| |
| |||||||
Log-Analyse und Auswertung: Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.05.2012, 11:07
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42ace04e-5f13-11e1-a45d-e03221a14935}\Shell - "" = AutoRun
O33 - MountPoints2\{42ace04e-5f13-11e1-a45d-e03221a14935}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42ace04e-5f13-11e1-a45d-e03221a14935}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2012.05.25 10:42:39 | 000,000,000 | ---D | C] -- C:\c857607bcc0822963f
@Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E5F8E280
@Alternate Data Stream - 134 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9CF728A6
@Alternate Data Stream - 123 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7AF9CAEB
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:62525FE7
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:35629AE6
@Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6BF0805F
:Files
C:\windows\System32\winsh32?
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.05.2012, 11:19
| #17 |
 | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme...Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42ace04e-5f13-11e1-a45d-e03221a14935}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42ace04e-5f13-11e1-a45d-e03221a14935}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42ace04e-5f13-11e1-a45d-e03221a14935}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42ace04e-5f13-11e1-a45d-e03221a14935}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42ace04e-5f13-11e1-a45d-e03221a14935}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42ace04e-5f13-11e1-a45d-e03221a14935}\ not found.
File E:\AutoRun.exe not found.
C:\c857607bcc0822963f\i386 folder moved successfully.
C:\c857607bcc0822963f\amd64 folder moved successfully.
C:\c857607bcc0822963f folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E5F8E280 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9CF728A6 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7AF9CAEB deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:62525FE7 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:35629AE6 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6BF0805F deleted successfully.
========== FILES ==========
C:\windows\System32\winsh320 moved successfully.
C:\windows\System32\winsh321 moved successfully.
C:\windows\System32\winsh322 moved successfully.
C:\windows\System32\winsh323 moved successfully.
C:\windows\System32\winsh324 moved successfully.
C:\windows\System32\winsh325 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: *****
->Temp folder emptied: 387361538 bytes
->Temporary Internet Files folder emptied: 328281620 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 27055456 bytes
->Flash cache emptied: 46319 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 508055 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 724269 bytes
RecycleBin emptied: 25708714 bytes
Total Files Cleaned = 736,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: *****
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.44.0 log created on 05292012_121309
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
29.05.2012, 11:43
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
30.05.2012, 09:28
| #19 |
| | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Hier der Log vom TDSSKiller: Code:
ATTFilter 10:22:57.0546 4072 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
10:22:57.0734 4072 ============================================================
10:22:57.0734 4072 Current date / time: 2012/05/30 10:22:57.0734
10:22:57.0734 4072 SystemInfo:
10:22:57.0734 4072
10:22:57.0750 4072 OS Version: 5.1.2600 ServicePack: 3.0
10:22:57.0750 4072 Product type: Workstation
10:22:57.0750 4072 ComputerName: ESSTISCH
10:22:57.0750 4072 UserName: *****
10:22:57.0750 4072 Windows directory: C:\windows
10:22:57.0750 4072 System windows directory: C:\windows
10:22:57.0750 4072 Processor architecture: Intel x86
10:22:57.0750 4072 Number of processors: 1
10:22:57.0750 4072 Page size: 0x1000
10:22:57.0750 4072 Boot type: Normal boot
10:22:57.0750 4072 ============================================================
10:23:01.0437 4072 Drive \Device\Harddisk0\DR0 - Size: 0x1CC2828000 (115.04 Gb), SectorSize: 0x200, Cylinders: 0x3AA9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:23:01.0437 4072 Drive \Device\Harddisk1\DR2 - Size: 0x1CDE00000 (7.22 Gb), SectorSize: 0x200, Cylinders: 0x3AE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:23:01.0437 4072 ============================================================
