Windows Verschlüsselungstrojaner u defektes CD Laufwerk

gaia48 · 01.05.2012, 15:58

Hallo, guten Tag,

schönen 1. Mai allen Computer-Viren-und -Trojanergeplagten und allen Helfern hier!

Wir haben ebenfalls den Windows Verschlüsselungstrojaner auf dem Laptop mit dem Windows Fenster u Zahlungsaufforderung etc..., ist ja bekannt hier. Wir haben auch schon versucht, direkt nach dem Hochfahren Malwarebytes zu starten, welches wir von einem anderen Trojanerbefall noch auf dem Rechner hatten, doch leider startet es nicht. Weiterhin haben wir OTL versucht, von CD zu starten, doch auch das klappt nicht. Wir hatten in den letzten Tagen auch mehrfach mit dem CD-Laufwerk Schwierigkeiten, es startete keine Spiele / Anwendungen von CD, so dass wir denken, es ist zusätzlich defekt. Auch haben wir versucht, das OTL-Programm auf USB-Stick zu speichern und von dort zu starten, aber das klappte auch nicht (vermutlich wegen der Einstellungen beim Hochfahren des Computers und unserem Unwissen, wie man den Laptop beeinflusst, vom Stick zu starten)
Womit können wir den Bereinigungsprozess denn starten, wenn wir auch nicht von CD booten können?
Das befallene Notebook ist ein Samsung R720 mit Microsoft Vista, ein 2. Rechner ist vorhanden.

Wir bitten herzlichst um Hilfe!
Vielen Dank bereits dem/derjenigen, die sich unseres Threads annimmt.

Schöne Grüsse
gaia48

cosinus · 01.05.2012, 16:31

Zitat:

Womit können wir den Bereinigungsprozess denn starten, wenn wir auch nicht von CD booten können?

Neues optisches Laufwerk besorgen wäre schonmal ratsam oder sollen nie wieder Daten von CD und DVD mit diesem NB verarbeitet werden?

OTLPE bekommt man notfalls auch auf einen Stick, ist aber aufwändiger als die OTLPE-CD zu brennen

Erstellen wir einen bootbaren USB Stick für OTLPE

Wichtig:
Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht mehr vorhanden sein.

Downloade dir OTLPEstd.exe und speichere die Datei auf dem Desktop.
Solltest Du kein 7-zip oder Winrar auf deinem System haben, lade dir 7-zip herunter und installiere es.
Nach der Installation von 7-zip, extrahiere OTLPEstd mit einem Rechtsklick auf OTLPE.iso und wähle Entpacken nach "OTLPEstd\".

Nun öffne bitte den Ordner OTLPEStd und mache einen Rechtklick auf die OTLPE_New_Std.iso und wähle in 7zip Dateien entpacken

Entpacke die Dateien in einen Ordner ( OTLPE ) auf dem Desktop. Nehme bitte ebenfalls die Einstellung wie im Bild vor.

Downloade dir eeepcfr.zip und entpacke die Datei nach Systemroot (meistens C:\).

Leere den USB Stick auf den Du OTLPE erstellen willst.
Navigiere nach C:\eeecpfr und starte usb_prep8.cmd.
Drücke im DOS Fenster eine beliebige Taste.
Gehe nun sicher das der richtige Laufwerksbuchstabe deines USB Sticks ganz oben steht.
Für Drive Label: gib ein OTLPE.
Unter Source Path to built BartPE/WinPE Files klicke ... und wähle den vorher erstellten OTLPE Ordner .
Setze ein Häckchen bei Enable File Copy.
Klicke Start, akzeptiere die Nutzungsbestimmungen.

Nun kannst Du mit dem USB Stick dein System starten!

Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device auswählen)

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

gaia48 · 01.05.2012, 21:36

Hallo Arne,

vielen Dank für die ausführliche Beschreibung. Wir sind schier verzweifelt in den letzten Stunden. Letztendlich bekamen wir aber die ReatogoPE Datei auf den Stick und konnten OTLPE starten. Beigefügt die Dateien.
Es war jedoch so dass wir zwischendurch den Rechner oft gar nicht gebootet bekamen oder er bootete und schaltete sich kurz darauf wieder aus.
Wir bekamen immer den abgesicherten Modus hin, so dass wir dann schon einmal die 7 Trojaner die Malwarebytes fand, gelöscht haben (vorher log gespeichert) .

Hier die Dateien:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.05.2012 22:09:47 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = F:\ReatogoPE\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 91,33 Gb Free Space | 64,27% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 138,64 Gb Free Space | 96,95% Space Free | Partition Type: NTFS
Drive F: | 1,92 Gb Total Space | 1,42 Gb Free Space | 73,91% Space Free | Partition Type: FAT
 
Computer Name: NOTEBOOK | User Name:
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (lxeb_device) -- C:\Windows\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (acedrv07) -- C:\Windows\System32\drivers\acedrv07.sys (Protect Software GmbH)
DRV - (acedrv06) -- C:\Windows\System32\drivers\acedrv06.sys (Protect Software GmbH)
DRV - (acedrv05) -- C:\Windows\System32\drivers\acedrv05.sys (Protect Software GmbH)
DRV - (acedrv04) -- C:\Windows\System32\drivers\acedrv04.sys (Protect Software GmbH)
DRV - (acedrv03) -- C:\Windows\System32\drivers\acedrv03.sys (ACE GmbH)
DRV - (acedrv02) -- C:\Windows\System32\drivers\acedrv02.sys (ACE GmbH)
DRV - (acedrv01) -- C:\Windows\System32\drivers\acedrv01.sys (ACE GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MTOnlPktAlyX) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 13:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 12:32:08 | 000,000,000 | ---D | M]
 
[2010.06.08 22:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.05.01 11:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\056guaym.default\extensions
[2012.01.12 19:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012.04.27 13:51:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 19:06:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.12 19:06:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.12 19:06:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.12 19:06:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.12 19:06:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.12 19:06:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.24 12:02:20 | 000,408,580 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14130 more lines...
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000..\Run: [Device Detection]  File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O7 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.01 20:11:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.01 11:46:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Fwlqcnx
[2012.05.01 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Wqlfdrmna
[2012.04.27 13:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.27 13:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.12 12:11:42 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.12 12:11:42 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.11 21:59:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 21:59:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.11 21:59:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.11 21:59:16 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.04.11 21:59:16 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.11 21:59:16 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.04.11 21:59:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.04.11 21:59:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.04.11 21:59:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 21:59:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.04.11 21:59:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.04.11 21:59:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.04.11 21:59:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.04.11 21:59:16 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.04.11 21:59:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.04.11 21:59:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 21:59:15 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.04.11 21:59:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.04.08 14:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainmonster Studios
[2011.04.02 12:26:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll
[2011.04.02 12:26:29 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll
[2011.04.02 12:26:29 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll
[2011.04.02 12:26:28 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll
[2011.04.02 12:26:27 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll
[2011.04.02 12:26:25 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll
[2011.04.02 12:26:23 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxebcoms.exe
[2011.04.02 12:26:23 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll
[2011.04.02 12:26:22 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll
[2010.11.18 10:32:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll
[2010.11.18 10:32:31 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxebih.exe
[2010.11.18 10:32:28 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll
[2010.11.18 10:32:28 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxebcfg.exe
[2010.11.18 10:32:22 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxebhcp.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.01 22:11:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59FF7F83-BB5C-40D2-A251-CE5F915947E4}.job
[2012.05.01 22:10:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83B22B03-42AA-42AC-B7EB-CACDB31F1883}.job
[2012.05.01 22:08:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4224D031-A0DF-4C8A-965C-146460862FCB}.job
[2012.05.01 21:59:20 | 000,689,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.01 21:59:20 | 000,645,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.01 21:59:20 | 000,151,278 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.01 21:59:20 | 000,122,724 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.01 21:51:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 21:51:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 21:51:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.01 21:48:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.01 20:34:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.01 17:24:12 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 11:55:42 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\locked-00000DA4.LCS.ikfm
[2012.05.01 11:37:14 | 004,067,840 | ---- | M] () -- C:\Users\Admin\Documents\locked-Zipdatei ***.EXE.pfkc
[2012.05.01 11:37:14 | 000,278,302 | ---- | M] () -- C:\Users\Admin\Documents\locked-Übernachtungsorte ***.pdf.blnr
[2012.05.01 11:37:13 | 003,840,375 | ---- | M] () -- C:\Users\Admin\Documents\locked-***ed.pdf.hzbl
[2012.05.01 11:37:13 | 001,635,674 | ---- | M] () -- C:\Users\Admin\Documents\locked-***.pdf.nfqt
[2012.05.01 11:37:10 | 004,105,139 | ---- | M] () -- C:\Users\Admin\Documents\locked-***.nris
[2012.05.01 11:37:09 | 002,081,212 | ---- | M] () -- C:\Users\Admin\Documents\locked-ile.pdf.pcky
[2012.05.01 11:37:08 | 002,080,938 | ---- | M] () -- C:\Users\Admin\Documents\locked-ter.pdf.qdox
[2012.05.01 11:37:08 | 000,414,147 | ---- | M] () -- C:\Users\Admin\Documents\locked-Google Maps.pdf.doxj
[2012.05.01 11:37:08 | 000,119,869 | ---- | M] () -- C:\Users\Admin\Documents\locked-webClub.JPG.cwyp
[2012.05.01 11:37:08 | 000,032,476 | ---- | M] () -- C:\Users\Admin\Documents\locked-eden.pdf.znli
[2012.05.01 11:37:08 | 000,023,136 | ---- | M] () -- C:\Users\Admin\Documents\locked-Unbenannt.odt.fntq
[2012.05.01 11:37:08 | 000,013,200 | ---- | M] () -- C:\Users\Admin\Documents\locked-Unbenannt 1.odt.ighl
[2012.05.01 11:37:07 | 000,513,301 | ---- | M] () -- C:\Users\Admin\Documents\locked-2009.pdf.mcwa
[2012.05.01 11:37:07 | 000,487,026 | ---- | M] () -- C:\Users\Admin\Documents\locked-Route 2570km.pdf.aulg
[2012.05.01 11:37:07 | 000,463,389 | ---- | M] () -- C:\Users\Admin\Documents\locked-Route 2230km.pdf.fmcw
[2012.05.01 11:37:07 | 000,403,238 | ---- | M] () -- C:\Users\Admin\Documents\locked-te.pdf.nlie
[2012.05.01 11:37:07 | 000,381,671 | ---- | M] () -- C:\Users\Admin\Documents\locked-S3.pdf.fmcw
[2012.05.01 11:37:06 | 000,215,352 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung.pdf.hlbr
[2012.05.01 11:35:57 | 000,444,756 | ---- | M] () -- C:\Users\Admin\Documents\locked-route groß Schweden.pdf.rblh
[2012.05.01 11:35:56 | 000,687,072 | ---- | M] () -- C:\Users\Admin\Documents\locked-Reinecke.pdf.odqt
[2012.05.01 11:35:55 | 000,215,207 | ---- | M] () -- C:\Users\Admin\Documents\locked-ung.pdf.cmfk
[2012.05.01 11:35:55 | 000,011,413 | ---- | M] () -- C:\Users\Admin\Documents\locked-PLZKarte.dgr.rlva
[2012.05.01 11:35:54 | 002,081,229 | ---- | M] () -- C:\Users\Admin\Documents\locked-Overeem.pdf.cpfw
[2012.05.01 11:35:53 | 009,848,434 | ---- | M] () -- C:\Users\Admin\Documents\locked-myphotobook.de-1.1.0-449.air.cmfk
[2012.05.01 11:35:53 | 002,338,816 | ---- | M] () -- C:\Users\Admin\Documents\locked-projekte.accdb.ykcp
[2012.05.01 11:35:53 | 002,074,541 | ---- | M] () -- C:\Users\Admin\Documents\locked-Profil GmbH.pdf.glua
[2012.05.01 11:35:53 | 000,057,508 | ---- | M] () -- C:\Users\Admin\Documents\locked-print.pdf.ymyk
[2012.05.01 11:35:53 | 000,047,764 | ---- | M] () -- C:\Users\Admin\Documents\locked-Lametta.pdf.geup
[2012.05.01 11:35:53 | 000,039,095 | ---- | M] () -- C:\Users\Admin\Documents\locked-an.pdf.hzis
[2012.05.01 11:35:53 | 000,024,555 | ---- | M] () -- C:\Users\Admin\Documents\locked-an.pdf.pywc
[2012.05.01 11:35:52 | 002,079,072 | ---- | M] () -- C:\Users\Admin\Documents\locked-fil GmbH.pdf.mykc
[2012.05.01 11:35:52 | 000,010,137 | ---- | M] () -- C:\Users\Admin\Documents\locked-Krk.odt.ndjt
[2012.05.01 11:35:51 | 002,078,571 | ---- | M] () -- C:\Users\Admin\Documents\locked-ilnz
[2012.05.01 11:35:51 | 000,014,352 | ---- | M] () -- C:\Users\Admin\Documents\locked-iste.odt.qxnd
[2012.05.01 11:35:50 | 002,081,090 | ---- | M] () -- C:\Users\Admin\Documents\locked-Profil.pdf.geup
[2012.05.01 11:35:50 | 002,080,339 | ---- | M] () -- C:\Users\Admin\Documents\locked-AS.pdf.shri
[2012.05.01 11:35:50 | 002,077,079 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bauteile.pdf.tqfn
[2012.05.01 11:35:50 | 000,024,297 | ---- | M] () -- C:\Users\Admin\Documents\locked-Uhl.odt.hzis
[2012.05.01 11:35:49 | 002,081,698 | ---- | M] () -- C:\Users\Admin\Documents\locked-Beschaffung.pdf.xjdo
[2012.05.01 11:35:49 | 002,078,872 | ---- | M] () -- C:\Users\Admin\Documents\locked-technik GmbH.pdf.wymc
[2012.05.01 11:35:49 | 002,077,925 | ---- | M] () -- C:\Users\Admin\Documents\locked-leiter.pdf.fpyw
[2012.05.01 11:35:48 | 002,080,930 | ---- | M] () -- C:\Users\Admin\Documents\locked-ockel.pdf.dotq
[2012.05.01 11:35:48 | 002,080,624 | ---- | M] () -- C:\Users\Admin\Documents\locked-hardt Stahl.pdf.donl
[2012.05.01 11:35:48 | 000,212,306 | ---- | M] () -- C:\Users\Admin\Documents\locked-ung.pdf.ctqf
[2012.05.01 11:35:47 | 002,341,657 | ---- | M] () -- C:\Users\Admin\Documents\locked-Fotos.pdf.mckf
[2012.05.01 11:35:28 | 002,080,956 | ---- | M] () -- C:\Users\Admin\Documents\locked-Forming AG.pdf.qdox
[2012.05.01 11:35:27 | 000,015,898 | ---- | M] () -- C:\Users\Admin\Documents\locked-Schule1.odt.znli
[2012.05.01 11:35:27 | 000,013,280 | ---- | M] () -- C:\Users\Admin\Documents\locked-na.odt.uega
[2012.05.01 11:35:27 | 000,012,615 | ---- | M] () -- C:\Users\Admin\Documents\locked-ule.odt.hsbz
[2012.05.01 11:34:09 | 002,078,207 | ---- | M] () -- C:\Users\Admin\Documents\locked-Delta.pdf.pvlg
[2012.05.01 11:34:09 | 000,024,369 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt.pdf.gaue
[2012.05.01 11:34:09 | 000,013,412 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt.odt.ywym
[2012.05.01 11:34:09 | 000,013,229 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt.odt.dofp
[2012.05.01 11:34:09 | 000,013,124 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt.odt.dotp
[2012.05.01 11:34:09 | 000,012,687 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt.odt.erpn
[2012.05.01 11:34:08 | 002,080,505 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung .pdf.dwvs
[2012.05.01 11:34:08 | 002,078,058 | ---- | M] () -- C:\Users\Admin\Documents\locked-KG.pdf.mgrn
[2012.05.01 11:34:08 | 000,214,897 | ---- | M] () -- C:\Users\Admin\Documents\locked-est.pdf.owvs
[2012.05.01 11:34:08 | 000,213,610 | ---- | M] () -- C:\Users\Admin\Documents\locked-t.pdf.qtod
[2012.05.01 11:34:08 | 000,198,400 | ---- | M] () -- C:\Users\Admin\Documents\locked-esco.pdf.ifku
[2012.05.01 11:34:08 | 000,084,607 | ---- | M] () -- C:\Users\Admin\Documents\locked-linik.prn.pkcm
[2012.05.01 11:34:08 | 000,074,998 | ---- | M] () -- C:\Users\Admin\Documents\locked-una.pdf.fjyp
[2012.05.01 11:34:08 | 000,064,253 | ---- | M] () -- C:\Users\Admin\Documents\locked-con.pdf.shzb
[2012.05.01 11:34:08 | 000,029,155 | ---- | M] () -- C:\Users\Admin\Documents\locked-legs.pdf.uljy
[2012.05.01 11:34:08 | 000,013,258 | ---- | M] () -- C:\Users\Admin\Documents\locked-Eink.odt.qfnx
[2012.05.01 11:34:08 | 000,012,631 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bürokauff.odt.bzhs
[2012.05.01 11:34:07 | 000,213,304 | ---- | M] () -- C:\Users\Admin\Documents\locked-ella.pdf.uxip
[2012.05.01 11:34:07 | 000,212,512 | ---- | M] () -- C:\Users\Admin\Documents\locked-tafence.pdf.djxn
[2012.05.01 11:33:48 | 000,047,030 | ---- | M] () -- C:\Users\Admin\Documents\locked-ular.pdf.zhlb
[2012.05.01 11:33:47 | 002,073,946 | ---- | M] () -- C:\Users\Admin\Documents\locked-ei.pdf.givw
[2012.05.01 11:33:47 | 000,061,788 | ---- | M] () -- C:\Users\Admin\Documents\locked-etservice.pdf.hkdl
[2012.05.01 11:33:43 | 000,306,176 | ---- | M] () -- C:\Users\Admin\Desktop\locked-Software.exe.fpco
[2012.05.01 11:33:43 | 000,247,476 | ---- | M] () -- C:\Users\Admin\Desktop\locked-liste 102.JPG.ysvp
[2012.05.01 11:33:43 | 000,023,136 | ---- | M] () -- C:\Users\Admin\Desktop\locked-routegroß.JPG.hajs
[2012.05.01 11:33:43 | 000,009,952 | ---- | M] () -- C:\Users\Admin\Desktop\locked-2012-NRW.pdf.shri
[2012.05.01 11:33:43 | 000,000,113 | ---- | M] () -- C:\Users\Admin\Documents\locked-.~lock.rthcraft.pdf#.porv
[2012.05.01 11:33:42 | 000,024,064 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\locked-UserTile.png.fnxj
[2012.05.01 11:28:53 | 000,019,456 | ---- | M] () -- C:\Users\Admin\AppData\Local\locked-WebpageIcons.db.ifca
[2012.04.19 18:40:33 | 000,037,888 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 12:32:09 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.04.08 14:22:45 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\2weistein-Training.lnk
[2012.04.08 14:22:45 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\2weistein - Handbuch.lnk
[2012.04.08 14:22:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainmonster Studios
[2012.04.05 03:00:18 | 000,000,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.17 14:35:25 | 000,278,302 | ---- | C] () -- C:\Users\Admin\Documents\locked-Übernachtungsorte Schwedenroute.pdf.blnr
[2012.04.14 15:22:19 | 000,414,147 | ---- | C] () -- C:\Users\Admin\Documents\locked-Google Maps.pdf.doxj
[2012.04.13 21:15:18 | 000,023,136 | ---- | C] () -- C:\Users\Admin\Desktop\locked-routegroß.JPG.hajs
[2012.04.11 23:20:45 | 002,341,657 | ---- | C] () -- C:\Users\Admin\Documents\locked-Fotos.pdf.mckf
[2012.04.08 14:22:45 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\2weistein-Training.lnk
[2012.04.08 14:22:45 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\2weistein - Handbuch.lnk
[2011.10.16 18:44:48 | 000,024,064 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\locked-UserTile.png.fnxj
[2011.07.07 15:29:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.07.07 15:29:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.04.12 15:50:10 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.02 12:30:25 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll
[2011.04.02 12:26:46 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxebrwrd.ini
[2011.04.02 12:26:31 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll
[2011.04.02 12:18:47 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010.11.18 10:32:30 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll
[2010.11.18 10:32:22 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll
[2010.11.18 10:32:22 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll
[2010.11.18 10:32:22 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll
[2010.11.18 10:32:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll
[2010.11.18 10:32:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll
[2010.11.18 10:32:21 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll
[2010.11.18 10:32:21 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll
[2010.11.18 10:32:21 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll
[2010.11.18 10:32:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll
[2010.11.18 10:32:21 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll
[2010.09.05 22:57:23 | 000,355,258 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\mdbu.bin
[2010.07.21 09:25:45 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010.06.29 20:38:59 | 000,019,456 | ---- | C] () -- C:\Users\Admin\AppData\Local\locked-WebpageIcons.db.ifca
[2010.06.20 11:16:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.20 11:16:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.14 22:17:35 | 000,037,888 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.08 23:51:30 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.08 23:32:20 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.06.08 23:32:19 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.06.08 20:51:58 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LXEBPMON.DLL
[2010.06.08 20:51:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXEBFXPU.DLL
[2010.06.08 20:51:38 | 004,485,120 | ---- | C] () -- C:\Windows\System32\LXEBoem.dll
[2010.06.08 20:48:02 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEBsm.dll
[2010.06.08 20:48:02 | 000,024,064 | ---- | C] () -- C:\Windows\System32\lxebsmr.dll
[2009.07.11 09:54:36 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.04.17 20:04:47 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.04.17 05:34:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.04.17 05:29:10 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009.04.17 04:51:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.17 04:22:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.04.17 04:22:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.04.17 04:17:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2009.04.17 04:17:24 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2009.04.17 04:17:09 | 000,007,588 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.04.17 02:50:13 | 000,689,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.04.17 02:50:13 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.04.17 02:50:13 | 000,151,278 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.04.17 02:50:13 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.04.17 02:33:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.04.17 02:33:39 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.04.17 02:33:38 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.04.17 02:33:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.04.17 02:33:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\imagine digital freedom.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,395,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,645,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,122,724 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.09.23 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.07.23 14:27:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.07.18 12:17:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2012.05.01 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.01 18:38:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fwlqcnx
[2012.05.01 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\go
[2010.09.10 14:31:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2012.05.01 11:32:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011.12.17 16:26:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\KIDDINX
[2010.07.13 10:16:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.07.07 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2011.10.16 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2012.05.01 11:33:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Pro200-S500 Series
[2012.05.01 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2012.05.01 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2010.12.29 23:59:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SAD_Office2010
[2011.07.07 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2012.05.01 11:33:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smart PDF Converter
[2010.06.08 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\T-Online
[2012.05.01 18:49:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Wqlfdrmna
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012.05.01 11:54:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2010.06.09 08:00:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Ezprint
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.03.22 17:41:36 | 000,000,000 | ---D | M] -- C:\ProgramData\GARTEN8C
[2011.07.11 17:40:44 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010.08.29 14:31:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexmark Pro200-S500 Series
[2012.05.01 11:54:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Lx_cats
[2012.05.01 11:57:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Netzmanager
[2011.07.07 15:40:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010.06.08 20:51:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Pro200-S500 Series
[2009.04.17 05:37:10 | 000,000,000 | ---D | M] -- C:\ProgramData\SAMSUNG
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.06.08 21:43:36 | 000,000,000 | ---D | M] -- C:\ProgramData\T-Online
[2010.02.01 00:31:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010.06.09 05:37:01 | 000,000,000 | ---D | M] -- C:\ProgramData\WinClon
[2010.07.16 13:35:40 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010.06.24 14:31:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2010.11.11 09:10:24 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.24 14:31:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\{BAAC9F5F-09A6-4530-B65F-7B848F2EC280}
[2012.05.01 21:48:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.01 22:08:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4224D031-A0DF-4C8A-965C-146460862FCB}.job
[2012.05.01 22:11:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59FF7F83-BB5C-40D2-A251-CE5F915947E4}.job
[2012.05.01 22:10:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{83B22B03-42AA-42AC-B7EB-CACDB31F1883}.job
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.05.2012 22:09:47 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = F:\ReatogoPE\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 91,33 Gb Free Space | 64,27% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 138,64 Gb Free Space | 96,95% Space Free | Partition Type: NTFS
Drive F: | 1,92 Gb Total Space | 1,42 Gb Free Space | 73,91% Space Free | Partition Type: FAT
 
