ED53121597212F41B278F20941C
         

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

• Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Es ist alle gut gelaufen, keine Abstürze oder ähnliches . Hier der aswMBR.txt

Code: Alles auswählenAufklappen

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-16 20:50:49
-----------------------------
20:50:49.070    OS Version: Windows x64 6.1.7601 Service Pack 1
20:50:49.070    Number of processors: 2 586 0x170A
20:50:49.070    ComputerName: KWO-COMPUTER  UserName: ***
20:50:50.412    Initialize success
20:54:55.865    AVAST engine defs: 12041600
20:55:09.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:55:09.328    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
20:55:09.344    Disk 0 MBR read successfully
20:55:09.344    Disk 0 MBR scan
20:55:09.359    Disk 0 Windows 7 default MBR code
20:55:09.375    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12288 MB offset 2048
20:55:09.406    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 25167872
20:55:09.422    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       154419 MB offset 25372672
20:55:09.437    Disk 0 Partition - 00     0F Extended LBA            138436 MB offset 341622784
20:55:09.468    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       138435 MB offset 341624832
20:55:09.546    Disk 0 scanning C:\Windows\system32\drivers
20:55:21.621    Service scanning
20:55:52.072    Modules scanning
20:55:52.088    Disk 0 trace - called modules:
20:55:52.150    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
20:55:52.150    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005792060]
20:55:52.166    3 CLASSPNP.SYS[fffff88001bad43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004687050]
20:55:53.772    AVAST engine scan C:\Windows
20:55:57.532    AVAST engine scan C:\Windows\system32
20:59:29.302    AVAST engine scan C:\Windows\system32\drivers
20:59:43.826    AVAST engine scan C:\Users\***
21:00:55.600    AVAST engine scan C:\ProgramData
21:02:36.957    Scan finished successfully
21:02:52.167    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:02:52.176    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         

Seit dem alle Ordner angezeigt werden, um die infzierten Dateien hochzuladen, sind in der Partition C und D Ordner mit dem Namen §RECYCLE.BIN. Was sind das für Ordner?

Das sind versteckte Ordner, die werden dir standardmäßig nur nicht angezeigt

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Sollte etwas gefunden werden, alle Funde löschen?

Nur bei Malwarebytes. Bei SUPERAntiSpyware bitte erstmal nichts löschen, nur Log posten

Ok, mache ich, danke für deine Mühe.

Die Anleitung auf Trojanerboard für SUPERAntiSpyware scheint nicht mehr ganz aktuell, kann das sein? Ich fühl mich ein wenig Hilflos auf der Benutzeroberfläche.

So, ich hab mir die Benutzeroberfläche nochmal genauer angeguckt und alles hinbekommen. Hier sind die logs von Malwarebytes und SuperAntiSpyware:

Malwarebytes:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: KWO-COMPUTER [Administrator]

16.04.2012 22:14:19
mbam-log-2012-04-16 (22-14-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418738
Laufzeit: 1 Stunde(n), 8 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

und von SuperAntiSpyware:

Code: Alles auswählenAufklappen

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/17/2012 at 01:47 AM

Application Version : 5.0.1146

Core Rules Database Version : 8464
Trace Rules Database Version: 6276

Scan type       : Complete Scan
Total Scan Time : 02:18:11

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 652
Memory threats detected   : 0
Registry items scanned    : 66112
Registry threats detected : 0
File items scanned        : 218198
File threats detected     : 8

Adware.Tracking Cookie
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXGAE4AY.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXGAE4AY.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXGAE4AY.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXGAE4AY.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXGAE4AY.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXGAE4AY.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXGAE4AY.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXGAE4AY.DEFAULT\COOKIES.SQLITE ]
         

Sieht ok aus, da wurden nur Cookies gefunden. Kannst du mit SUPERAntiSpyware löschen.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Danke für deine Zeit, die du mir geschenkt hast. Wenn du sagst, dass alles in Ordnung ist, sollte nix mehr drauf sein oder? Eset hat damals die beiden Trojaner gefunden. Im Moment habe ich jetzt ein paar viele Scanner installiert. Sollte ich die behalten?

Eines ist mir doch noch aufgefallen. Alle angezeigten Ordner, die vorher transparent waren, also versteckt, sind jetzt nicht mehr transparent. Wieso?
Die Cokkies werden bei mir immer gelöscht, also mit CCleaner nach jedem Tag.

Zitat:

Eset hat damals die beiden Trojaner gefunden.

Entfern die mal falls noch vorhanden, ich denke das waren Überreste.

Zitat:

Eines ist mir doch noch aufgefallen. Alle angezeigten Ordner, die vorher transparent waren, also versteckt, sind jetzt nicht mehr transparent. Wieso?

http://www.trojaner-board.de/59624-a...-sichtbar.html

Versteckte Dateien ein/ausblenden ist ein uralter Hut



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Zitat:

Zitat von cosinus

Entfern die mal falls noch vorhanden, ich denke das waren Überreste.

Was entfernen? Eset hat es damals gefunden, soll ich Eset noch mal drüber laufen lassen?