10:23:01.0437 4072 \Device\Harddisk0\DR0:
10:23:01.0437 4072 MBR partitions:
10:23:01.0437 4072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE60E869
10:23:01.0437 4072 \Device\Harddisk1\DR2:
10:23:01.0437 4072 MBR partitions:
10:23:01.0437 4072 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0xE6EFC0
10:23:01.0437 4072 ============================================================
10:23:01.0468 4072 C: <-> \Device\Harddisk0\DR0\Partition0
10:23:01.0468 4072 ============================================================
10:23:01.0468 4072 Initialize success
10:23:01.0468 4072 ============================================================
10:23:59.0625 3584 ============================================================
10:23:59.0625 3584 Scan started
10:23:59.0625 3584 Mode: Manual; SigCheck; TDLFS;
10:23:59.0625 3584 ============================================================
10:23:59.0968 3584 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\windows\system32\drivers\Aavmker4.sys
10:24:00.0093 3584 Aavmker4 - ok
10:24:00.0109 3584 Abiosdsk - ok
10:24:00.0109 3584 abp480n5 - ok
10:24:00.0171 3584 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\windows\system32\DRIVERS\ACPI.sys
10:24:00.0796 3584 ACPI - ok
10:24:00.0843 3584 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\windows\system32\drivers\ACPIEC.sys
10:24:01.0000 3584 ACPIEC - ok
10:24:01.0093 3584 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:24:01.0109 3584 AdobeFlashPlayerUpdateSvc - ok
10:24:01.0125 3584 adpu160m - ok
10:24:01.0156 3584 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
10:24:01.0312 3584 aec - ok
10:24:01.0359 3584 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
10:24:01.0390 3584 AFD - ok
10:24:01.0390 3584 Aha154x - ok
10:24:01.0406 3584 aic78u2 - ok
10:24:01.0421 3584 aic78xx - ok
10:24:01.0453 3584 Alerter (738d80cc01d7bc7584be917b7f544394) C:\windows\system32\alrsvc.dll
10:24:01.0578 3584 Alerter - ok
10:24:01.0609 3584 ALG (190cd73d4984f94d823f9444980513e5) C:\windows\System32\alg.exe
10:24:01.0750 3584 ALG - ok
10:24:01.0750 3584 AliIde - ok
10:24:01.0796 3584 AmdK7 (3a0dafac778236559c14c7203fb550eb) C:\windows\system32\DRIVERS\amdk7.sys
10:24:01.0937 3584 AmdK7 - ok
10:24:01.0953 3584 amsint - ok
10:24:01.0984 3584 AppMgmt (d45960be52c3c610d361977057f98c54) C:\windows\System32\appmgmts.dll
10:24:02.0140 3584 AppMgmt - ok
10:24:02.0171 3584 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
10:24:02.0312 3584 Arp1394 - ok
10:24:02.0328 3584 asc - ok
10:24:02.0343 3584 asc3350p - ok
10:24:02.0343 3584 asc3550 - ok
10:24:02.0453 3584 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:24:02.0468 3584 aspnet_state - ok
10:24:02.0515 3584 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\windows\system32\drivers\aswFsBlk.sys
10:24:02.0515 3584 aswFsBlk - ok
10:24:02.0562 3584 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\windows\system32\drivers\aswMon2.sys
10:24:02.0578 3584 aswMon2 - ok
10:24:02.0609 3584 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\windows\system32\drivers\aswRdr.sys
10:24:02.0625 3584 aswRdr - ok
10:24:02.0671 3584 aswSnx (dcb199b967375753b5019ec15f008f53) C:\windows\system32\drivers\aswSnx.sys
10:24:02.0703 3584 aswSnx - ok
10:24:02.0734 3584 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\windows\system32\drivers\aswSP.sys
10:24:02.0765 3584 aswSP - ok
10:24:02.0796 3584 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\windows\system32\drivers\aswTdi.sys
10:24:02.0812 3584 aswTdi - ok
10:24:02.0828 3584 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
10:24:02.0968 3584 AsyncMac - ok
10:24:02.0984 3584 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
10:24:03.0125 3584 atapi - ok
10:24:03.0156 3584 Atdisk - ok
10:24:03.0171 3584 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
10:24:03.0328 3584 Atmarpc - ok
10:24:03.0359 3584 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\windows\System32\audiosrv.dll
10:24:03.0515 3584 AudioSrv - ok
10:24:03.0546 3584 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
10:24:03.0703 3584 audstub - ok
10:24:03.0812 3584 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programme\AVAST Software\Avast\AvastSvc.exe