Computer Name: NOTEBOOK | User Name: 
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EEBE49B-82BD-47F5-AF0C-3E5DD690FABA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{278C37A3-B383-46E6-B46F-920B274612FD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2E274542-ED43-4673-A35B-66355CFCB6C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2FAC5B2A-E919-465C-845F-2EE7A6F58733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{48BE4F19-5DBB-42F7-9840-13AE6E011701}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6CB2137F-2AFB-4646-9DE7-9C5CC66DB423}" = rport=138 | protocol=17 | dir=out | app=system | 
"{84ACA966-4D5F-448A-B2BA-A36417515EA6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8F5B64F7-4E98-4D63-8CEE-DDE0BACD4E89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{92B17DAD-3A59-48EA-8A04-3E3A4A14BC3D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A65D2D46-45E6-4AB5-9746-E96694661324}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A9C884A0-514D-48AA-9F4A-7BFF6A288592}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAB0BD41-4208-483B-9BA6-754582D4FB91}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B42853A5-DBB7-4B13-BDFC-C16306AD2780}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{B4D7B22F-EDB2-4E91-BD98-304AC3BBDC41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C9182006-C7DB-4C11-9080-EA09984F5237}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DC1F5D32-553D-487E-846E-0A7185272224}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F21B14AE-8888-45B6-9216-5BE43EA86D6F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F5247E09-A578-48CA-AE46-6A6E9DBFAE89}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8F85007-E72D-4D23-AE20-9503738D07C4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8F0797-8BC6-465A-B01F-826825B31A76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0F4C844F-A018-430E-92BC-7BFD15991A74}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{17F90EE6-412B-4C81-8C01-709F89F807B7}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{247CB7FC-257A-4D9A-8594-97AAAD5B02F2}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{33319C67-904B-4281-9E18-3B38422B3DBC}" = protocol=6 | dir=in | app=c:\windows\system32\lxebcoms.exe | 
"{3D7B3C5B-E26A-48C4-A738-3A6D0B8719B4}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{518442C0-5316-43E1-9615-E5358602C804}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54F16E15-9FC1-4A54-9995-83DBFDEADADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{56B08F85-0F8B-492C-97C8-DAD3DBFEA14D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{5B6F4CB0-3F7D-490A-9C7D-E5BB749BF6B8}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{716E5C16-8413-463D-90BD-1F650FC9672F}" = protocol=6 | dir=in | app=c:\program files\lexmark pro200-s500 series\lxebfax.exe | 
"{87DABAAD-0CFA-48DD-AB0D-F34E56CB1A40}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9C992F60-D789-457C-B2E6-3634FF6BFFE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AC43E5B9-1100-4352-9CB2-766E84F7E576}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{B3204FD4-053C-4B44-969B-57307BF58C05}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B57C85B7-CC62-4E2C-B832-7A10E8BDF6F6}" = protocol=17 | dir=in | app=c:\program files\lexmark pro200-s500 series\lxebfax.exe | 
"{C291508C-F7BD-498B-834D-6F6FCD15C4E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C923070D-BB1F-4C01-A3F8-4D7023E0FB7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CA2A9253-05A7-4A06-B9AC-5FFA2D39777E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E37BA2D7-EABE-4BC0-8454-3C34DFE12D60}" = protocol=17 | dir=in | app=c:\windows\system32\lxebcoms.exe | 
"{EC650708-7B9E-4C57-8F98-220EFCECE631}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{F003AA19-C7D0-43E5-BA3E-26EA0AB3D908}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{F3ADEF79-B14F-430D-B883-A693485D6A65}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{F874D839-E1BC-4E36-9DE2-178EF176AA86}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{3528C1A7-359E-4A2E-A31F-05016C63D6A9}C:\program files\samsung\easy network manager\enm.exe" = protocol=6 | dir=in | app=c:\program files\samsung\easy network manager\enm.exe | 
"TCP Query User{4E4EFDF0-0984-4E16-B0CC-607AD274951C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{5B1E46AC-9A69-49E7-A600-698D38F03F14}C:\program files\samsung\easy network manager\enm.exe" = protocol=6 | dir=in | app=c:\program files\samsung\easy network manager\enm.exe | 
"TCP Query User{83DDE231-96CA-4AC4-A4E9-69287E195473}C:\users\admin\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\google\google earth\client\googleearth.exe | 
"TCP Query User{BDFF15A7-1D86-4CA2-AE2F-58596869134D}C:\users\admin\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3B03CDD4-EB9E-4FC9-8E17-4B2B7659FA90}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5FE6B0CE-3B9B-44EE-B96C-687B101971BD}C:\users\admin\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\google\google earth\client\googleearth.exe | 
"UDP Query User{7A5103AC-9AF9-48BE-83D7-2D07D778B04F}C:\program files\samsung\easy network manager\enm.exe" = protocol=17 | dir=in | app=c:\program files\samsung\easy network manager\enm.exe | 
"UDP Query User{AC03370B-1756-49F8-A495-91F9D902FE95}C:\users\admin\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\google\google earth\plugin\geplugin.exe | 
"UDP Query User{B685B022-A41B-4E16-882F-9FCAE625DEAF}C:\program files\samsung\easy network manager\enm.exe" = protocol=17 | dir=in | app=c:\program files\samsung\easy network manager\enm.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{027CC103-7CBD-3091-BD05-61C3B39C5F41}" = CCC Help French
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05C866EC-C6E6-B63B-5E93-310048EA28F4}" = ccc-utility
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0AA0EF07-5F55-47CA-B790-8AFB7BFEE159}_is1" = 2weistein-Training
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{13C3016D-EDE0-A37F-1F01-DAFB618DA715}" = CCC Help Greek
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{16119AAC-9FE5-8BDC-6DEF-F52576AF1649}" = CCC Help Czech
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{20226F96-074F-CA03-3FDB-48EA38F99A34}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F0B0B99-2AF4-0A85-4E37-F45C48CC0B21}" = CCC Help Swedish
"{312E49B1-3621-C991-7A6F-E3B30CCA9E6B}" = CCC Help Turkish
"{31B1789F-00B9-D898-1578-CE4CD0EF205B}" = CCC Help Chinese Standard
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3B240B92-3596-9F6F-2D1D-2E031D50F5DC}" = CCC Help Danish
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{47F081A8-64F6-C280-A694-5637817B8904}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{506CEF40-A02C-D047-3F75-0FB34AFCCEE7}" = CCC Help Hungarian
"{52797A98-AB5F-2715-BAB9-256085988154}" = Catalyst Control Center Graphics Previews Vista
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{581FE9BC-4A4F-85D9-7308-09DCD7817C29}" = ccc-core-static
"{6474E823-3AB2-FFE2-08B2-D1AF0DA1AAA7}" = myphotobook.de
"{65A5CA1A-16CF-0FE2-2452-ED6D625AD58F}" = Skins
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6A1F72DD-2465-43A2-A137-8A849399B7A8}" = REALTEK Wireless LAN Software
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70E893FF-56BB-8AF3-64E4-54A49F9F896E}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{7FE0877D-B669-F5E1-1842-0E9676F03A7A}" = Catalyst Control Center Core Implementation
"{836A12E6-3418-593C-DC70-B7E7048C44F2}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{94815A13-F1B8-1384-0F0A-A8E4CE6EA62B}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A230C543-7D98-D7CF-91EF-280081A0DDD2}" = CCC Help Japanese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A6BEDC5B-ABF7-FADF-8D0F-0FF1FEF34C87}" = CCC Help Chinese Traditional
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AFB6EECF-0CA4-9C01-C48A-6F0E5BB0FE74}" = Catalyst Control Center Localization All
"{B00EE7D4-8D4C-CE86-D1DF-5B9D026C13F5}" = CCC Help Russian
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E4ACA0-79C5-4FC0-818F-ECE4521EBF8D}" = COMPUTERBILD-Abzockschutz
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD9F153A-E812-B910-EA23-1BFEF07D3352}" = CCC Help Korean
"{BE12D93E-0C6E-7DDD-0838-667326C287A1}" = CCC Help German
"{C0E2DFB6-3D76-8BAD-62DF-47871AF6A5A4}" = CCC Help Polish
"{C343B6AD-A23C-8138-35CE-883DE2DEAFE7}" = CCC Help Finnish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel(R) PROSet/Wireless WiFi Software
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{DDF998C0-099C-5D46-9985-5730306330A9}" = CCC Help Spanish
"{DEB8C753-9CB6-1BD1-34BA-4ED9382755E9}" = ATI Catalyst Install Manager
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED97F2D3-7BCF-E0B4-E8C6-0F6BA058CA95}" = CCC Help Portuguese
"{EEFB5B34-DEF9-0BF4-89A9-AB62320AA44E}" = Catalyst Control Center Graphics Full New
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5115AA1-78F1-EBBC-4888-A10310FD4A6A}" = CCC Help Italian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD458F33-C5A9-3E69-425C-129F21B3ADF9}" = CCC Help Norwegian
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEC19789-7756-17C3-765B-C532E09322D7}" = Catalyst Control Center InstallProxy
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"Eishockey Manager 2009 " = Eishockey Manager 2009
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"IrfanView" = IrfanView (remove only)
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickTime" = QuickTime
"RealVNC_is1" = VNC Free Edition 4.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Service" = Sony Ericsson Update Service
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
 
< End of report >

--- --- ---

Und hier noch die Dateien von Malwarebytes:

Zitat:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.09

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19222
Admin :: NOTEBOOK [Administrator]

01.05.2012 18:36:30
mbam-log-2012-05-01 (18-36-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1183
Laufzeit: 1 Minute(n), 20 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|04D1F8E0 (Trojan.Downloader) -> Daten: C:\Users\Admin\AppData\Roaming\Fwlqcnx\F074BBF504D1F8E03C1A.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Admin\AppData\Roaming\Fwlqcnx\F074BBF504D1F8E03C1A.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.09

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.6001.19222
Admin :: NOTEBOOK [Administrator]

01.05.2012 18:46:18
mbam-log-2012-05-01 (18-46-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 42028
Laufzeit: 2 Minute(n), 16 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Admin\AppData\Roaming\Wqlfdrmna\4D7D086B04D1F8E02E0C.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.09

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19222
Admin :: NOTEBOOK [Administrator]

01.05.2012 19:54:10
mbam-log-2012-05-01 (19-54-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 101269
Laufzeit: 14 Minute(n), 10 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Admin\AppData\Local\Temp\aglvprrsjx.pre (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Local\Temp\jdotqfnymc.pre (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Local\Temp\tjdnxqfznl.pre (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Local\Temp\zptnpjsufb.pre (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
Admin :: NOTEBOOK [Administrator]

01.05.2012 22:53:55
mbam-log-2012-05-01 (22-53-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233557
Laufzeit: 7 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Wie verfahren wir jetzt weiter??

Schöne Grüsse,
gaia48

cosinus · 02.05.2012, 13:21

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder? Wenn nicht, der abgesicherte Modus mit Netzwerktreibern scheint ja jettz zu funktionieren? Wenn ja brauchen wir OTLPE wohl erstmal nicht
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

gaia48 · 02.05.2012, 18:35

Hallo Arne,

1. der normale Modus funktioniert insofern als dass sich der Rechner im normalen Modus hochfahren lässt. Der dann erscheinende Bildschirm ist ein schwarzer Hintergrund mit allen Icons und Dateiangaben die wir auch hatten, jedoch alles mit dem "locked" vorangestellt, es lässt sich nichts öffnen. Der Internet Browser lässt sich öffnen, hat jedoch auch eine schwarze Leiste oben und alle Lesezeichen die auf der eingeblendeten Favoritenleiste stehen sind "unscharf" weil irgendwie in doppelter Schrift angegeben. Arbeiten im normalen Modus ist also nicht wirklich möglich. OTL haben wir ja auch gestern vom Stick aus gestartet und durchlaufen lassen, siehe Logs oben.

2. Unter "Alle Programme" sind alle Einträge noch vorhanden bis auf Malwarebytes Anti Malware, dort steht "leer", jedoch hatten wir das Programm ja auf dem Desktop und von dort aus konnten wir es auch gestern abend starten (die Files haben wir ja gepostet).

Wir denken, wir müssen im Abgesicherten Modus mit Netzwerktreibern weitere Reparaturen durchführen, ist das richtig?

Viele Grüsse
gaia 48

cosinus · 02.05.2012, 19:06

Es gibt hier genug Hinweise und Postings zu den verschlüsselten Dateien und wie man diese wieder entschlüsseln kann

Zitat:

Wir denken, wir müssen im Abgesicherten Modus mit Netzwerktreibern weitere Reparaturen durchführen, ist das richtig?

Nein wenn der normale Modus bis auf ein paar kleinere Schönheitsmakel an für sich funktiniert machst du damit auch bitte weiter

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

gaia48 · 02.05.2012, 21:37

Hallo,

hier nun der OTL logfile:

Code:

ATTFilter

OTL logfile created on: 02.05.2012 22:00:32 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,68% Memory free
6,16 Gb Paging File | 4,87 Gb Available in Paging File | 79,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 91,52 Gb Free Space | 64,41% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 138,64 Gb Free Space | 96,95% Space Free | Partition Type: NTFS
Drive F: | 1,92 Gb Total Space | 1,42 Gb Free Space | 73,86% Space Free | Partition Type: FAT
 
Computer Name: NOTEBOOK | User Name: *** | Logged in as ***.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\lxebcoms.exe ( )
PRC - C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
PRC - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c12259751030b8fb693006bb6e7dd55f\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxebdatr.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
MOD - C:\Windows\System32\lxebsmr.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\lxebdrs.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\epoemdll.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\epwizres.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3358.38385__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3358.38368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3358.38376__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3358.38459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3358.38441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3358.38376__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3358.38410__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3358.38458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3358.38460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3358.38427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3358.38458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3358.38377__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3358.38407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3358.38435__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3358.38421__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3358.38420__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3358.38485__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3358.38467__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3358.38363__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3358.38449__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3358.38454__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3358.38365__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3358.38452__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3358.38367__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3358.38372__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3358.38366__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3358.38365__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3358.38364__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3358.38453__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\epwizard.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\customui.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\epfunct.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\eputil.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\imagutil.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll ()
MOD - C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll ()
MOD - C:\Windows\System32\LXEBsm.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (lxeb_device) -- C:\Windows\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (acedrv07) -- C:\Windows\System32\drivers\acedrv07.sys (Protect Software GmbH)
DRV - (acedrv06) -- C:\Windows\System32\drivers\acedrv06.sys (Protect Software GmbH)
DRV - (acedrv05) -- C:\Windows\System32\drivers\acedrv05.sys (Protect Software GmbH)
DRV - (acedrv04) -- C:\Windows\System32\drivers\acedrv04.sys (Protect Software GmbH)
DRV - (acedrv03) -- C:\Windows\System32\drivers\acedrv03.sys (ACE GmbH)
DRV - (acedrv02) -- C:\Windows\System32\drivers\acedrv02.sys (ACE GmbH)
DRV - (acedrv01) -- C:\Windows\System32\drivers\acedrv01.sys (ACE GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MTOnlPktAlyX) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=-Iy7FQ6C6KobxslWBTpeBPVXE5M?q={searchTerms}
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\SearchScopes\{D932A310-C9FD-4514-9791-9EE20184C8E1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Admin\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 13:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 12:32:08 | 000,000,000 | ---D | M]
 
[2010.06.08 22:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.05.01 11:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\056guaym.default\extensions
[2012.01.12 19:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.27 13:51:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 19:06:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.12 19:06:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.12 19:06:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.12 19:06:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.12 19:06:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.12 19:06:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.24 12:02:20 | 000,408,580 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14130 more lines...
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000..\Run: [Device Detection] C:\Program Files\Lidl_Fotos\dd.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O7 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB29A5A-ED16-45C7-8400-01E9BD4F4A80}: NameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: T-Online_Software_6 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.02 21:49:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\OTLPE
[2012.05.01 11:46:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Fwlqcnx
[2012.05.01 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Wqlfdrmna
[2012.04.27 13:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.27 13:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.08 14:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainmonster Studios
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.02 22:03:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4224D031-A0DF-4C8A-965C-146460862FCB}.job
[2012.05.02 22:01:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59FF7F83-BB5C-40D2-A251-CE5F915947E4}.job
[2012.05.02 22:00:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83B22B03-42AA-42AC-B7EB-CACDB31F1883}.job
[2012.05.02 21:48:33 | 000,689,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.02 21:48:33 | 000,645,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.02 21:48:33 | 000,151,278 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.02 21:48:33 | 000,122,724 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.02 21:44:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.02 19:16:47 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.02 19:16:47 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 23:29:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.01 17:24:12 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 11:55:42 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\locked-00000DA4.LCS.ikfm
[2012.05.01 11:54:05 | 000,396,451 | ---- | M] () -- C:\Users\Admin\locked-VerenaBild15.jpg.zpti
[2012.05.01 11:37:42 | 000,000,680 | ---- | M] () -- C:\Users\Admin\locked-ntuser.pol.risa
[2012.05.01 11:37:14 | 004,067,840 | ---- | M] () -- C:\Users\Admin\Documents\locked-Zipdatei ***.EXE.pfkc
[2012.05.01 11:37:14 | 000,278,302 | ---- | M] () -- C:\Users\Admin\Documents\locked-route.pdf.blnr
[2012.05.01 11:37:13 | 003,840,375 | ---- | M] () -- C:\Users\Admin\Documents\locked-ried.pdf.hzbl
[2012.05.01 11:37:13 | 001,635,674 | ---- | M] () -- C:\Users\Admin\Documents\locked-WB.pdf.nfqt
[2012.05.01 11:37:10 | 004,105,139 | ---- | M] () -- C:\Users\Admin\Documents\locked-e.nris
[2012.05.01 11:37:09 | 002,081,212 | ---- | M] () -- C:\Users\Admin\Documents\locked-file.pdf.pcky
[2012.05.01 11:37:08 | 002,080,938 | ---- | M] () -- C:\Users\Admin\Documents\locked-eiter.pdf.qdox
[2012.05.01 11:37:08 | 000,414,147 | ---- | M] () -- C:\Users\Admin\Documents\locked-Google Maps.pdf.doxj
[2012.05.01 11:37:08 | 000,119,869 | ---- | M] () -- C:\Users\Admin\Documents\locked-WebDeClub.JPG.cwyp
[2012.05.01 11:37:08 | 000,032,476 | ---- | M] () -- C:\Users\Admin\Documents\locked-Tips Schweden.pdf.znli
[2012.05.01 11:37:08 | 000,023,136 | ---- | M] () -- C:\Users\Admin\Documents\locked-Unbenannt.odt.fntq
[2012.05.01 11:37:08 | 000,013,200 | ---- | M] () -- C:\Users\Admin\Documents\locked-Unbenannt 1.odt.ighl
[2012.05.01 11:37:07 | 000,513,301 | ---- | M] () -- C:\Users\Admin\Documents\locked-Stahlbauentwicklung Nov.2009.pdf.mcwa
[2012.05.01 11:37:07 | 000,487,026 | ---- | M] () -- C:\Users\Admin\Documents\locked-Route 2570km.pdf.aulg
[2012.05.01 11:37:07 | 000,463,389 | ---- | M] () -- C:\Users\Admin\Documents\locked-Route 2230km.pdf.fmcw
[2012.05.01 11:37:07 | 000,403,238 | ---- | M] () -- C:\Users\Admin\Documents\locked-kleine route.pdf.nlie
[2012.05.01 11:37:07 | 000,381,671 | ---- | M] () -- C:\Users\Admin\Documents\locked-zeugnis S3.pdf.fmcw
[2012.05.01 11:37:06 | 000,215,352 | ---- | M] () -- C:\Users\Admin\Documents\locked-ung.pdf.hlbr
[2012.05.01 11:35:57 | 000,444,756 | ---- | M] () -- C:\Users\Admin\Documents\locked-eden.pdf.rblh
[2012.05.01 11:35:56 | 000,687,072 | ---- | M] () -- C:\Users\Admin\Documents\locked-Reinecke.pdf.odqt
[2012.05.01 11:35:55 | 000,215,207 | ---- | M] () -- C:\Users\Admin\Documents\locked-rbung.pdf.cmfk
[2012.05.01 11:35:55 | 000,011,413 | ---- | M] () -- C:\Users\Admin\Documents\locked-Karte.dgr.rlva
[2012.05.01 11:35:54 | 002,081,229 | ---- | M] () -- C:\Users\Admin\Documents\locked-Overeem.pdf.cpfw
[2012.05.01 11:35:53 | 009,848,434 | ---- | M] () -- C:\Users\Admin\Documents\locked-myphotobook.de-1.1.0-449.air.cmfk
[2012.05.01 11:35:53 | 002,338,816 | ---- | M] () -- C:\Users\Admin\Documents\locked-Marketingprojekte.accdb.ykcp
[2012.05.01 11:35:53 | 002,074,541 | ---- | M] () -- C:\Users\Admin\Documents\locked-KS Profil GmbH.pdf.glua
[2012.05.01 11:35:53 | 000,057,508 | ---- | M] () -- C:\Users\Admin\Documents\locked-print.pdf.ymyk
[2012.05.01 11:35:53 | 000,047,764 | ---- | M] () -- C:\Users\Admin\Documents\locked-Lametta.pdf.geup
[2012.05.01 11:35:53 | 000,039,095 | ---- | M] () -- C:\Users\Admin\Documents\locked-an.pdf.hzis
[2012.05.01 11:35:53 | 000,024,555 | ---- | M] () -- C:\Users\Admin\Documents\locked-an.pdf.pywc
[2012.05.01 11:35:52 | 002,079,072 | ---- | M] () -- C:\Users\Admin\Documents\locked-KRONENBERG Profil GmbH.pdf.mykc
[2012.05.01 11:35:52 | 000,010,137 | ---- | M] () -- C:\Users\Admin\Documents\locked-Krk.odt.ndjt
[2012.05.01 11:35:51 | 002,078,571 | ---- | M] () -- C:\Users\Admin\Documents\locked-Werk.pdf.ilnz
[2012.05.01 11:35:51 | 000,014,352 | ---- | M] () -- C:\Users\Admin\Documents\locked-liste.odt.qxnd
[2012.05.01 11:35:50 | 002,081,090 | ---- | M] () -- C:\Users\Admin\Documents\locked-Hüttenbrauck Profil.pdf.geup
[2012.05.01 11:35:50 | 002,080,339 | ---- | M] () -- C:\Users\Admin\Documents\locked-IB Andresen Industri AS.pdf.shri
[2012.05.01 11:35:50 | 002,077,079 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bauteile.pdf.tqfn
[2012.05.01 11:35:50 | 000,024,297 | ---- | M] () -- C:\Users\Admin\Documents\locked-HotelUhl.odt.hzis
[2012.05.01 11:35:49 | 002,081,698 | ---- | M] () -- C:\Users\Admin\Documents\locked-Beschaffung.pdf.xjdo
[2012.05.01 11:35:49 | 002,078,872 | ---- | M] () -- C:\Users\Admin\Documents\locked-GmbH.pdf.wymc
[2012.05.01 11:35:49 | 002,077,925 | ---- | M] () -- C:\Users\Admin\Documents\locked-leiter.pdf.fpyw
[2012.05.01 11:35:48 | 002,080,930 | ---- | M] () -- C:\Users\Admin\Documents\locked-Gockel.pdf.dotq
[2012.05.01 11:35:48 | 002,080,624 | ---- | M] () -- C:\Users\Admin\Documents\locked-Stahl.pdf.donl
[2012.05.01 11:35:48 | 000,212,306 | ---- | M] () -- C:\Users\Admin\Documents\locked-bung.pdf.ctqf
[2012.05.01 11:35:47 | 002,341,657 | ---- | M] () -- C:\Users\Admin\Documents\locked-Fotos.pdf.mckf
[2012.05.01 11:35:28 | 002,080,956 | ---- | M] () -- C:\Users\Admin\Documents\locked-Forming AG.pdf.qdox
[2012.05.01 11:35:27 | 000,015,898 | ---- | M] () -- C:\Users\Admin\Documents\locked-Schule1.odt.znli
[2012.05.01 11:35:27 | 000,013,280 | ---- | M] () -- C:\Users\Admin\Documents\locked-na.odt.uega
[2012.05.01 11:35:27 | 000,012,615 | ---- | M] () -- C:\Users\Admin\Documents\locked-Schule.odt.hsbz
[2012.05.01 11:34:09 | 002,078,207 | ---- | M] () -- C:\Users\Admin\Documents\locked-Systems.pdf.pvlg
[2012.05.01 11:34:09 | 000,024,369 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt.pdf.gaue
[2012.05.01 11:34:09 | 000,013,412 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt sachb.odt.ywym
[2012.05.01 11:34:09 | 000,013,229 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt assistentin.odt.dofp
[2012.05.01 11:34:09 | 000,013,124 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt VertriebsinnendienstSachb.odt.dotp
[2012.05.01 11:34:09 | 000,012,687 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt.odt.erpn
[2012.05.01 11:34:08 | 002,080,505 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung feldt.pdf.dwvs
[2012.05.01 11:34:08 | 002,078,058 | ---- | M] () -- C:\Users\Admin\Documents\locked-GmbH & Co. KG.pdf.mgrn
[2012.05.01 11:34:08 | 000,214,897 | ---- | M] () -- C:\Users\Admin\Documents\locked-BewerbungJobcenter.pdf.owvs
[2012.05.01 11:34:08 | 000,213,610 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung Management.pdf.qtod
[2012.05.01 11:34:08 | 000,198,400 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung co.pdf.ifku
[2012.05.01 11:34:08 | 000,084,607 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung fachklinik.prn.pkcm
[2012.05.01 11:34:08 | 000,074,998 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung duna.pdf.fjyp
[2012.05.01 11:34:08 | 000,064,253 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung descon.pdf.shzb
[2012.05.01 11:34:08 | 000,029,155 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung egs.pdf.uljy
[2012.05.01 11:34:08 | 000,013,258 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt Eink.odt.qfnx
[2012.05.01 11:34:08 | 000,012,631 | ---- | M] () -- C:\Users\Admin\Documents\locked-Deckblatt Bürokauff.odt.bzhs
[2012.05.01 11:34:07 | 000,213,304 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung la.pdf.uxip
[2012.05.01 11:34:07 | 000,212,512 | ---- | M] () -- C:\Users\Admin\Documents\locked-Bewerbung ence.pdf.djxn
[2012.05.01 11:33:48 | 000,047,030 | ---- | M] () -- C:\Users\Admin\Documents\locked-Beurteilungsbogen Formular.pdf.zhlb
[2012.05.01 11:33:47 | 002,073,946 | ---- | M] () -- C:\Users\Admin\Documents\locked-lei.pdf.givw
[2012.05.01 11:33:47 | 000,061,788 | ---- | M] () -- C:\Users\Admin\Documents\locked-service.pdf.hkdl
[2012.05.01 11:33:43 | 000,306,176 | ---- | M] () -- C:\Users\Admin\Desktop\locked-Zusätzliche Software.exe.fpco
[2012.05.01 11:33:43 | 000,247,476 | ---- | M] () -- C:\Users\Admin\Desktop\locked-liste 102.JPG.ysvp
[2012.05.01 11:33:43 | 000,023,136 | ---- | M] () -- C:\Users\Admin\Desktop\locked-groß.JPG.hajs
[2012.05.01 11:33:43 | 000,009,952 | ---- | M] () -- C:\Users\Admin\Desktop\locked-2012-NRW.pdf.shri
[2012.05.01 11:33:43 | 000,000,113 | ---- | M] () -- C:\Users\Admin\Documents\locked-.~lock.craft.pdf#.porv
[2012.05.01 11:33:42 | 004,067,840 | ---- | M] () -- C:\Users\Admin\locked-Bewerbung .EXE.nlbz
[2012.05.01 11:33:42 | 000,053,792 | ---- | M] () -- C:\Users\Admin\locked-Aufzeichnen.JPG.ckfp
[2012.05.01 11:33:42 | 000,024,064 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\locked-UserTile.png.fnxj
[2012.05.01 11:28:53 | 000,019,456 | ---- | M] () -- C:\Users\Admin\AppData\Local\locked-WebpageIcons.db.ifca
[2012.05.01 11:27:20 | 000,000,881 | ---- | M] () -- C:\Users\Admin\locked-.recently-used.xbel.tldj
[2012.04.19 18:40:33 | 000,037,888 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.08 14:22:45 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\2weistein-Training.lnk
[2012.04.08 14:22:45 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\2weistein - Handbuch.lnk
[2012.04.05 03:00:18 | 000,000,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.17 14:35:25 | 000,278,302 | ---- | C] () -- C:\Users\Admin\Documents\locked-route.pdf.blnr
[2012.04.14 15:22:19 | 000,414,147 | ---- | C] () -- C:\Users\Admin\Documents\locked-Google Maps.pdf.doxj
[2012.04.13 21:15:18 | 000,023,136 | ---- | C] () -- C:\Users\Admin\Desktop\locked-routegroß.JPG.hajs
[2012.04.11 23:20:45 | 002,341,657 | ---- | C] () -- C:\Users\Admin\Documents\locked-Fotos.pdf.mckf
[2012.04.08 14:22:45 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\2weistein-Training.lnk
[2012.04.08 14:22:45 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\2weistein - Handbuch.lnk
[2011.10.16 18:44:48 | 000,024,064 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\locked-UserTile.png.fnxj
[2011.07.07 15:29:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.07.07 15:29:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.04.12 15:50:10 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.02 12:30:25 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll
[2011.04.02 12:26:46 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxebrwrd.ini
[2011.04.02 12:26:31 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll
[2011.04.02 12:26:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll
[2011.04.02 12:26:29 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll
[2011.04.02 12:26:29 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll
[2011.04.02 12:26:28 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll
[2011.04.02 12:26:27 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll
[2011.04.02 12:26:25 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll
[2011.04.02 12:26:23 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxebcoms.exe
[2011.04.02 12:26:23 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll
[2011.04.02 12:26:22 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll
[2011.04.02 12:18:47 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010.11.18 10:32:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll
[2010.11.18 10:32:31 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxebih.exe
[2010.11.18 10:32:30 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll
[2010.11.18 10:32:28 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll
[2010.11.18 10:32:28 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxebcfg.exe
[2010.11.18 10:32:22 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxebhcp.dll
[2010.11.18 10:32:22 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll
[2010.11.18 10:32:22 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll
[2010.11.18 10:32:22 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll
[2010.11.18 10:32:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll
[2010.11.18 10:32:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll
[2010.11.18 10:32:21 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll
[2010.11.18 10:32:21 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll
[2010.11.18 10:32:21 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll
[2010.11.18 10:32:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll
[2010.11.18 10:32:21 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll
[2010.09.05 22:57:23 | 000,355,258 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\mdbu.bin
[2010.07.21 09:25:45 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010.06.29 20:38:59 | 000,019,456 | ---- | C] () -- C:\Users\Admin\AppData\Local\locked-WebpageIcons.db.ifca
[2010.06.20 11:16:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.20 11:16:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.14 22:17:35 | 000,037,888 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.08 23:51:30 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.08 23:32:20 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.06.08 23:32:19 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.06.08 20:51:58 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LXEBPMON.DLL
[2010.06.08 20:51:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXEBFXPU.DLL
[2010.06.08 20:51:38 | 004,485,120 | ---- | C] () -- C:\Windows\System32\LXEBoem.dll
[2010.06.08 20:48:02 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEBsm.dll
[2010.06.08 20:48:02 | 000,024,064 | ---- | C] () -- C:\Windows\System32\lxebsmr.dll
 