10:24:03.0828 3584 avast! Antivirus - ok
10:24:03.0875 3584 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
10:24:04.0062 3584 Beep - ok
10:24:04.0125 3584 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
10:24:04.0281 3584 BITS - ok
10:24:04.0312 3584 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\windows\System32\browser.dll
10:24:04.0468 3584 Browser - ok
10:24:04.0515 3584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
10:24:04.0718 3584 cbidf2k - ok
10:24:04.0734 3584 cd20xrnt - ok
10:24:04.0812 3584 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
10:24:05.0031 3584 Cdaudio - ok
10:24:05.0265 3584 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
10:24:05.0375 3584 Cdfs - ok
10:24:05.0390 3584 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
10:24:05.0531 3584 Cdrom - ok
10:24:05.0546 3584 Changer - ok
10:24:05.0562 3584 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\windows\system32\cisvc.exe
10:24:05.0687 3584 CiSvc - ok
10:24:05.0703 3584 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\windows\system32\clipsrv.exe
10:24:05.0843 3584 ClipSrv - ok
10:24:05.0921 3584 clr_optimization_v2.0.50727_32 (7fa87325900183197bc9710d1ce4c9fa) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:24:05.0968 3584 clr_optimization_v2.0.50727_32 - ok
10:24:05.0984 3584 CmdIde - ok
10:24:05.0984 3584 COMSysApp - ok
10:24:06.0015 3584 Cpqarray - ok
10:24:06.0046 3584 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\windows\System32\cryptsvc.dll
10:24:06.0187 3584 CryptSvc - ok
10:24:06.0203 3584 dac2w2k - ok
10:24:06.0218 3584 dac960nt - ok
10:24:06.0265 3584 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\windows\system32\rpcss.dll
10:24:06.0343 3584 DcomLaunch - ok
10:24:06.0390 3584 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\windows\System32\dhcpcsvc.dll
10:24:06.0531 3584 Dhcp - ok
10:24:06.0562 3584 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
10:24:06.0703 3584 Disk - ok
10:24:06.0703 3584 dmadmin - ok
10:24:06.0765 3584 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\windows\system32\drivers\dmboot.sys
10:24:06.0937 3584 dmboot - ok
10:24:06.0953 3584 dmio (53720ab12b48719d00e327da470a619a) C:\windows\system32\drivers\dmio.sys
10:24:07.0093 3584 dmio - ok
10:24:07.0109 3584 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
10:24:07.0281 3584 dmload - ok
10:24:07.0312 3584 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\windows\System32\dmserver.dll
10:24:07.0453 3584 dmserver - ok
10:24:07.0468 3584 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
10:24:07.0625 3584 DMusic - ok
10:24:07.0656 3584 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\windows\System32\dnsrslvr.dll
10:24:07.0703 3584 Dnscache - ok
10:24:07.0750 3584 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\windows\System32\dot3svc.dll
10:24:07.0875 3584 Dot3svc - ok
10:24:07.0875 3584 dpti2o - ok
10:24:07.0906 3584 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
10:24:08.0046 3584 drmkaud - ok
10:24:08.0078 3584 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\windows\System32\eapsvc.dll
10:24:08.0218 3584 EapHost - ok
10:24:08.0250 3584 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\windows\System32\ersvc.dll
10:24:08.0390 3584 ERSvc - ok
10:24:08.0437 3584 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\windows\system32\services.exe
10:24:08.0500 3584 Eventlog - ok
10:24:08.0531 3584 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
10:24:08.0562 3584 EventSystem - ok
10:24:08.0609 3584 ewusbnet (fb54f67974d13d73be3e2f1df042d295) C:\windows\system32\DRIVERS\ewusbnet.sys
10:24:08.0640 3584 ewusbnet - ok
10:24:08.0656 3584 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\windows\system32\DRIVERS\ew_hwusbdev.sys
10:24:08.0687 3584 ew_hwusbdev - ok
10:24:08.0734 3584 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
10:24:08.0875 3584 Fastfat - ok
10:24:08.0921 3584 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
10:24:08.0937 3584 FastUserSwitchingCompatibility - ok
10:24:08.0953 3584 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
10:24:09.0078 3584 Fdc - ok
10:24:09.0109 3584 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\windows\system32\drivers\Fips.sys
10:24:09.0250 3584 Fips - ok
10:24:09.0281 3584 FIXUSTOR (a06be9eaf78b91743104c9b86315ac31) C:\windows\system32\DRIVERS\fixustor.sys