========== LOP Check ==========
 
[2010.09.23 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.07.23 14:27:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.07.18 12:17:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2012.05.01 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.01 18:38:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fwlqcnx
[2012.05.01 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\go
[2010.09.10 14:31:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2012.05.01 11:32:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011.12.17 16:26:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\KIDDINX
[2010.07.13 10:16:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.07.07 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2011.10.16 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2012.05.01 11:33:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Pro200-S500 Series
[2012.05.01 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2012.05.01 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2010.12.29 23:59:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SAD_Office2010
[2011.07.07 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2012.05.01 11:33:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smart PDF Converter
[2010.06.08 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\T-Online
[2012.05.01 18:49:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Wqlfdrmna
[2010.06.15 18:49:30 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Pro200-S500 Series
[2011.07.13 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\go
[2010.11.03 13:45:06 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Pro200-S500 Series
[2012.05.01 23:29:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.02 22:03:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4224D031-A0DF-4C8A-965C-146460862FCB}.job
[2012.05.02 22:01:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59FF7F83-BB5C-40D2-A251-CE5F915947E4}.job
[2012.05.02 22:00:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{83B22B03-42AA-42AC-B7EB-CACDB31F1883}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.08 15:21:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2010.12.24 20:04:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2010.02.01 00:34:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ATI
[2011.10.15 22:48:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Avira
[2010.09.23 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.07.23 14:27:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.07.18 12:17:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2012.05.01 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.01 18:38:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fwlqcnx
[2012.05.01 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\go
[2010.09.10 14:31:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2010.02.01 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2012.05.01 11:32:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011.12.17 16:26:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\KIDDINX
[2010.06.08 20:49:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2011.04.07 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.05.01 11:40:05 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2010.06.08 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010.07.13 10:16:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.07.07 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2011.10.16 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2012.05.01 11:33:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Pro200-S500 Series
[2012.05.01 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2012.05.01 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2010.12.29 23:59:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SAD_Office2010
[2011.07.07 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2012.05.01 11:33:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2012.05.01 11:33:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2012.05.01 11:33:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smart PDF Converter
[2010.06.08 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\T-Online
[2012.05.01 18:49:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Wqlfdrmna
 
< %APPDATA%\*.exe /s >
[2011.10.28 21:08:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.08.24 18:46:13 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 10:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.12 16:27:16 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

< End of report >

Schönen Gruß
gaia48

cosinus · 03.05.2012, 13:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-Iy7FQ6C6KobxslWBTpeBPVXE5M?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.1
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.05.01 11:46:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Fwlqcnx
[2012.05.01 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Wqlfdrmna
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

gaia48 · 03.05.2012, 20:50

Hallo Arne,

Fix per OTL ausgeführt. Die musste zweimal passieren da kurz nach dem Start des Fixes das Programm keine Rückmeldung mehr zeigte und lange mit schwarzem Bildschirm stehen blieb, so dass ein Neustart erfolgen musste. Dann jedoch hat der Fix ohne Störungen geklappt. Hier die beiden Logs, erst der misslungene dann der gelungene.

Code:

ATTFilter

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: No service named SBSDWSCService was found to stop!
Service\Driver key SBSDWSCService not found.
File  C:\Program Files\Spybot File not found not found.
Error: No service named Rezip was found to stop!
Service\Driver key Rezip not found.
File  C:\Windows\System32\Rezip.exe  not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-2236149280-2537161501-2249316146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2236149280-2537161501-2249316146-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Freeware.de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: toolbar@web.de:1.5.1 removed from extensions.enabledItems
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Folder C:\Users\Admin\AppData\Roaming\Fwlqcnx\ not found.
Folder C:\Users\Admin\AppData\Roaming\Wqlfdrmna\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: Public
 
User: V***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 831216556 bytes
->Flash cache emptied: 79753 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1754832213 bytes
RecycleBin emptied: 457927763 bytes
 
Total Files Cleaned = 2.903,00 mb
 
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gast
 
User: Public
 
User: V***
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05032012_212546

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Die Navigations- sowie Lesezeichen-Leiste im Internetbrowser ist jetzt wieder scharf erkennbar, nicht mehr doppelt / unscharf, das ist schon super.

Schönen Gruß,
gaia48

cosinus · 04.05.2012, 10:37

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

gaia48 · 04.05.2012, 21:56

Hallo Arne,

hier der Log des TDSS Killers:

Code:

ATTFilter

22:41:48.0754 4020	============================================================
22:41:48.0755 4020	Current date / time: 2012/05/04 22:41:48.0754
22:41:48.0755 4020	SystemInfo:
22:41:48.0755 4020	
22:41:48.0755 4020	OS Version: 6.0.6002 ServicePack: 2.0
22:41:48.0755 4020	Product type: Workstation
22:41:48.0755 4020	ComputerName: NOTEBOOK
22:41:48.0755 4020	UserName: Admin
22:41:48.0755 4020	Windows directory: C:\Windows
22:41:48.0755 4020	System windows directory: C:\Windows
22:41:48.0755 4020	Processor architecture: Intel x86
22:41:48.0755 4020	Number of processors: 2
22:41:48.0755 4020	Page size: 0x1000
22:41:48.0755 4020	Boot type: Normal boot
22:41:48.0755 4020	============================================================
22:41:49.0187 4020	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:41:49.0189 4020	Drive \Device\Harddisk1\DR1 - Size: 0x7AC00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:41:49.0190 4020	============================================================
22:41:49.0191 4020	\Device\Harddisk0\DR0:
22:41:49.0191 4020	MBR partitions:
22:41:49.0191 4020	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11C2C800
22:41:49.0191 4020	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
22:41:49.0191 4020	\Device\Harddisk1\DR1:
22:41:49.0192 4020	MBR partitions:
22:41:49.0192 4020	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3D5FC1
22:41:49.0192 4020	============================================================
22:41:49.0225 4020	C: <-> \Device\Harddisk0\DR0\Partition0
22:41:49.0319 4020	D: <-> \Device\Harddisk0\DR0\Partition1
22:41:49.0319 4020	============================================================
22:41:49.0319 4020	Initialize success
22:41:49.0320 4020	============================================================
22:44:34.0549 3096	============================================================
22:44:34.0549 3096	Scan started
22:44:34.0549 3096	Mode: Manual; SigCheck; TDLFS; 
22:44:34.0549 3096	============================================================
22:44:35.0188 3096	acedrv01        (9ad3ac19f5a9968db4297c4319d7cddb) C:\Windows\system32\drivers\acedrv01.sys
22:44:35.0344 3096	acedrv01 ( UnsignedFile.Multi.Generic ) - warning
22:44:35.0344 3096	acedrv01 - detected UnsignedFile.Multi.Generic (1)
22:44:35.0391 3096	acedrv02        (e00a398c09a6515769a4bc39e91064eb) C:\Windows\system32\drivers\acedrv02.sys
22:44:35.0422 3096	acedrv02 ( UnsignedFile.Multi.Generic ) - warning
22:44:35.0422 3096	acedrv02 - detected UnsignedFile.Multi.Generic (1)
22:44:35.0453 3096	acedrv03        (903de75450a5cc4b26c3d33e3a64fc58) C:\Windows\system32\drivers\acedrv03.sys
22:44:35.0500 3096	acedrv03 ( UnsignedFile.Multi.Generic ) - warning
22:44:35.0500 3096	acedrv03 - detected UnsignedFile.Multi.Generic (1)
22:44:35.0531 3096	acedrv04        (2d838d7ce9b7cdafdec7ed43cc99fa1e) C:\Windows\system32\drivers\acedrv04.sys
22:44:35.0563 3096	acedrv04 ( UnsignedFile.Multi.Generic ) - warning
22:44:35.0563 3096	acedrv04 - detected UnsignedFile.Multi.Generic (1)
22:44:35.0594 3096	acedrv05        (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\acedrv05.sys
22:44:35.0625 3096	acedrv05 ( UnsignedFile.Multi.Generic ) - warning
22:44:35.0625 3096	acedrv05 - detected UnsignedFile.Multi.Generic (1)
22:44:35.0656 3096	acedrv06        (44010948bde6ade50dd1386657c73e83) C:\Windows\system32\drivers\acedrv06.sys
22:44:35.0719 3096	acedrv06 ( UnsignedFile.Multi.Generic ) - warning
22:44:35.0719 3096	acedrv06 - detected UnsignedFile.Multi.Generic (1)
22:44:35.0734 3096	acedrv07        (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\acedrv07.sys
22:44:35.0781 3096	acedrv07 ( UnsignedFile.Multi.Generic ) - warning
22:44:35.0781 3096	acedrv07 - detected UnsignedFile.Multi.Generic (1)
22:44:35.0843 3096	acedrv11        (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
22:44:35.0953 3096	acedrv11 - ok
22:44:36.0062 3096	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:44:36.0093 3096	ACPI - ok
22:44:36.0233 3096	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:44:36.0249 3096	AdobeARMservice - ok
22:44:36.0405 3096	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:44:36.0436 3096	adp94xx - ok
22:44:36.0483 3096	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:44:36.0514 3096	adpahci - ok
22:44:36.0561 3096	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:44:36.0592 3096	adpu160m - ok
22:44:36.0701 3096	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:44:36.0717 3096	adpu320 - ok
22:44:36.0795 3096	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:44:36.0889 3096	AeLookupSvc - ok
22:44:36.0951 3096	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:44:37.0029 3096	AFD - ok
22:44:37.0060 3096	AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
22:44:37.0123 3096	AgereModemAudio - ok
22:44:37.0263 3096	AgereSoftModem  (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
22:44:37.0403 3096	AgereSoftModem - ok
22:44:37.0481 3096	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:44:37.0497 3096	agp440 - ok
22:44:37.0559 3096	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:44:37.0591 3096	aic78xx - ok
22:44:37.0669 3096	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:44:37.0825 3096	ALG - ok
22:44:37.0856 3096	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:44:37.0871 3096	aliide - ok
22:44:37.0934 3096	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:44:37.0965 3096	amdagp - ok
22:44:37.0996 3096	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:44:38.0027 3096	amdide - ok
22:44:38.0043 3096	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:44:38.0121 3096	AmdK7 - ok
22:44:38.0137 3096	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:44:38.0215 3096	AmdK8 - ok
22:44:38.0371 3096	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:44:38.0402 3096	AntiVirSchedulerService - ok
22:44:38.0449 3096	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:44:38.0464 3096	AntiVirService - ok
22:44:38.0542 3096	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:44:38.0589 3096	Appinfo - ok
22:44:38.0651 3096	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:44:38.0667 3096	arc - ok
22:44:38.0714 3096	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:44:38.0729 3096	arcsas - ok
22:44:38.0776 3096	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:38.0807 3096	AsyncMac - ok
22:44:38.0839 3096	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:44:38.0854 3096	atapi - ok
22:44:39.0026 3096	athr            (99d78248bfd454bfa9b5bec37350fade) C:\Windows\system32\DRIVERS\athr.sys
22:44:39.0197 3096	athr - ok
22:44:39.0307 3096	Ati External Event Utility (db338c400cc9f5ceb568899d664ff335) C:\Windows\system32\Ati2evxx.exe
22:44:39.0400 3096	Ati External Event Utility - ok
22:44:39.0837 3096	atikmdag        (45c45796caad4f3354496530329a7b10) C:\Windows\system32\DRIVERS\atikmdag.sys
22:44:40.0118 3096	atikmdag - ok
22:44:40.0274 3096	atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
22:44:40.0336 3096	atksgt - ok
22:44:40.0430 3096	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:44:40.0492 3096	AudioEndpointBuilder - ok
22:44:40.0508 3096	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:44:40.0539 3096	Audiosrv - ok
22:44:40.0617 3096	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:44:40.0648 3096	avgntflt - ok
22:44:40.0664 3096	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
22:44:40.0695 3096	avipbb - ok
22:44:40.0742 3096	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:44:40.0773 3096	avkmgr - ok
22:44:40.0820 3096	bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:44:41.0023 3096	bcm4sbxp - ok
22:44:41.0132 3096	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
22:44:41.0147 3096	BcmSqlStartupSvc - ok
22:44:41.0225 3096	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:44:41.0288 3096	Beep - ok
22:44:41.0350 3096	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:44:41.0459 3096	BFE - ok
22:44:41.0600 3096	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
22:44:41.0740 3096	BITS - ok
22:44:41.0818 3096	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:44:41.0896 3096	blbdrive - ok
22:44:41.0927 3096	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:44:42.0005 3096	bowser - ok
22:44:42.0021 3096	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:44:42.0083 3096	BrFiltLo - ok
22:44:42.0099 3096	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:44:42.0161 3096	BrFiltUp - ok
22:44:42.0193 3096	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:44:42.0271 3096	Browser - ok
22:44:42.0302 3096	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:44:42.0411 3096	Brserid - ok
22:44:42.0458 3096	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:44:42.0536 3096	BrSerWdm - ok
22:44:42.0583 3096	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:44:42.0692 3096	BrUsbMdm - ok
22:44:42.0707 3096	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:44:42.0801 3096	BrUsbSer - ok
22:44:42.0863 3096	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:44:42.0910 3096	BthEnum - ok
22:44:42.0941 3096	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:44:43.0004 3096	BTHMODEM - ok
22:44:43.0051 3096	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:44:43.0113 3096	BthPan - ok
22:44:43.0191 3096	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:44:43.0285 3096	BTHPORT - ok
22:44:43.0316 3096	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
22:44:43.0394 3096	BthServ - ok
22:44:43.0425 3096	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:44:43.0456 3096	BTHUSB - ok
22:44:43.0487 3096	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:44:43.0534 3096	cdfs - ok
22:44:43.0597 3096	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:44:43.0628 3096	cdrom - ok
22:44:43.0659 3096	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:44:43.0706 3096	CertPropSvc - ok
22:44:43.0737 3096	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:44:43.0799 3096	circlass - ok
22:44:43.0862 3096	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:44:43.0877 3096	CLFS - ok
22:44:43.0987 3096	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:44.0002 3096	clr_optimization_v2.0.50727_32 - ok
22:44:44.0080 3096	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:44.0096 3096	clr_optimization_v4.0.30319_32 - ok
22:44:44.0174 3096	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:44.0252 3096	CmBatt - ok
22:44:44.0299 3096	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:44:44.0314 3096	cmdide - ok
22:44:44.0330 3096	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:44:44.0361 3096	Compbatt - ok
22:44:44.0361 3096	COMSysApp - ok
22:44:44.0392 3096	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:44:44.0423 3096	crcdisk - ok
22:44:44.0439 3096	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:44:44.0517 3096	Crusoe - ok
22:44:44.0564 3096	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:44:44.0611 3096	CryptSvc - ok
22:44:44.0689 3096	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:44:44.0767 3096	DcomLaunch - ok
22:44:44.0798 3096	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:44:44.0876 3096	DfsC - ok
22:44:45.0063 3096	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:44:45.0235 3096	DFSR - ok
22:44:45.0391 3096	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:44:45.0437 3096	Dhcp - ok
22:44:45.0500 3096	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:44:45.0515 3096	disk - ok
22:44:45.0562 3096	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:44:45.0609 3096	Dnscache - ok
22:44:45.0656 3096	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:44:45.0718 3096	dot3svc - ok
22:44:45.0781 3096	dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:44:45.0827 3096	dot4 - ok
22:44:45.0859 3096	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:44:45.0905 3096	Dot4Print - ok
22:44:45.0952 3096	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:44:46.0015 3096	dot4usb - ok
22:44:46.0061 3096	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:44:46.0108 3096	DPS - ok
22:44:46.0155 3096	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:44:46.0202 3096	drmkaud - ok
22:44:46.0311 3096	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:44:46.0342 3096	DXGKrnl - ok
22:44:46.0389 3096	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:44:46.0467 3096	E1G60 - ok
22:44:46.0514 3096	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:44:46.0561 3096	EapHost - ok
22:44:46.0607 3096	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:44:46.0639 3096	Ecache - ok
22:44:46.0748 3096	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:44:46.0779 3096	ehRecvr - ok
22:44:46.0810 3096	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:44:46.0888 3096	ehSched - ok
22:44:46.0888 3096	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:44:46.0935 3096	ehstart - ok
22:44:47.0013 3096	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:44:47.0044 3096	elxstor - ok
22:44:47.0107 3096	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:44:47.0200 3096	EMDMgmt - ok
22:44:47.0216 3096	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:44:47.0278 3096	ErrDev - ok
22:44:47.0341 3096	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:44:47.0419 3096	EventSystem - ok
22:44:47.0465 3096	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:44:47.0559 3096	exfat - ok
22:44:47.0590 3096	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:44:47.0653 3096	fastfat - ok
22:44:47.0684 3096	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:44:47.0731 3096	fdc - ok
22:44:47.0762 3096	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:44:47.0809 3096	fdPHost - ok
22:44:47.0824 3096	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:44:47.0887 3096	FDResPub - ok
22:44:47.0933 3096	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:44:47.0933 3096	FileInfo - ok
22:44:47.0949 3096	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:44:48.0011 3096	Filetrace - ok
22:44:48.0043 3096	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:48.0074 3096	flpydisk - ok
22:44:48.0136 3096	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:44:48.0152 3096	FltMgr - ok
22:44:48.0245 3096	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
22:44:48.0355 3096	FontCache - ok
22:44:48.0479 3096	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:44:48.0495 3096	FontCache3.0.0.0 - ok
22:44:48.0557 3096	FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
22:44:48.0573 3096	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
22:44:48.0573 3096	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
22:44:48.0604 3096	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:44:48.0651 3096	Fs_Rec - ok
22:44:48.0713 3096	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:44:48.0745 3096	gagp30kx - ok
22:44:48.0791 3096	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:44:48.0807 3096	GEARAspiWDM - ok
22:44:48.0854 3096	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
22:44:48.0869 3096	ggflt - ok
22:44:48.0901 3096	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
22:44:48.0901 3096	ggsemc - ok
22:44:49.0119 3096	GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:44:49.0135 3096	GoogleDesktopManager-051210-111108 - ok
22:44:49.0306 3096	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:44:49.0384 3096	gpsvc - ok
22:44:49.0478 3096	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:44:49.0540 3096	HdAudAddService - ok
22:44:49.0618 3096	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:44:49.0712 3096	HDAudBus - ok
22:44:49.0743 3096	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:44:49.0837 3096	HidBth - ok
22:44:49.0868 3096	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:44:49.0946 3096	HidIr - ok
22:44:49.0977 3096	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
22:44:50.0039 3096	hidserv - ok
22:44:50.0102 3096	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:44:50.0117 3096	HidUsb - ok
22:44:50.0180 3096	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:44:50.0211 3096	hkmsvc - ok
22:44:50.0289 3096	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:44:50.0305 3096	HpCISSs - ok
22:44:50.0445 3096	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:44:50.0539 3096	HTTP - ok
22:44:50.0601 3096	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:44:50.0617 3096	i2omp - ok
22:44:50.0663 3096	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:44:50.0726 3096	i8042prt - ok
22:44:50.0866 3096	ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:44:51.0116 3096	ialm - ok
22:44:51.0537 3096	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
22:44:51.0568 3096	iaStor - ok
22:44:51.0677 3096	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:44:51.0693 3096	iaStorV - ok
22:44:51.0865 3096	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:44:51.0974 3096	idsvc - ok
22:44:52.0083 3096	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:44:52.0099 3096	iirsp - ok
22:44:52.0270 3096	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:44:52.0364 3096	IKEEXT - ok
22:44:52.0660 3096	IntcAzAudAddService (b4fd14f7b231e358bec6c71d1a6c2845) C:\Windows\system32\drivers\RTKVHDA.sys
22:44:52.0910 3096	IntcAzAudAddService - ok
22:44:53.0144 3096	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:44:53.0159 3096	intelide - ok
22:44:53.0191 3096	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:44:53.0253 3096	intelppm - ok
22:44:53.0315 3096	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:44:53.0378 3096	IPBusEnum - ok
22:44:53.0425 3096	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:53.0487 3096	IpFilterDriver - ok
22:44:53.0534 3096	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:44:53.0612 3096	iphlpsvc - ok
22:44:53.0612 3096	IpInIp - ok
22:44:53.0643 3096	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:44:53.0690 3096	IPMIDRV - ok
22:44:53.0737 3096	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:44:53.0783 3096	IPNAT - ok
22:44:53.0799 3096	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:44:53.0846 3096	IRENUM - ok
22:44:53.0893 3096	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:44:53.0908 3096	isapnp - ok
22:44:54.0049 3096	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:44:54.0080 3096	iScsiPrt - ok
22:44:54.0111 3096	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:44:54.0127 3096	iteatapi - ok
22:44:54.0173 3096	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:44:54.0189 3096	iteraid - ok
22:44:54.0205 3096	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:44:54.0236 3096	kbdclass - ok
22:44:54.0251 3096	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:44:54.0298 3096	kbdhid - ok
22:44:54.0329 3096	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:44:54.0392 3096	KeyIso - ok
22:44:54.0423 3096	KMDFMEMIO       (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
22:44:54.0485 3096	KMDFMEMIO - ok
22:44:54.0532 3096	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:44:54.0563 3096	KSecDD - ok
22:44:54.0626 3096	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:44:54.0704 3096	KtmRm - ok
22:44:54.0751 3096	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
22:44:54.0844 3096	LanmanServer - ok
22:44:54.0891 3096	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:44:54.0969 3096	LanmanWorkstation - ok
22:44:55.0047 3096	lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
22:44:55.0047 3096	lirsgt - ok
22:44:55.0094 3096	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:44:55.0125 3096	lltdio - ok
22:44:55.0219 3096	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:44:55.0297 3096	lltdsvc - ok
22:44:55.0328 3096	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:44:55.0359 3096	lmhosts - ok
22:44:55.0390 3096	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:44:55.0406 3096	LSI_FC - ok
22:44:55.0437 3096	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:44:55.0453 3096	LSI_SAS - ok
22:44:55.0499 3096	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:44:55.0515 3096	LSI_SCSI - ok
22:44:55.0531 3096	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:44:55.0577 3096	luafv - ok
22:44:55.0718 3096	lxebCATSCustConnectService (a69ad7128300dfd6a8b113356fb7ee3b) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe
22:44:55.0718 3096	lxebCATSCustConnectService - ok
22:44:55.0780 3096	lxeb_device - ok
22:44:55.0811 3096	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:44:55.0843 3096	Mcx2Svc - ok
22:44:55.0889 3096	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:44:55.0905 3096	megasas - ok
22:44:55.0967 3096	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:44:56.0014 3096	MegaSR - ok
22:44:56.0061 3096	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:44:56.0123 3096	MMCSS - ok
22:44:56.0155 3096	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:44:56.0201 3096	Modem - ok
22:44:56.0217 3096	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:44:56.0295 3096	monitor - ok
22:44:56.0311 3096	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:44:56.0342 3096	mouclass - ok
22:44:56.0357 3096	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:44:56.0404 3096	mouhid - ok
22:44:56.0420 3096	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:44:56.0435 3096	MountMgr - ok
22:44:56.0560 3096	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:44:56.0576 3096	MozillaMaintenance - ok
22:44:56.0623 3096	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:44:56.0638 3096	mpio - ok
22:44:56.0669 3096	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:44:56.0732 3096	mpsdrv - ok
22:44:56.0794 3096	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:44:56.0872 3096	MpsSvc - ok
22:44:56.0950 3096	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:44:56.0981 3096	Mraid35x - ok
22:44:57.0028 3096	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:44:57.0059 3096	MRxDAV - ok
22:44:57.0137 3096	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:57.0169 3096	mrxsmb - ok
22:44:57.0293 3096	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:57.0371 3096	mrxsmb10 - ok
22:44:57.0371 3096	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:57.0403 3096	mrxsmb20 - ok
22:44:57.0449 3096	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:44:57.0481 3096	msahci - ok
22:44:57.0512 3096	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:44:57.0543 3096	msdsm - ok
22:44:57.0590 3096	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:44:57.0652 3096	MSDTC - ok
22:44:57.0683 3096	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:44:57.0761 3096	Msfs - ok
22:44:57.0808 3096	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:44:57.0839 3096	msisadrv - ok
22:44:57.0871 3096	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:44:57.0949 3096	MSiSCSI - ok
22:44:57.0949 3096	msiserver - ok
22:44:57.0995 3096	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:44:58.0058 3096	MSKSSRV - ok
22:44:58.0089 3096	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:58.0183 3096	MSPCLOCK - ok
22:44:58.0198 3096	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:44:58.0229 3096	MSPQM - ok
22:44:58.0370 3096	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:44:58.0385 3096	MsRPC - ok
22:44:58.0417 3096	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:44:58.0432 3096	mssmbios - ok
22:44:58.0588 3096	MSSQL$MSSMLBIZ - ok
22:44:58.0651 3096	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
22:44:58.0651 3096	MSSQLServerADHelper - ok
22:44:58.0682 3096	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:44:58.0729 3096	MSTEE - ok
22:44:58.0838 3096	MTOnlPktAlyX    (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
22:44:58.0838 3096	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
22:44:58.0838 3096	MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
22:44:58.0869 3096	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:44:58.0885 3096	Mup - ok
22:44:58.0978 3096	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:44:59.0025 3096	napagent - ok