10:24:09.0312 3584 FIXUSTOR - ok
10:24:09.0343 3584 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
10:24:09.0484 3584 Flpydisk - ok
10:24:09.0546 3584 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
10:24:09.0656 3584 FltMgr - ok
10:24:09.0750 3584 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:24:09.0765 3584 FontCache3.0.0.0 - ok
10:24:09.0796 3584 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\windows\system32\FsUsbExDisk.SYS
10:24:09.0828 3584 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
10:24:09.0828 3584 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
10:24:09.0875 3584 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\windows\system32\FsUsbExService.Exe
10:24:09.0906 3584 FsUsbExService - ok
10:24:09.0953 3584 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
10:24:10.0109 3584 Fs_Rec - ok
10:24:10.0140 3584 Ftdisk (8f1955ce42e1484714b542f341647778) C:\windows\system32\DRIVERS\ftdisk.sys
10:24:10.0343 3584 Ftdisk - ok
10:24:10.0359 3584 gameenum (065639773d8b03f33577f6cdaea21063) C:\windows\system32\DRIVERS\gameenum.sys
10:24:10.0484 3584 gameenum - ok
10:24:10.0531 3584 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
10:24:10.0640 3584 Gpc - ok
10:24:10.0796 3584 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:24:10.0812 3584 gupdate - ok
10:24:10.0812 3584 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:24:10.0828 3584 gupdatem - ok
10:24:10.0890 3584 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
10:24:10.0906 3584 gusvc - ok
10:24:10.0968 3584 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:24:11.0093 3584 helpsvc - ok
10:24:11.0125 3584 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\windows\System32\hidserv.dll
10:24:11.0250 3584 HidServ - ok
10:24:11.0281 3584 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
10:24:11.0406 3584 HidUsb - ok
10:24:11.0468 3584 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\windows\System32\kmsvc.dll
10:24:11.0593 3584 hkmsvc - ok
10:24:11.0593 3584 hpn - ok
10:24:11.0640 3584 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
10:24:11.0687 3584 HTTP - ok
10:24:11.0703 3584 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\windows\System32\w3ssl.dll
10:24:11.0843 3584 HTTPFilter - ok
10:24:11.0890 3584 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\windows\system32\DRIVERS\ew_jubusenum.sys
10:24:11.0921 3584 huawei_enumerator - ok
10:24:11.0953 3584 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\windows\system32\DRIVERS\ewusbmdm.sys
10:24:12.0000 3584 hwdatacard - ok
10:24:12.0093 3584 HWDeviceService.exe - ok
10:24:12.0109 3584 i2omgmt - ok
10:24:12.0125 3584 i2omp - ok
10:24:12.0156 3584 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\windows\system32\DRIVERS\i8042prt.sys
10:24:12.0312 3584 i8042prt - ok
10:24:12.0500 3584 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:24:12.0546 3584 idsvc - ok
10:24:12.0578 3584 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
10:24:12.0703 3584 Imapi - ok
10:24:12.0734 3584 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
10:24:12.0890 3584 ImapiService - ok
10:24:12.0890 3584 ini910u - ok
10:24:12.0906 3584 IntelIde - ok
10:24:12.0953 3584 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
10:24:13.0078 3584 Ip6Fw - ok
10:24:13.0093 3584 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:24:13.0265 3584 IpFilterDriver - ok
10:24:13.0281 3584 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
10:24:13.0390 3584 IpInIp - ok
10:24:13.0437 3584 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
10:24:13.0562 3584 IpNat - ok
10:24:13.0593 3584 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
10:24:13.0734 3584 IPSec - ok
10:24:13.0765 3584 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
10:24:13.0906 3584 IRENUM - ok
10:24:13.0937 3584 isapnp (6dfb88f64135c525433e87648bda30de) C:\windows\system32\DRIVERS\isapnp.sys
10:24:14.0046 3584 isapnp - ok
10:24:14.0156 3584 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
10:24:14.0171 3584 JavaQuickStarterService - ok
10:24:14.0218 3584 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\windows\system32\DRIVERS\kbdclass.sys
10:24:14.0343 3584 Kbdclass - ok
10:24:14.0375 3584 kbdhid (b6d6c117d771c98130497265f26d1882) C:\windows\system32\DRIVERS\kbdhid.sys
10:24:14.0515 3584 kbdhid - ok