22:44:59.0087 3096	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:44:59.0103 3096	NativeWifiP - ok
22:44:59.0181 3096	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:44:59.0243 3096	NDIS - ok
22:44:59.0290 3096	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:59.0353 3096	NdisTapi - ok
22:44:59.0384 3096	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:59.0431 3096	Ndisuio - ok
22:44:59.0462 3096	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:59.0509 3096	NdisWan - ok
22:44:59.0540 3096	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:44:59.0571 3096	NDProxy - ok
22:44:59.0602 3096	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:44:59.0680 3096	NetBIOS - ok
22:44:59.0743 3096	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:44:59.0789 3096	netbt - ok
22:44:59.0836 3096	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:44:59.0867 3096	Netlogon - ok
22:44:59.0945 3096	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:45:00.0008 3096	Netman - ok
22:45:00.0055 3096	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:45:00.0086 3096	netprofm - ok
22:45:00.0195 3096	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:45:00.0195 3096	NetTcpPortSharing - ok
22:45:00.0413 3096	NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
22:45:00.0663 3096	NETw3v32 - ok
22:45:00.0835 3096	Netzmanager Service (450d0d2062c54dda23583a78c0eb63d9) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
22:45:00.0866 3096	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
22:45:00.0866 3096	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
22:45:00.0991 3096	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:45:01.0006 3096	nfrd960 - ok
22:45:01.0037 3096	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:45:01.0115 3096	NlaSvc - ok
22:45:01.0162 3096	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:45:01.0193 3096	Npfs - ok
22:45:01.0240 3096	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:45:01.0271 3096	nsi - ok
22:45:01.0349 3096	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:45:01.0396 3096	nsiproxy - ok
22:45:01.0552 3096	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:45:01.0755 3096	Ntfs - ok
22:45:01.0802 3096	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:45:01.0880 3096	ntrigdigi - ok
22:45:01.0895 3096	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:45:01.0942 3096	Null - ok
22:45:01.0973 3096	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:45:01.0973 3096	nvraid - ok
22:45:02.0020 3096	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:45:02.0036 3096	nvstor - ok
22:45:02.0083 3096	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:45:02.0098 3096	nv_agp - ok
22:45:02.0098 3096	NwlnkFlt - ok
22:45:02.0114 3096	NwlnkFwd - ok
22:45:02.0145 3096	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
22:45:02.0176 3096	ohci1394 - ok
22:45:02.0301 3096	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:45:02.0317 3096	ose - ok
22:45:02.0769 3096	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:45:03.0440 3096	osppsvc - ok
22:45:03.0658 3096	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:45:03.0752 3096	p2pimsvc - ok
22:45:03.0767 3096	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:45:03.0845 3096	p2psvc - ok
22:45:03.0955 3096	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:45:04.0033 3096	Parport - ok
22:45:04.0064 3096	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:45:04.0095 3096	partmgr - ok
22:45:04.0126 3096	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:45:04.0235 3096	Parvdm - ok
22:45:04.0298 3096	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:45:04.0360 3096	PcaSvc - ok
22:45:04.0423 3096	pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:45:04.0469 3096	pccsmcfd - ok
22:45:04.0516 3096	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:45:04.0547 3096	pci - ok
22:45:04.0563 3096	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:45:04.0594 3096	pciide - ok
22:45:04.0641 3096	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
22:45:04.0657 3096	pcmcia - ok
22:45:04.0766 3096	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:45:05.0000 3096	PEAUTH - ok
22:45:05.0187 3096	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:45:05.0437 3096	pla - ok
22:45:05.0686 3096	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:45:05.0749 3096	PlugPlay - ok
22:45:05.0842 3096	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:45:05.0920 3096	PNRPAutoReg - ok
22:45:05.0936 3096	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:45:06.0014 3096	PNRPsvc - ok
22:45:06.0107 3096	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:45:06.0232 3096	PolicyAgent - ok
22:45:06.0279 3096	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:45:06.0373 3096	PptpMiniport - ok
22:45:06.0419 3096	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:45:06.0497 3096	Processor - ok
22:45:06.0560 3096	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:45:06.0607 3096	ProfSvc - ok
22:45:06.0653 3096	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:45:06.0669 3096	ProtectedStorage - ok
22:45:06.0716 3096	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:45:06.0778 3096	PSched - ok
22:45:06.0903 3096	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:45:07.0059 3096	ql2300 - ok
22:45:07.0106 3096	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:45:07.0121 3096	ql40xx - ok
22:45:07.0184 3096	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:45:07.0215 3096	QWAVE - ok
22:45:07.0231 3096	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:45:07.0309 3096	QWAVEdrv - ok
22:45:07.0324 3096	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:45:07.0387 3096	RasAcd - ok
22:45:07.0433 3096	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:45:07.0511 3096	RasAuto - ok
22:45:07.0543 3096	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:45:07.0605 3096	Rasl2tp - ok
22:45:07.0683 3096	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:45:07.0761 3096	RasMan - ok
22:45:07.0792 3096	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:45:07.0855 3096	RasPppoe - ok
22:45:07.0870 3096	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:45:07.0901 3096	RasSstp - ok
22:45:07.0964 3096	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:45:08.0011 3096	rdbss - ok
22:45:08.0026 3096	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:45:08.0089 3096	RDPCDD - ok
22:45:08.0167 3096	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:45:08.0213 3096	rdpdr - ok
22:45:08.0229 3096	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:45:08.0276 3096	RDPENCDD - ok
22:45:08.0338 3096	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:45:08.0416 3096	RDPWD - ok
22:45:08.0463 3096	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:45:08.0510 3096	RemoteAccess - ok
22:45:08.0541 3096	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:45:08.0603 3096	RemoteRegistry - ok
22:45:08.0650 3096	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:45:08.0713 3096	RFCOMM - ok
22:45:08.0744 3096	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:45:08.0837 3096	RpcLocator - ok
22:45:08.0931 3096	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:45:09.0025 3096	RpcSs - ok
22:45:09.0103 3096	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:45:09.0165 3096	rspndr - ok
22:45:09.0196 3096	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:45:09.0227 3096	SamSs - ok
22:45:09.0243 3096	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:45:09.0274 3096	sbp2port - ok
22:45:09.0321 3096	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:45:09.0368 3096	SCardSvr - ok
22:45:09.0493 3096	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:45:09.0586 3096	Schedule - ok
22:45:09.0633 3096	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:45:09.0680 3096	SCPolicySvc - ok
22:45:09.0711 3096	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
22:45:09.0789 3096	sdbus - ok
22:45:09.0898 3096	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:45:09.0976 3096	SDRSVC - ok
22:45:09.0976 3096	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:45:10.0085 3096	secdrv - ok
22:45:10.0163 3096	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:45:10.0241 3096	seclogon - ok
22:45:10.0288 3096	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
22:45:10.0397 3096	SENS - ok
22:45:10.0413 3096	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:45:10.0538 3096	Serenum - ok
22:45:10.0787 3096	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:45:10.0834 3096	Serial - ok
22:45:10.0943 3096	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:45:10.0959 3096	sermouse - ok
22:45:11.0193 3096	ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:45:11.0240 3096	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:45:11.0240 3096	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:45:11.0396 3096	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:45:11.0443 3096	SessionEnv - ok
22:45:11.0474 3096	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:45:11.0505 3096	sffdisk - ok
22:45:11.0599 3096	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:45:11.0677 3096	sffp_mmc - ok
22:45:11.0692 3096	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:45:11.0723 3096	sffp_sd - ok
22:45:11.0739 3096	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:45:11.0817 3096	sfloppy - ok
22:45:11.0879 3096	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:45:11.0957 3096	SharedAccess - ok
22:45:12.0035 3096	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:45:12.0082 3096	ShellHWDetection - ok
22:45:12.0145 3096	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:45:12.0160 3096	sisagp - ok
22:45:12.0285 3096	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:45:12.0316 3096	SiSRaid2 - ok
22:45:12.0347 3096	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:45:12.0363 3096	SiSRaid4 - ok
22:45:12.0722 3096	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:45:12.0971 3096	slsvc - ok
22:45:13.0127 3096	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:45:13.0205 3096	SLUINotify - ok
22:45:13.0315 3096	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:45:13.0377 3096	Smb - ok
22:45:13.0455 3096	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:45:13.0502 3096	SNMPTRAP - ok
22:45:13.0580 3096	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:45:13.0611 3096	spldr - ok
22:45:13.0658 3096	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:45:13.0736 3096	Spooler - ok
22:45:13.0861 3096	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:45:13.0892 3096	SQLBrowser - ok
22:45:13.0939 3096	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:45:13.0954 3096	SQLWriter - ok
22:45:14.0017 3096	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:45:14.0079 3096	srv - ok
22:45:14.0141 3096	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:45:14.0219 3096	srv2 - ok
22:45:14.0251 3096	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:45:14.0282 3096	srvnet - ok
22:45:14.0344 3096	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:45:14.0438 3096	SSDPSRV - ok
22:45:14.0547 3096	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:45:14.0563 3096	ssmdrv - ok
22:45:14.0641 3096	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:45:14.0672 3096	SstpSvc - ok
22:45:14.0797 3096	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:45:14.0859 3096	stisvc - ok
22:45:14.0890 3096	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:45:14.0906 3096	swenum - ok
22:45:14.0968 3096	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:45:15.0031 3096	swprv - ok
22:45:15.0062 3096	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:45:15.0077 3096	Symc8xx - ok
22:45:15.0124 3096	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:45:15.0155 3096	Sym_hi - ok
22:45:15.0187 3096	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:45:15.0202 3096	Sym_u3 - ok
22:45:15.0311 3096	SynTP           (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
22:45:15.0405 3096	SynTP - ok
22:45:15.0499 3096	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:45:15.0592 3096	SysMain - ok
22:45:15.0639 3096	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:45:15.0717 3096	TabletInputService - ok
22:45:15.0779 3096	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:45:15.0904 3096	TapiSrv - ok
22:45:15.0935 3096	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:45:15.0967 3096	TBS - ok
22:45:16.0107 3096	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
22:45:16.0185 3096	Tcpip - ok
22:45:16.0201 3096	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
22:45:16.0247 3096	Tcpip6 - ok
22:45:16.0294 3096	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
22:45:16.0357 3096	tcpipreg - ok
22:45:16.0388 3096	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:45:16.0419 3096	TDPIPE - ok
22:45:16.0435 3096	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:45:16.0481 3096	TDTCP - ok
22:45:16.0528 3096	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:45:16.0575 3096	tdx - ok
22:45:16.0606 3096	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:45:16.0622 3096	TermDD - ok
22:45:16.0684 3096	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:45:16.0778 3096	TermService - ok
22:45:16.0840 3096	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:45:16.0856 3096	Themes - ok
22:45:16.0887 3096	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:45:16.0918 3096	THREADORDER - ok
22:45:16.0965 3096	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:45:17.0012 3096	TrkWks - ok
22:45:17.0137 3096	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:45:17.0168 3096	TrustedInstaller - ok
22:45:17.0246 3096	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:45:17.0308 3096	tssecsrv - ok
22:45:17.0339 3096	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:45:17.0386 3096	tunmp - ok
22:45:17.0417 3096	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:45:17.0449 3096	tunnel - ok
22:45:17.0464 3096	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:45:17.0495 3096	uagp35 - ok
22:45:17.0542 3096	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:45:17.0589 3096	udfs - ok
22:45:17.0698 3096	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:45:17.0761 3096	UI0Detect - ok
22:45:17.0807 3096	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:45:17.0823 3096	uliagpkx - ok
22:45:17.0854 3096	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:45:17.0885 3096	uliahci - ok
22:45:17.0948 3096	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:45:17.0963 3096	UlSata - ok
22:45:18.0010 3096	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:45:18.0041 3096	ulsata2 - ok
22:45:18.0073 3096	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:45:18.0166 3096	umbus - ok
22:45:18.0244 3096	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:45:18.0338 3096	upnphost - ok
22:45:18.0385 3096	USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
22:45:18.0400 3096	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
22:45:18.0400 3096	USBAAPL - detected UnsignedFile.Multi.Generic (1)
22:45:18.0463 3096	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:45:18.0525 3096	usbccgp - ok
22:45:18.0603 3096	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:45:18.0728 3096	usbcir - ok
22:45:18.0759 3096	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:45:18.0806 3096	usbehci - ok
22:45:18.0868 3096	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:45:18.0915 3096	usbhub - ok
22:45:18.0977 3096	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:45:19.0055 3096	usbohci - ok
22:45:19.0274 3096	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:45:19.0321 3096	usbprint - ok
22:45:19.0430 3096	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:45:19.0461 3096	usbscan - ok
22:45:19.0555 3096	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:45:19.0586 3096	USBSTOR - ok
22:45:19.0633 3096	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:45:19.0679 3096	usbuhci - ok
22:45:19.0711 3096	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:45:19.0757 3096	usbvideo - ok
22:45:19.0804 3096	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:45:19.0851 3096	UxSms - ok
22:45:19.0913 3096	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:45:20.0007 3096	vds - ok
22:45:20.0038 3096	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:45:20.0132 3096	vga - ok
22:45:20.0257 3096	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:45:20.0303 3096	VgaSave - ok
22:45:20.0366 3096	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:45:20.0381 3096	viaagp - ok
22:45:20.0428 3096	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:45:20.0475 3096	ViaC7 - ok
22:45:20.0506 3096	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:45:20.0522 3096	viaide - ok
22:45:20.0553 3096	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:45:20.0584 3096	volmgr - ok
22:45:20.0647 3096	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:45:20.0678 3096	volmgrx - ok
22:45:20.0756 3096	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:45:20.0787 3096	volsnap - ok
22:45:20.0818 3096	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:45:20.0849 3096	vsmraid - ok
22:45:20.0990 3096	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:45:21.0146 3096	VSS - ok
22:45:21.0333 3096	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:45:21.0395 3096	W32Time - ok
22:45:21.0458 3096	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:45:21.0567 3096	WacomPen - ok
22:45:21.0583 3096	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:21.0614 3096	Wanarp - ok
22:45:21.0629 3096	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:21.0645 3096	Wanarpv6 - ok
22:45:21.0754 3096	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:45:21.0785 3096	wcncsvc - ok
22:45:21.0848 3096	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:45:21.0863 3096	WcsPlugInService - ok
22:45:21.0879 3096	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:45:21.0879 3096	Wd - ok
22:45:21.0926 3096	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:45:21.0941 3096	Wdf01000 - ok
22:45:21.0973 3096	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:45:22.0035 3096	WdiServiceHost - ok
22:45:22.0035 3096	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:45:22.0066 3096	WdiSystemHost - ok
22:45:22.0144 3096	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:45:22.0191 3096	WebClient - ok
22:45:22.0238 3096	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
22:45:22.0300 3096	Wecsvc - ok
22:45:22.0331 3096	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:45:22.0363 3096	wercplsupport - ok
22:45:22.0409 3096	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:45:22.0472 3096	WerSvc - ok
22:45:22.0675 3096	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:45:22.0690 3096	WinDefend - ok
22:45:22.0706 3096	WinHttpAutoProxySvc - ok
22:45:22.0799 3096	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:45:22.0815 3096	Winmgmt - ok
22:45:22.0955 3096	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
22:45:23.0143 3096	WinRM - ok
22:45:23.0283 3096	WinVNC4         (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
22:45:23.0314 3096	WinVNC4 - ok
22:45:23.0501 3096	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:45:23.0595 3096	Wlansvc - ok
22:45:23.0673 3096	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:45:23.0735 3096	WmiAcpi - ok
22:45:23.0860 3096	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:45:23.0923 3096	wmiApSrv - ok
22:45:24.0047 3096	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:45:24.0125 3096	WMPNetworkSvc - ok
22:45:24.0188 3096	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:45:24.0266 3096	WPCSvc - ok
22:45:24.0313 3096	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:45:24.0375 3096	WPDBusEnum - ok
22:45:24.0437 3096	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:45:24.0453 3096	WpdUsb - ok
22:45:24.0687 3096	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:45:24.0781 3096	WPFFontCache_v0400 - ok
22:45:24.0859 3096	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:45:24.0905 3096	ws2ifsl - ok
22:45:24.0983 3096	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
22:45:25.0061 3096	wscsvc - ok
22:45:25.0139 3096	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:45:25.0171 3096	WSDPrintDevice - ok
22:45:25.0186 3096	WSearch - ok
22:45:25.0420 3096	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:45:25.0592 3096	wuauserv - ok
22:45:25.0795 3096	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:45:25.0951 3096	WUDFRd - ok
22:45:25.0997 3096	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:45:26.0029 3096	wudfsvc - ok
22:45:26.0091 3096	yksvc           (3541e083be976294da5e644db122a9a7) C:\Windows\System32\ykx32mpcoinst.dll
22:45:26.0138 3096	yksvc - ok
22:45:26.0169 3096	yukonwlh        (6d16a5c05d4fa06fade1d97580986803) C:\Windows\system32\DRIVERS\yk60x86.sys
22:45:26.0216 3096	yukonwlh - ok
22:45:26.0263 3096	MBR (0x1B8)     (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
22:45:26.0731 3096	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:45:26.0731 3096	\Device\Harddisk0\DR0 - detected TDSS File System (1)
22:45:26.0746 3096	MBR (0x1B8)     (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
22:45:40.0053 3096	\Device\Harddisk1\DR1 - ok
22:45:40.0069 3096	Boot (0x1200)   (78cae79b9a4327e8e4a4aaafa95c9e31) \Device\Harddisk0\DR0\Partition0
22:45:40.0069 3096	\Device\Harddisk0\DR0\Partition0 - ok
22:45:40.0131 3096	Boot (0x1200)   (51d72760228ddccbc40dfc69b1e5013b) \Device\Harddisk0\DR0\Partition1
22:45:40.0131 3096	\Device\Harddisk0\DR0\Partition1 - ok
22:45:40.0131 3096	Boot (0x1200)   (4e7468a75c6cf4274880047922e7190e) \Device\Harddisk1\DR1\Partition0
22:45:40.0147 3096	\Device\Harddisk1\DR1\Partition0 - ok
22:45:40.0147 3096	============================================================
22:45:40.0147 3096	Scan finished
22:45:40.0147 3096	============================================================
22:45:40.0162 1688	Detected object count: 13
22:45:40.0162 1688	Actual detected object count: 13
22:47:51.0197 1688	acedrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0197 1688	acedrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0197 1688	acedrv02 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0197 1688	acedrv02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0197 1688	acedrv03 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0197 1688	acedrv03 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0213 1688	acedrv04 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0213 1688	acedrv04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0213 1688	acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0213 1688	acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0213 1688	acedrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0213 1688	acedrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0213 1688	acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0213 1688	acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0213 1688	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0213 1688	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0229 1688	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0229 1688	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0229 1688	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0229 1688	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0229 1688	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0229 1688	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0229 1688	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:47:51.0229 1688	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:47:51.0244 1688	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:47:51.0244 1688	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Alles geklappt, Anleitungen sehr gut verständlich, vielen Dank.

Gruß
gaia48

cosinus · 04.05.2012, 22:22

Zitat:

Alles geklappt, Anleitungen sehr gut verständlich, vielen Dank.

Das freut mich!

Zitat:

22:47:51.0244 1688 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:47:51.0244 1688 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

gaia48 · 05.05.2012, 11:06

Guten Morgen, :-)
Aktion ausgeführt.

Code:

ATTFilter

12:01:18.0055 3164	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
12:01:18.0304 3164	============================================================
12:01:18.0304 3164	Current date / time: 2012/05/05 12:01:18.0304
12:01:18.0304 3164	SystemInfo:
12:01:18.0304 3164	
12:01:18.0304 3164	OS Version: 6.0.6002 ServicePack: 2.0
12:01:18.0304 3164	Product type: Workstation
12:01:18.0304 3164	ComputerName: NOTEBOOK
12:01:18.0304 3164	UserName: Admin
12:01:18.0304 3164	Windows directory: C:\Windows
12:01:18.0304 3164	System windows directory: C:\Windows
12:01:18.0304 3164	Processor architecture: Intel x86
12:01:18.0304 3164	Number of processors: 2
12:01:18.0304 3164	Page size: 0x1000
12:01:18.0304 3164	Boot type: Normal boot
12:01:18.0304 3164	============================================================
12:01:18.0741 3164	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:01:18.0741 3164	============================================================
12:01:18.0741 3164	\Device\Harddisk0\DR0:
12:01:18.0741 3164	MBR partitions:
12:01:18.0741 3164	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11C2C800
12:01:18.0741 3164	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
12:01:18.0741 3164	============================================================
12:01:18.0788 3164	C: <-> \Device\Harddisk0\DR0\Partition0
12:01:18.0897 3164	D: <-> \Device\Harddisk0\DR0\Partition1
12:01:18.0897 3164	============================================================
12:01:18.0897 3164	Initialize success
12:01:18.0897 3164	============================================================
12:01:44.0328 3436	============================================================
12:01:44.0328 3436	Scan started
12:01:44.0328 3436	Mode: Manual; SigCheck; TDLFS; 
12:01:44.0328 3436	============================================================
12:01:44.0796 3436	acedrv01        (9ad3ac19f5a9968db4297c4319d7cddb) C:\Windows\system32\drivers\acedrv01.sys
12:01:45.0030 3436	acedrv01 ( UnsignedFile.Multi.Generic ) - warning
12:01:45.0030 3436	acedrv01 - detected UnsignedFile.Multi.Generic (1)
12:01:45.0077 3436	acedrv02        (e00a398c09a6515769a4bc39e91064eb) C:\Windows\system32\drivers\acedrv02.sys
12:01:45.0123 3436	acedrv02 ( UnsignedFile.Multi.Generic ) - warning
12:01:45.0123 3436	acedrv02 - detected UnsignedFile.Multi.Generic (1)
12:01:45.0155 3436	acedrv03        (903de75450a5cc4b26c3d33e3a64fc58) C:\Windows\system32\drivers\acedrv03.sys
12:01:45.0217 3436	acedrv03 ( UnsignedFile.Multi.Generic ) - warning
12:01:45.0217 3436	acedrv03 - detected UnsignedFile.Multi.Generic (1)
12:01:45.0233 3436	acedrv04        (2d838d7ce9b7cdafdec7ed43cc99fa1e) C:\Windows\system32\drivers\acedrv04.sys
12:01:45.0279 3436	acedrv04 ( UnsignedFile.Multi.Generic ) - warning
12:01:45.0279 3436	acedrv04 - detected UnsignedFile.Multi.Generic (1)
12:01:45.0357 3436	acedrv05        (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\acedrv05.sys
12:01:45.0357 3436	acedrv05 ( UnsignedFile.Multi.Generic ) - warning
12:01:45.0357 3436	acedrv05 - detected UnsignedFile.Multi.Generic (1)
12:01:45.0389 3436	acedrv06        (44010948bde6ade50dd1386657c73e83) C:\Windows\system32\drivers\acedrv06.sys
12:01:45.0420 3436	acedrv06 ( UnsignedFile.Multi.Generic ) - warning
12:01:45.0420 3436	acedrv06 - detected UnsignedFile.Multi.Generic (1)
12:01:45.0435 3436	acedrv07        (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\acedrv07.sys
12:01:45.0482 3436	acedrv07 ( UnsignedFile.Multi.Generic ) - warning
12:01:45.0482 3436	acedrv07 - detected UnsignedFile.Multi.Generic (1)
12:01:45.0560 3436	acedrv11        (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
12:01:45.0669 3436	acedrv11 - ok
12:01:45.0732 3436	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:01:45.0779 3436	ACPI - ok
12:01:45.0888 3436	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:01:45.0919 3436	AdobeARMservice - ok
12:01:46.0013 3436	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:01:46.0075 3436	adp94xx - ok
12:01:46.0122 3436	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:01:46.0169 3436	adpahci - ok
12:01:46.0184 3436	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:01:46.0215 3436	adpu160m - ok
12:01:46.0247 3436	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:01:46.0278 3436	adpu320 - ok
12:01:46.0325 3436	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:01:46.0418 3436	AeLookupSvc - ok
12:01:46.0465 3436	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:01:46.0543 3436	AFD - ok
12:01:46.0574 3436	AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
12:01:46.0637 3436	AgereModemAudio - ok
12:01:46.0793 3436	AgereSoftModem  (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
12:01:46.0917 3436	AgereSoftModem - ok
12:01:46.0964 3436	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:01:46.0980 3436	agp440 - ok
12:01:47.0011 3436	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:01:47.0042 3436	aic78xx - ok
12:01:47.0089 3436	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:01:47.0167 3436	ALG - ok
12:01:47.0183 3436	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:01:47.0214 3436	aliide - ok
12:01:47.0229 3436	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:01:47.0261 3436	amdagp - ok
12:01:47.0276 3436	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:01:47.0292 3436	amdide - ok
12:01:47.0307 3436	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:01:47.0385 3436	AmdK7 - ok
12:01:47.0401 3436	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:01:47.0495 3436	AmdK8 - ok
12:01:47.0651 3436	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:01:47.0682 3436	AntiVirSchedulerService - ok
12:01:47.0713 3436	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:01:47.0744 3436	AntiVirService - ok
12:01:47.0775 3436	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:01:47.0838 3436	Appinfo - ok
12:01:47.0869 3436	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:01:47.0900 3436	arc - ok
12:01:47.0931 3436	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:01:47.0963 3436	arcsas - ok
12:01:47.0994 3436	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:48.0056 3436	AsyncMac - ok
12:01:48.0072 3436	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:01:48.0103 3436	atapi - ok
12:01:48.0275 3436	athr            (99d78248bfd454bfa9b5bec37350fade) C:\Windows\system32\DRIVERS\athr.sys
12:01:48.0399 3436	athr - ok
12:01:48.0524 3436	Ati External Event Utility (db338c400cc9f5ceb568899d664ff335) C:\Windows\system32\Ati2evxx.exe
12:01:48.0618 3436	Ati External Event Utility - ok
12:01:49.0086 3436	atikmdag        (45c45796caad4f3354496530329a7b10) C:\Windows\system32\DRIVERS\atikmdag.sys
12:01:49.0351 3436	atikmdag - ok
12:01:49.0585 3436	atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
12:01:49.0601 3436	atksgt - ok
12:01:49.0694 3436	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:01:49.0757 3436	AudioEndpointBuilder - ok
12:01:49.0757 3436	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:01:49.0803 3436	Audiosrv - ok
12:01:49.0866 3436	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
12:01:49.0881 3436	avgntflt - ok
12:01:49.0913 3436	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
12:01:49.0944 3436	avipbb - ok
12:01:49.0975 3436	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:01:49.0975 3436	avkmgr - ok
12:01:50.0022 3436	bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
12:01:50.0084 3436	bcm4sbxp - ok
12:01:50.0209 3436	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:01:50.0209 3436	BcmSqlStartupSvc - ok
12:01:50.0240 3436	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:01:50.0287 3436	Beep - ok
12:01:50.0349 3436	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:01:50.0412 3436	BFE - ok
12:01:50.0521 3436	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
12:01:50.0599 3436	BITS - ok
12:01:50.0630 3436	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:01:50.0661 3436	blbdrive - ok
12:01:50.0708 3436	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:01:50.0786 3436	bowser - ok
12:01:50.0802 3436	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:01:50.0849 3436	BrFiltLo - ok
12:01:50.0864 3436	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:01:50.0911 3436	BrFiltUp - ok
12:01:50.0942 3436	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:01:51.0020 3436	Browser - ok
12:01:51.0067 3436	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:01:51.0176 3436	Brserid - ok
12:01:51.0192 3436	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:01:51.0254 3436	BrSerWdm - ok
12:01:51.0270 3436	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:01:51.0363 3436	BrUsbMdm - ok
12:01:51.0363 3436	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:01:51.0473 3436	BrUsbSer - ok
12:01:51.0535 3436	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
12:01:51.0597 3436	BthEnum - ok
12:01:51.0629 3436	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:01:51.0707 3436	BTHMODEM - ok
12:01:51.0751 3436	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
12:01:51.0802 3436	BthPan - ok
12:01:51.0934 3436	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
12:01:51.0977 3436	BTHPORT - ok
12:01:52.0021 3436	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
12:01:52.0160 3436	BthServ - ok
12:01:52.0181 3436	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
12:01:52.0210 3436	BTHUSB - ok
12:01:52.0243 3436	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:01:52.0325 3436	cdfs - ok
12:01:52.0357 3436	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:01:52.0403 3436	cdrom - ok
12:01:52.0466 3436	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:01:52.0513 3436	CertPropSvc - ok
12:01:52.0544 3436	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:01:52.0622 3436	circlass - ok
12:01:52.0684 3436	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:01:52.0715 3436	CLFS - ok
12:01:53.0464 3436	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:53.0495 3436	clr_optimization_v2.0.50727_32 - ok
12:01:53.0683 3436	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:53.0745 3436	clr_optimization_v4.0.30319_32 - ok
12:01:53.0885 3436	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:01:53.0948 3436	CmBatt - ok
12:01:53.0979 3436	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:01:53.0995 3436	cmdide - ok
12:01:54.0026 3436	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:01:54.0041 3436	Compbatt - ok
12:01:54.0041 3436	COMSysApp - ok
12:01:54.0073 3436	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:01:54.0088 3436	crcdisk - ok
12:01:54.0104 3436	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:01:54.0166 3436	Crusoe - ok
12:01:54.0213 3436	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
12:01:54.0244 3436	CryptSvc - ok
12:01:54.0322 3436	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:01:54.0400 3436	DcomLaunch - ok
12:01:54.0447 3436	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:01:54.0509 3436	DfsC - ok
12:01:54.0728 3436	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:01:54.0931 3436	DFSR - ok
12:01:55.0149 3436	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:01:55.0211 3436	Dhcp - ok
12:01:55.0274 3436	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:01:55.0305 3436	disk - ok
12:01:55.0539 3436	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:01:55.0633 3436	Dnscache - ok
12:01:55.0711 3436	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:01:55.0867 3436	dot3svc - ok
12:01:55.0991 3436	dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
12:01:56.0163 3436	dot4 - ok
12:01:56.0225 3436	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:01:56.0303 3436	Dot4Print - ok
12:01:56.0366 3436	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
12:01:56.0413 3436	dot4usb - ok
12:01:56.0506 3436	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:01:56.0631 3436	DPS - ok
12:01:56.0678 3436	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:01:56.0740 3436	drmkaud - ok
12:01:56.0849 3436	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:01:56.0896 3436	DXGKrnl - ok
12:01:57.0146 3436	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:01:57.0333 3436	E1G60 - ok
12:01:57.0520 3436	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:01:57.0957 3436	EapHost - ok
12:01:58.0659 3436	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:01:59.0065 3436	Ecache - ok
12:01:59.0143 3436	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:01:59.0189 3436	ehRecvr - ok
12:01:59.0299 3436	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:01:59.0704 3436	ehSched - ok
12:01:59.0735 3436	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:02:00.0375 3436	ehstart - ok
12:02:00.0562 3436	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:02:00.0687 3436	elxstor - ok
12:02:00.0874 3436	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:02:01.0342 3436	EMDMgmt - ok
12:02:01.0405 3436	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:02:01.0545 3436	ErrDev - ok
12:02:01.0717 3436	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:02:01.0904 3436	EventSystem - ok
12:02:02.0325 3436	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:02:02.0387 3436	exfat - ok
12:02:02.0450 3436	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:02:02.0481 3436	fastfat - ok
12:02:02.0575 3436	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:02:02.0621 3436	fdc - ok
12:02:02.0684 3436	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:02:02.0731 3436	fdPHost - ok
12:02:02.0762 3436	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:02:02.0871 3436	FDResPub - ok
12:02:02.0949 3436	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:02:02.0949 3436	FileInfo - ok
12:02:03.0011 3436	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:02:03.0043 3436	Filetrace - ok
12:02:03.0089 3436	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:02:03.0152 3436	flpydisk - ok
12:02:03.0183 3436	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:02:03.0214 3436	FltMgr - ok
12:02:03.0323 3436	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:02:03.0370 3436	FontCache - ok
12:02:03.0448 3436	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:02:03.0464 3436	FontCache3.0.0.0 - ok
12:02:03.0526 3436	FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
12:02:03.0573 3436	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
12:02:03.0573 3436	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
12:02:03.0620 3436	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:02:03.0651 3436	Fs_Rec - ok
12:02:03.0698 3436	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:02:03.0713 3436	gagp30kx - ok
12:02:03.0745 3436	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:02:03.0745 3436	GEARAspiWDM - ok
12:02:03.0791 3436	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
12:02:03.0807 3436	ggflt - ok
12:02:03.0838 3436	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
12:02:03.0854 3436	ggsemc - ok
12:02:03.0979 3436	GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:02:03.0994 3436	GoogleDesktopManager-051210-111108 - ok
12:02:04.0088 3436	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:02:04.0166 3436	gpsvc - ok
12:02:04.0244 3436	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
12:02:04.0291 3436	HdAudAddService - ok
12:02:04.0369 3436	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:02:04.0415 3436	HDAudBus - ok
12:02:04.0462 3436	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:02:04.0556 3436	HidBth - ok
12:02:04.0571 3436	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:02:04.0634 3436	HidIr - ok
12:02:04.0665 3436	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
12:02:04.0696 3436	hidserv - ok
12:02:04.0727 3436	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:02:04.0743 3436	HidUsb - ok
12:02:04.0821 3436	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:02:04.0899 3436	hkmsvc - ok
12:02:04.0930 3436	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:02:04.0946 3436	HpCISSs - ok
12:02:04.0993 3436	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:02:05.0071 3436	HTTP - ok
12:02:05.0102 3436	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:02:05.0117 3436	i2omp - ok
12:02:05.0149 3436	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:02:05.0195 3436	i8042prt - ok
12:02:05.0383 3436	ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:02:05.0523 3436	ialm - ok
12:02:05.0695 3436	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
12:02:05.0726 3436	iaStor - ok
12:02:05.0773 3436	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:02:05.0819 3436	iaStorV - ok
12:02:06.0475 3436	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:02:06.0615 3436	idsvc - ok
12:02:06.0693 3436	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:02:06.0693 3436	iirsp - ok
12:02:06.0738 3436	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:02:06.0793 3436	IKEEXT - ok
12:02:07.0088 3436	IntcAzAudAddService (b4fd14f7b231e358bec6c71d1a6c2845) C:\Windows\system32\drivers\RTKVHDA.sys
12:02:07.0198 3436	IntcAzAudAddService - ok
12:02:07.0398 3436	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:02:07.0413 3436	intelide - ok
12:02:07.0468 3436	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:02:07.0513 3436	intelppm - ok
12:02:07.0543 3436	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:02:07.0633 3436	IPBusEnum - ok
12:02:07.0668 3436	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:02:07.0718 3436	IpFilterDriver - ok
12:02:07.0788 3436	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:02:07.0843 3436	iphlpsvc - ok
12:02:07.0848 3436	IpInIp - ok
12:02:07.0878 3436	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:02:07.0903 3436	IPMIDRV - ok
12:02:07.0933 3436	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:02:07.0958 3436	IPNAT - ok
12:02:07.0993 3436	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:02:08.0018 3436	IRENUM - ok
12:02:08.0053 3436	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:02:08.0068 3436	isapnp - ok
12:02:08.0123 3436	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:02:08.0138 3436	iScsiPrt - ok
12:02:08.0153 3436	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:02:08.0168 3436	iteatapi - ok
12:02:08.0183 3436	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:02:08.0198 3436	iteraid - ok
12:02:08.0238 3436	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:02:08.0253 3436	kbdclass - ok
12:02:08.0338 3436	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
12:02:08.0368 3436	kbdhid - ok
12:02:08.0393 3436	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:02:08.0428 3436	KeyIso - ok
12:02:08.0498 3436	KMDFMEMIO       (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
12:02:08.0638 3436	KMDFMEMIO - ok
12:02:08.0723 3436	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:02:08.0778 3436	KSecDD - ok
12:02:08.0858 3436	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:02:08.0908 3436	KtmRm - ok
12:02:08.0983 3436	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
12:02:09.0178 3436	LanmanServer - ok
12:02:09.0233 3436	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:02:09.0343 3436	LanmanWorkstation - ok
12:02:09.0433 3436	lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
12:02:09.0443 3436	lirsgt - ok
12:02:09.0488 3436	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:02:09.0568 3436	lltdio - ok
12:02:09.0683 3436	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:02:09.0858 3436	lltdsvc - ok
12:02:09.0888 3436	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:02:09.0943 3436	lmhosts - ok
12:02:10.0018 3436	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:02:10.0043 3436	LSI_FC - ok
12:02:10.0079 3436	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:02:10.0125 3436	LSI_SAS - ok
12:02:10.0172 3436	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:02:10.0188 3436	LSI_SCSI - ok
12:02:10.0235 3436	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:02:10.0297 3436	luafv - ok
12:02:10.0391 3436	lxebCATSCustConnectService (a69ad7128300dfd6a8b113356fb7ee3b) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe
12:02:10.0437 3436	lxebCATSCustConnectService - ok
12:02:10.0484 3436	lxeb_device - ok
12:02:10.0515 3436	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:02:10.0562 3436	Mcx2Svc - ok
12:02:10.0625 3436	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:02:10.0640 3436	megasas - ok
12:02:10.0687 3436	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:02:10.0749 3436	MegaSR - ok
12:02:10.0765 3436	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:02:10.0843 3436	MMCSS - ok
12:02:10.0859 3436	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:02:10.0921 3436	Modem - ok
12:02:10.0937 3436	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:02:11.0015 3436	monitor - ok
12:02:11.0061 3436	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:02:11.0077 3436	mouclass - ok
12:02:11.0155 3436	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:02:11.0217 3436	mouhid - ok
12:02:11.0233 3436	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:02:11.0264 3436	MountMgr - ok
12:02:11.0420 3436	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:02:11.0498 3436	MozillaMaintenance - ok
12:02:11.0545 3436	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:02:11.0576 3436	mpio - ok
12:02:11.0623 3436	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:02:11.0685 3436	mpsdrv - ok
12:02:11.0795 3436	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:02:11.0857 3436	MpsSvc - ok
12:02:11.0904 3436	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:02:11.0935 3436	Mraid35x - ok
12:02:12.0107 3436	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:02:12.0138 3436	MRxDAV - ok
12:02:12.0185 3436	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:02:12.0247 3436	mrxsmb - ok
12:02:12.0294 3436	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:02:12.0341 3436	mrxsmb10 - ok
12:02:12.0356 3436	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:02:12.0403 3436	mrxsmb20 - ok
12:02:12.0465 3436	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
12:02:12.0497 3436	msahci - ok
12:02:12.0528 3436	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:02:12.0559 3436	msdsm - ok
12:02:12.0606 3436	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:02:12.0746 3436	MSDTC - ok
12:02:12.0777 3436	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:02:12.0871 3436	Msfs - ok
12:02:12.0902 3436	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:02:12.0933 3436	msisadrv - ok
12:02:13.0089 3436	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:02:13.0183 3436	MSiSCSI - ok
12:02:13.0183 3436	msiserver - ok
12:02:13.0230 3436	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:02:13.0292 3436	MSKSSRV - ok
12:02:13.0355 3436	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:02:13.0401 3436	MSPCLOCK - ok
12:02:13.0433 3436	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:02:13.0495 3436	MSPQM - ok
12:02:13.0823 3436	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:02:13.0869 3436	MsRPC - ok
12:02:13.0901 3436	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:02:13.0901 3436	mssmbios - ok
12:02:14.0057 3436	MSSQL$MSSMLBIZ - ok
12:02:14.0166 3436	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:02:14.0181 3436	MSSQLServerADHelper - ok
12:02:14.0197 3436	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:02:14.0244 3436	MSTEE - ok
12:02:14.0369 3436	MTOnlPktAlyX    (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
12:02:14.0369 3436	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
12:02:14.0369 3436	MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
12:02:14.0415 3436	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:02:14.0431 3436	Mup - ok
12:02:14.0493 3436	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:02:14.0540 3436	napagent - ok
12:02:14.0618 3436	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:02:14.0649 3436	NativeWifiP - ok
12:02:14.0696 3436	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:02:14.0743 3436	NDIS - ok
12:02:14.0774 3436	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:02:14.0821 3436	NdisTapi - ok
12:02:14.0837 3436	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:02:14.0868 3436	Ndisuio - ok
12:02:14.0915 3436	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:02:14.0946 3436	NdisWan - ok
12:02:14.0961 3436	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:02:14.0993 3436	NDProxy - ok
12:02:15.0008 3436	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:02:15.0055 3436	NetBIOS - ok
12:02:15.0102 3436	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:02:15.0149 3436	netbt - ok
12:02:15.0164 3436	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:02:15.0180 3436	Netlogon - ok
12:02:15.0227 3436	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:02:15.0273 3436	Netman - ok
12:02:15.0320 3436	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:02:15.0336 3436	netprofm - ok
12:02:15.0414 3436	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:02:15.0414 3436	NetTcpPortSharing - ok
12:02:15.0695 3436	NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
12:02:15.0835 3436	NETw3v32 - ok
12:02:16.0209 3436	Netzmanager Service (450d0d2062c54dda23583a78c0eb63d9) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
12:02:16.0225 3436	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
12:02:16.0225 3436	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
12:02:16.0568 3436	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:02:16.0584 3436	nfrd960 - ok
12:02:16.0646 3436	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:02:16.0709 3436	NlaSvc - ok
12:02:17.0130 3436	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:02:17.0161 3436	Npfs - ok
12:02:17.0192 3436	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:02:17.0239 3436	nsi - ok
12:02:17.0333 3436	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:02:17.0426 3436	nsiproxy - ok
12:02:17.0645 3436	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:02:17.0738 3436	Ntfs - ok
12:02:17.0801 3436	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:02:17.0910 3436	ntrigdigi - ok
12:02:17.0925 3436	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:02:17.0972 3436	Null - ok
12:02:18.0003 3436	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:02:18.0050 3436	nvraid - ok
12:02:18.0081 3436	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:02:18.0097 3436	nvstor - ok
12:02:18.0128 3436	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:02:18.0175 3436	nv_agp - ok
12:02:18.0175 3436	NwlnkFlt - ok
12:02:18.0191 3436	NwlnkFwd - ok
12:02:18.0237 3436	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
12:02:18.0284 3436	ohci1394 - ok
12:02:18.0393 3436	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:02:18.0425 3436	ose - ok
12:02:19.0267 3436	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:02:19.0626 3436	osppsvc - ok
12:02:19.0875 3436	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:02:19.0969 3436	p2pimsvc - ok
12:02:19.0985 3436	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:02:20.0047 3436	p2psvc - ok
12:02:20.0546 3436	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:02:20.0624 3436	Parport - ok
12:02:20.0687 3436	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:02:20.0718 3436	partmgr - ok
12:02:20.0780 3436	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:02:20.0827 3436	Parvdm - ok
12:02:20.0858 3436	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:02:20.0921 3436	PcaSvc - ok
12:02:20.0967 3436	pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
12:02:21.0014 3436	pccsmcfd - ok
12:02:21.0045 3436	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:02:21.0061 3436	pci - ok
12:02:21.0092 3436	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:02:21.0092 3436	pciide - ok
12:02:21.0139 3436	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
12:02:21.0170 3436	pcmcia - ok
12:02:21.0794 3436	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:02:21.0935 3436	PEAUTH - ok
12:02:22.0668 3436	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:02:22.0871 3436	pla - ok
12:02:23.0323 3436	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:02:23.0385 3436	PlugPlay - ok
12:02:23.0495 3436	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:02:23.0541 3436	PNRPAutoReg - ok
12:02:23.0557 3436	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:02:23.0604 3436	PNRPsvc - ok
12:02:23.0666 3436	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:02:23.0713 3436	PolicyAgent - ok
12:02:23.0791 3436	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:02:23.0853 3436	PptpMiniport - ok
12:02:23.0869 3436	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:02:23.0916 3436	Processor - ok
12:02:23.0963 3436	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:02:23.0978 3436	ProfSvc - ok
12:02:24.0072 3436	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:02:24.0072 3436	ProtectedStorage - ok
12:02:24.0103 3436	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:02:24.0150 3436	PSched - ok
12:02:24.0259 3436	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:02:24.0353 3436	ql2300 - ok
12:02:24.0384 3436	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:02:24.0399 3436	ql40xx - ok
12:02:24.0477 3436	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:02:24.0493 3436	QWAVE - ok
12:02:24.0524 3436	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:02:24.0555 3436	QWAVEdrv - ok
12:02:24.0571 3436	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:02:24.0618 3436	RasAcd - ok
12:02:24.0649 3436	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:02:24.0727 3436	RasAuto - ok
12:02:24.0743 3436	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:02:24.0774 3436	Rasl2tp - ok
12:02:24.0867 3436	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:02:24.0930 3436	RasMan - ok
12:02:24.0961 3436	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:02:25.0039 3436	RasPppoe - ok
12:02:25.0070 3436	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:02:25.0101 3436	RasSstp - ok
12:02:25.0148 3436	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:02:25.0195 3436	rdbss - ok
12:02:25.0226 3436	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:02:25.0289 3436	RDPCDD - ok
12:02:25.0351 3436	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:02:25.0429 3436	rdpdr - ok
12:02:25.0429 3436	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:02:25.0460 3436	RDPENCDD - ok
12:02:25.0507 3436	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
12:02:25.0585 3436	RDPWD - ok
12:02:25.0632 3436	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:02:25.0663 3436	RemoteAccess - ok
12:02:25.0710 3436	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:02:25.0757 3436	RemoteRegistry - ok
12:02:25.0819 3436	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
12:02:25.0881 3436	RFCOMM - ok
12:02:25.0913 3436	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:02:25.0959 3436	RpcLocator - ok
12:02:26.0053 3436	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:02:26.0084 3436	RpcSs - ok
12:02:26.0131 3436	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:02:26.0193 3436	rspndr - ok
12:02:26.0225 3436	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:02:26.0240 3436	SamSs - ok
12:02:26.0427 3436	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:02:26.0443 3436	sbp2port - ok
12:02:26.0490 3436	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:02:26.0521 3436	SCardSvr - ok
12:02:26.0724 3436	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:02:26.0817 3436	Schedule - ok
12:02:26.0880 3436	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:02:26.0911 3436	SCPolicySvc - ok
12:02:26.0958 3436	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
12:02:27.0020 3436	sdbus - ok
12:02:27.0410 3436	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:02:27.0441 3436	SDRSVC - ok
12:02:27.0473 3436	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:02:27.0535 3436	secdrv - ok
12:02:27.0551 3436	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:02:27.0613 3436	seclogon - ok
12:02:27.0644 3436	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
12:02:27.0691 3436	SENS - ok
12:02:27.0707 3436	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:02:27.0785 3436	Serenum - ok
12:02:28.0081 3436	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:02:28.0175 3436	Serial - ok
12:02:28.0190 3436	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:02:28.0237 3436	sermouse - ok
12:02:28.0549 3436	ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
12:02:28.0596 3436	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
12:02:28.0596 3436	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
12:02:28.0643 3436	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:02:28.0721 3436	SessionEnv - ok
12:02:28.0736 3436	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:02:28.0783 3436	sffdisk - ok
12:02:28.0799 3436	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:02:28.0892 3436	sffp_mmc - ok
12:02:28.0908 3436	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:02:28.0955 3436	sffp_sd - ok
12:02:28.0970 3436	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:02:29.0095 3436	sfloppy - ok
12:02:29.0937 3436	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:02:30.0000 3436	SharedAccess - ok
12:02:30.0203 3436	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:02:30.0249 3436	ShellHWDetection - ok
12:02:30.0281 3436	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:02:30.0312 3436	sisagp - ok
12:02:30.0343 3436	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:02:30.0359 3436	SiSRaid2 - ok
12:02:30.0390 3436	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:02:30.0405 3436	SiSRaid4 - ok
12:02:31.0825 3436	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:02:32.0059 3436	slsvc - ok
12:02:32.0745 3436	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:02:32.0808 3436	SLUINotify - ok
12:02:32.0948 3436	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:02:33.0042 3436	Smb - ok
12:02:33.0104 3436	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:02:33.0167 3436	SNMPTRAP - ok
12:02:33.0198 3436	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:02:33.0213 3436	spldr - ok
12:02:33.0276 3436	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:02:33.0338 3436	Spooler - ok
12:02:33.0463 3436	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:02:33.0479 3436	SQLBrowser - ok
12:02:33.0525 3436	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:02:33.0557 3436	SQLWriter - ok
12:02:33.0619 3436	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:02:33.0681 3436	srv - ok
12:02:33.0744 3436	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:02:33.0806 3436	srv2 - ok
12:02:33.0837 3436	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:02:33.0869 3436	srvnet - ok
12:02:33.0915 3436	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:02:33.0993 3436	SSDPSRV - ok
12:02:34.0025 3436	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:02:34.0040 3436	ssmdrv - ok
12:02:34.0087 3436	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:02:34.0103 3436	SstpSvc - ok
12:02:34.0181 3436	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:02:34.0227 3436	stisvc - ok
12:02:34.0274 3436	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:02:34.0290 3436	swenum - ok
12:02:34.0383 3436	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:02:34.0446 3436	swprv - ok
12:02:34.0461 3436	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:02:34.0493 3436	Symc8xx - ok
12:02:34.0508 3436	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:02:34.0524 3436	Sym_hi - ok
12:02:34.0539 3436	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:02:34.0555 3436	Sym_u3 - ok
12:02:34.0617 3436	SynTP           (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
12:02:34.0633 3436	SynTP - ok
12:02:34.0789 3436	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:02:34.0851 3436	SysMain - ok
12:02:34.0883 3436	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:02:34.0929 3436	TabletInputService - ok
12:02:34.0992 3436	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:02:35.0054 3436	TapiSrv - ok
12:02:35.0101 3436	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:02:35.0148 3436	TBS - ok
12:02:35.0288 3436	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
12:02:35.0397 3436	Tcpip - ok
12:02:35.0413 3436	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
12:02:35.0475 3436	Tcpip6 - ok
12:02:35.0522 3436	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
12:02:35.0569 3436	tcpipreg - ok
12:02:35.0600 3436	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:02:35.0647 3436	TDPIPE - ok
12:02:35.0678 3436	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:02:35.0772 3436	TDTCP - ok
12:02:35.0803 3436	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:02:35.0834 3436	tdx - ok
12:02:35.0881 3436	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:02:35.0881 3436	TermDD - ok
12:02:35.0990 3436	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:02:36.0037 3436	TermService - ok
12:02:36.0115 3436	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:02:36.0131 3436	Themes - ok
12:02:36.0193 3436	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:02:36.0224 3436	THREADORDER - ok
12:02:36.0287 3436	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:02:36.0318 3436	TrkWks - ok
12:02:36.0380 3436	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:02:36.0411 3436	TrustedInstaller - ok
12:02:36.0443 3436	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:02:36.0489 3436	tssecsrv - ok
12:02:36.0521 3436	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:02:36.0552 3436	tunmp - ok
12:02:36.0599 3436	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:02:36.0599 3436	tunnel - ok
12:02:36.0630 3436	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:02:36.0645 3436	uagp35 - ok
12:02:36.0692 3436	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:02:36.0708 3436	udfs - ok
12:02:36.0739 3436	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:02:36.0786 3436	UI0Detect - ok
12:02:36.0817 3436	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:02:36.0833 3436	uliagpkx - ok
12:02:36.0864 3436	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:02:36.0895 3436	uliahci - ok
12:02:36.0926 3436	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:02:36.0942 3436	UlSata - ok
12:02:37.0035 3436	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:02:37.0051 3436	ulsata2 - ok
12:02:37.0067 3436	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:02:37.0145 3436	umbus - ok
12:02:37.0176 3436	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:02:37.0238 3436	upnphost - ok
12:02:37.0269 3436	USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
12:02:37.0347 3436	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
12:02:37.0347 3436	USBAAPL - detected UnsignedFile.Multi.Generic (1)
12:02:37.0410 3436	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:02:37.0441 3436	usbccgp - ok
12:02:37.0472 3436	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:02:37.0550 3436	usbcir - ok
12:02:37.0581 3436	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:02:37.0613 3436	usbehci - ok
12:02:37.0659 3436	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:02:37.0722 3436	usbhub - ok
12:02:37.0753 3436	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:02:37.0815 3436	usbohci - ok
12:02:37.0893 3436	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:02:37.0956 3436	usbprint - ok
12:02:38.0003 3436	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:02:38.0049 3436	usbscan - ok
12:02:38.0143 3436	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:02:38.0221 3436	USBSTOR - ok
12:02:38.0252 3436	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:02:38.0330 3436	usbuhci - ok
12:02:38.0377 3436	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:02:38.0471 3436	usbvideo - ok
12:02:38.0502 3436	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:02:38.0549 3436	UxSms - ok
12:02:38.0798 3436	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:02:38.0861 3436	vds - ok
12:02:38.0939 3436	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:02:39.0001 3436	vga - ok
12:02:39.0032 3436	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:02:39.0079 3436	VgaSave - ok
12:02:39.0110 3436	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:02:39.0141 3436	viaagp - ok
12:02:39.0157 3436	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:02:39.0188 3436	ViaC7 - ok
12:02:39.0204 3436	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:02:39.0219 3436	viaide - ok
12:02:39.0235 3436	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:02:39.0251 3436	volmgr - ok
12:02:39.0313 3436	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:02:39.0344 3436	volmgrx - ok
12:02:39.0375 3436	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:02:39.0391 3436	volsnap - ok
12:02:39.0422 3436	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:02:39.0438 3436	vsmraid - ok
12:02:39.0578 3436	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:02:39.0672 3436	VSS - ok
12:02:39.0734 3436	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:02:39.0781 3436	W32Time - ok
12:02:39.0859 3436	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:02:39.0921 3436	WacomPen - ok
12:02:39.0968 3436	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:02:40.0015 3436	Wanarp - ok
12:02:40.0015 3436	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:02:40.0031 3436	Wanarpv6 - ok
12:02:40.0202 3436	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:02:40.0233 3436	wcncsvc - ok
12:02:40.0265 3436	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:02:40.0327 3436	WcsPlugInService - ok
12:02:40.0358 3436	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:02:40.0374 3436	Wd - ok
12:02:40.0421 3436	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:02:40.0467 3436	Wdf01000 - ok
12:02:40.0483 3436	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:02:40.0530 3436	WdiServiceHost - ok
12:02:40.0545 3436	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:02:40.0577 3436	WdiSystemHost - ok
12:02:40.0655 3436	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:02:40.0717 3436	WebClient - ok
12:02:40.0795 3436	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:02:40.0857 3436	Wecsvc - ok
12:02:40.0904 3436	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:02:40.0951 3436	wercplsupport - ok
12:02:41.0107 3436	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:02:41.0154 3436	WerSvc - ok
12:02:41.0294 3436	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:02:41.0325 3436	WinDefend - ok
12:02:41.0341 3436	WinHttpAutoProxySvc - ok
12:02:41.0466 3436	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:02:41.0497 3436	Winmgmt - ok
12:02:41.0637 3436	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:02:41.0747 3436	WinRM - ok
12:02:41.0871 3436	WinVNC4         (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
12:02:41.0918 3436	WinVNC4 - ok
12:02:42.0074 3436	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:02:42.0137 3436	Wlansvc - ok
12:02:42.0246 3436	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
12:02:42.0308 3436	WmiAcpi - ok
12:02:42.0386 3436	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:02:42.0464 3436	wmiApSrv - ok
12:02:42.0573 3436	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:02:42.0651 3436	WMPNetworkSvc - ok
12:02:42.0698 3436	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:02:42.0761 3436	WPCSvc - ok
12:02:42.0792 3436	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:02:42.0839 3436	WPDBusEnum - ok
12:02:42.0901 3436	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:02:42.0917 3436	WpdUsb - ok
12:02:43.0119 3436	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:02:43.0166 3436	WPFFontCache_v0400 - ok
12:02:43.0229 3436	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:02:43.0291 3436	ws2ifsl - ok
12:02:43.0322 3436	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
12:02:43.0400 3436	wscsvc - ok
12:02:43.0447 3436	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:02:43.0478 3436	WSDPrintDevice - ok
12:02:43.0494 3436	WSearch - ok
12:02:43.0790 3436	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
12:02:43.0946 3436	wuauserv - ok
12:02:44.0149 3436	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:02:44.0227 3436	WUDFRd - ok
12:02:44.0274 3436	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:02:44.0367 3436	wudfsvc - ok
12:02:44.0461 3436	yksvc           (3541e083be976294da5e644db122a9a7) C:\Windows\System32\ykx32mpcoinst.dll
12:02:44.0570 3436	yksvc - ok
12:02:44.0617 3436	yukonwlh        (6d16a5c05d4fa06fade1d97580986803) C:\Windows\system32\DRIVERS\yk60x86.sys
12:02:44.0695 3436	yukonwlh - ok
12:02:44.0757 3436	MBR (0x1B8)     (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
12:02:46.0161 3436	\Device\Harddisk0\DR0 - ok
12:02:46.0193 3436	Boot (0x1200)   (78cae79b9a4327e8e4a4aaafa95c9e31) \Device\Harddisk0\DR0\Partition0
12:02:46.0193 3436	\Device\Harddisk0\DR0\Partition0 - ok
12:02:46.0224 3436	Boot (0x1200)   (51d72760228ddccbc40dfc69b1e5013b) \Device\Harddisk0\DR0\Partition1
12:02:46.0224 3436	\Device\Harddisk0\DR0\Partition1 - ok
12:02:46.0224 3436	============================================================
12:02:46.0224 3436	Scan finished
12:02:46.0224 3436	============================================================
12:02:46.0239 5800	Detected object count: 12
12:02:46.0239 5800	Actual detected object count: 12
12:03:01.0574 5800	acedrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0574 5800	acedrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0590 5800	acedrv02 ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0590 5800	acedrv02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0590 5800	acedrv03 ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0590 5800	acedrv03 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0590 5800	acedrv04 ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0590 5800	acedrv04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0590 5800	acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0590 5800	acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0590 5800	acedrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0590 5800	acedrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0590 5800	acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0590 5800	acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0590 5800	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0590 5800	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0605 5800	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0605 5800	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0605 5800	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0605 5800	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0605 5800	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0605 5800	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:03:01.0605 5800	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:01.0605 5800	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Schönen Gruß
gaia48