10:24:14.0546 3584 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
10:24:14.0687 3584 kmixer - ok
10:24:14.0718 3584 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
10:24:14.0734 3584 KSecDD - ok
10:24:14.0781 3584 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\windows\System32\srvsvc.dll
10:24:14.0828 3584 lanmanserver - ok
10:24:14.0859 3584 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\windows\System32\wkssvc.dll
10:24:14.0890 3584 lanmanworkstation - ok
10:24:14.0906 3584 lbrtfdc - ok
10:24:14.0937 3584 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\windows\system32\DRIVERS\LHidFlt2.Sys
10:24:14.0984 3584 LHidFlt2 - ok
10:24:15.0031 3584 LmHosts (636714b7d43c8d0c80449123fd266920) C:\windows\System32\lmhsvc.dll
10:24:15.0156 3584 LmHosts - ok
10:24:15.0171 3584 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\windows\system32\DRIVERS\LMouFlt2.Sys
10:24:15.0203 3584 LMouFlt2 - ok
10:24:15.0234 3584 Messenger (b7550a7107281d170ce85524b1488c98) C:\windows\System32\msgsvc.dll
10:24:15.0343 3584 Messenger - ok
10:24:15.0375 3584 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
10:24:15.0562 3584 mnmdd - ok
10:24:15.0593 3584 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
10:24:15.0718 3584 mnmsrvc - ok
10:24:15.0812 3584 Mobile Partner. RunOuc (60ac73eb57682f361e07ae26a62dfd6a) C:\Programme\Mobile Partner\UpdateDog\ouc.exe
10:24:15.0828 3584 Mobile Partner. RunOuc - ok
10:24:15.0875 3584 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\windows\system32\drivers\Modem.sys
10:24:16.0015 3584 Modem - ok
10:24:16.0046 3584 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\windows\system32\DRIVERS\mouclass.sys
10:24:16.0187 3584 Mouclass - ok
10:24:16.0218 3584 mouhid (66a6f73c74e1791464160a7065ce711a) C:\windows\system32\DRIVERS\mouhid.sys
10:24:16.0390 3584 mouhid - ok
10:24:16.0421 3584 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
10:24:16.0546 3584 MountMgr - ok
10:24:16.0562 3584 mraid35x - ok
10:24:16.0578 3584 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
10:24:16.0703 3584 MRxDAV - ok
10:24:16.0765 3584 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
10:24:16.0796 3584 MRxSmb - ok
10:24:16.0843 3584 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
10:24:16.0953 3584 MSDTC - ok
10:24:16.0968 3584 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
10:24:17.0093 3584 Msfs - ok
10:24:17.0109 3584 MSIServer - ok
10:24:17.0156 3584 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
10:24:17.0265 3584 MSKSSRV - ok
10:24:17.0296 3584 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
10:24:17.0406 3584 MSPCLOCK - ok
10:24:17.0406 3584 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
10:24:17.0546 3584 MSPQM - ok
10:24:17.0578 3584 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
10:24:17.0687 3584 mssmbios - ok
10:24:17.0734 3584 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\windows\system32\drivers\msmpu401.sys
10:24:17.0890 3584 ms_mpu401 - ok
10:24:17.0937 3584 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
10:24:17.0968 3584 Mup - ok
10:24:18.0046 3584 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\windows\System32\qagentrt.dll
10:24:18.0187 3584 napagent - ok
10:24:18.0234 3584 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
10:24:18.0359 3584 NDIS - ok
10:24:18.0406 3584 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
10:24:18.0437 3584 NdisTapi - ok
10:24:18.0468 3584 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
10:24:18.0578 3584 Ndisuio - ok
10:24:18.0593 3584 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
10:24:18.0734 3584 NdisWan - ok
10:24:18.0765 3584 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
10:24:18.0781 3584 NDProxy - ok
10:24:18.0828 3584 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
10:24:18.0953 3584 NetBIOS - ok
10:24:19.0000 3584 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
10:24:19.0125 3584 NetBT - ok
10:24:19.0187 3584 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\windows\system32\netdde.exe
10:24:19.0312 3584 NetDDE - ok
10:24:19.0328 3584 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\windows\system32\netdde.exe
10:24:19.0453 3584 NetDDEdsdm - ok
10:24:19.0484 3584 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:24:19.0625 3584 Netlogon - ok
10:24:19.0656 3584 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\windows\System32\netman.dll