cosinus · 06.05.2012, 18:11

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

gaia48 · 07.05.2012, 05:41

Hallo Arne,

ok, auch Combofix haben wir installiert, hier der Log:

Code:

ATTFilter

ComboFix 12-05-06.03 - Admin 06.05.2012  22:54:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3036.1929 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL9570.tmp
c:\programdata\SPLC924.tmp
c:\users\Public\sdelevURL.tmp
.
Infizierte Kopie von c:\windows\system32\debug.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\debug.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-06 bis 2012-05-06  ))))))))))))))))))))))))))))))
.
.
2012-05-06 21:02 . 2012-05-06 21:04	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2012-05-06 21:02 . 2012-05-06 21:02	--------	d-----w-	c:\users\Verena\AppData\Local\temp
2012-05-06 21:02 . 2012-05-06 21:02	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-05-06 21:02 . 2012-05-06 21:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-05 09:56 . 2012-05-05 09:56	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-05-04 20:16 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{47664E7F-8C7B-460E-8DCF-0142F0A5B84A}\mpengine.dll
2012-04-27 11:51 . 2012-04-27 11:51	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-04-27 11:51 . 2012-04-27 11:51	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 11:51 . 2012-04-27 11:51	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-12 10:13 . 2012-02-29 15:11	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-12 10:13 . 2012-02-29 15:11	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-04-12 10:13 . 2012-02-29 15:09	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-12 10:13 . 2012-02-29 13:32	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:11 . 2012-03-06 06:39	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-12 10:11 . 2012-03-06 06:39	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 19:58 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2011-05-31 17:21	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-29 21:10 . 2012-03-29 21:10	101376	----a-w-	c:\windows\system32\drivers\acedrv07.sys
2012-03-29 21:10 . 2012-03-29 21:10	99840	----a-w-	c:\windows\system32\drivers\acedrv06.sys
2012-03-29 21:10 . 2012-03-29 21:10	97792	----a-w-	c:\windows\system32\drivers\acedrv05.sys
2012-03-29 21:10 . 2012-03-29 21:10	97280	----a-w-	c:\windows\system32\drivers\acedrv04.sys
2012-03-29 21:10 . 2012-03-29 21:10	97280	----a-w-	c:\windows\system32\drivers\acedrv03.sys
2012-03-29 21:10 . 2012-03-29 21:10	97280	----a-w-	c:\windows\system32\drivers\acedrv02.sys
2012-03-29 21:10 . 2012-03-29 21:10	93696	----a-w-	c:\windows\system32\drivers\acedrv01.sys
2012-02-23 08:18 . 2010-06-13 20:46	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 20:27 . 2011-10-15 20:47	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-14 15:45 . 2012-03-14 15:16	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 15:16	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-02-14 10:09 . 2012-02-14 10:09	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-02-13 14:12 . 2012-03-14 15:16	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 15:16	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 15:16	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-04-27 11:51 . 2011-04-18 14:02	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-29 08:57 . 2010-06-14 19:54	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-12 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-29 30192]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"lxebmon.exe"="c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe" [2009-04-28 766632]
"EzPrint"="c:\program files\Lexmark Pro200-S500 Series\ezprint.exe" [2009-04-28 139944]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2010-3-22 1540096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27	17351304	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6\WLAN-Access Finder]
2009-08-18 14:01	671796	----a-w-	c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
.
S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [2012-03-29 93696]
S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [2012-03-29 97280]
S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [2012-03-29 97280]
S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [2012-03-29 97280]
S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [2012-03-29 99840]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
yksvcs	REG_MULTI_SZ   	yksvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-06 c:\windows\Tasks\User_Feed_Synchronization-{4224D031-A0DF-4C8A-965C-146460862FCB}.job
- c:\windows\system32\msfeedssync.exe [2012-04-11 08:09]
.
2012-05-06 c:\windows\Tasks\User_Feed_Synchronization-{59FF7F83-BB5C-40D2-A251-CE5F915947E4}.job
- c:\windows\system32\msfeedssync.exe [2012-04-11 08:09]
.
2012-05-06 c:\windows\Tasks\User_Feed_Synchronization-{83B22B03-42AA-42AC-B7EB-CACDB31F1883}.job
- c:\windows\system32\msfeedssync.exe [2012-04-11 08:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: Interfaces\{1EB29A5A-ED16-45C7-8400-01E9BD4F4A80}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\056guaym.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
HKCU-Run-Device Detection - c:\program files\Lidl_Fotos\dd.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-{0AA0EF07-5F55-47CA-B790-8AFB7BFEE159}_is1 - c:\brainmonster studios\2weistein-Training\unins000.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\System32\lpksetup.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\lxebcoms.exe
c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-06  23:11:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-06 21:10
.
Vor Suchlauf: 12 Verzeichnis(se), 95.161.159.680 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 94.780.825.600 Bytes frei
.
- - End Of File - - 6E3037412B451D0AF74E226E50DBA7D7

Guten Wochenstart.

Schönen Gruß
gaia 48

Windows Verschlüsselungstrojaner u defektes CD Laufwerk

Log-Analyse und Auswertung: Windows Verschlüsselungstrojaner u defektes CD Laufwerk