10:24:19.0796 3584 Netman - ok
10:24:19.0890 3584 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:24:19.0906 3584 NetTcpPortSharing - ok
10:24:19.0937 3584 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
10:24:20.0062 3584 NIC1394 - ok
10:24:20.0125 3584 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\windows\System32\mswsock.dll
10:24:20.0203 3584 Nla - ok
10:24:20.0234 3584 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
10:24:20.0343 3584 Npfs - ok
10:24:20.0375 3584 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
10:24:20.0515 3584 Ntfs - ok
10:24:20.0531 3584 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:24:20.0640 3584 NtLmSsp - ok
10:24:20.0687 3584 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\windows\system32\ntmssvc.dll
10:24:20.0828 3584 NtmsSvc - ok
10:24:20.0859 3584 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
10:24:21.0031 3584 Null - ok
10:24:21.0187 3584 nv (c43d9d777d53d668d1fe683947c9ffe1) C:\windows\system32\DRIVERS\nv4_mini.sys
10:24:21.0312 3584 nv - ok
10:24:21.0421 3584 nvax (47b3852808dd579a463fce7085b77413) C:\windows\system32\drivers\nvax.sys
10:24:21.0453 3584 nvax - ok
10:24:21.0484 3584 NVENET (1cf77b30dee5c75dea1eee697281802c) C:\windows\system32\DRIVERS\NVENET.sys
10:24:21.0515 3584 NVENET - ok
10:24:21.0546 3584 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\windows\system32\drivers\nvapu.sys
10:24:21.0593 3584 nvnforce - ok
10:24:21.0640 3584 NVSvc (d1b1d9f8cfcaf03872b6f769a79ca3e8) C:\windows\system32\nvsvc32.exe
10:24:21.0687 3584 NVSvc - ok
10:24:21.0703 3584 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\windows\system32\DRIVERS\nv_agp.sys
10:24:21.0718 3584 nv_agp - ok
10:24:21.0750 3584 NWCWorkstation (c34a6a72dec2c317d67355dc18f87090) C:\windows\System32\nwwks.dll
10:24:21.0875 3584 NWCWorkstation - ok
10:24:21.0921 3584 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
10:24:22.0109 3584 NwlnkFlt - ok
10:24:22.0125 3584 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
10:24:22.0312 3584 NwlnkFwd - ok
10:24:22.0359 3584 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\windows\system32\DRIVERS\nwlnkipx.sys
10:24:22.0500 3584 NwlnkIpx - ok
10:24:22.0515 3584 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\windows\system32\DRIVERS\nwlnknb.sys
10:24:22.0718 3584 NwlnkNb - ok
10:24:22.0750 3584 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\windows\system32\DRIVERS\nwlnkspx.sys
10:24:22.0906 3584 NwlnkSpx - ok
10:24:22.0921 3584 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\windows\system32\DRIVERS\nwrdr.sys
10:24:23.0062 3584 NWRDR - ok
10:24:23.0093 3584 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys
10:24:23.0203 3584 ohci1394 - ok
10:24:23.0218 3584 Parport (f84785660305b9b903fb3bca8ba29837) C:\windows\system32\DRIVERS\parport.sys
10:24:23.0343 3584 Parport - ok
10:24:23.0359 3584 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
10:24:23.0484 3584 PartMgr - ok
10:24:23.0515 3584 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\windows\system32\drivers\ParVdm.sys
10:24:23.0703 3584 ParVdm - ok
10:24:23.0734 3584 PCI (387e8dedc343aa2d1efbc30580273acd) C:\windows\system32\DRIVERS\pci.sys
10:24:23.0843 3584 PCI - ok
10:24:23.0859 3584 PCIDump - ok
10:24:23.0875 3584 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\windows\system32\DRIVERS\pciide.sys
10:24:24.0062 3584 PCIIde - ok
10:24:24.0093 3584 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\windows\system32\drivers\Pcmcia.sys
10:24:24.0203 3584 Pcmcia - ok
10:24:24.0218 3584 PDCOMP - ok
10:24:24.0234 3584 PDFRAME - ok
10:24:24.0250 3584 PDRELI - ok
10:24:24.0250 3584 PDRFRAME - ok
10:24:24.0265 3584 perc2 - ok
10:24:24.0281 3584 perc2hib - ok
10:24:24.0343 3584 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\windows\system32\services.exe
10:24:24.0390 3584 PlugPlay - ok
10:24:24.0421 3584 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:24:24.0546 3584 PolicyAgent - ok
10:24:24.0578 3584 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
10:24:24.0703 3584 PptpMiniport - ok
10:24:24.0718 3584 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:24:24.0828 3584 ProtectedStorage - ok
10:24:24.0859 3584 Ps2 (390c204ced3785609ab24e9c52054a84) C:\windows\system32\DRIVERS\PS2.sys
10:24:24.0890 3584 Ps2 ( UnsignedFile.Multi.Generic ) - warning
10:24:24.0890 3584 Ps2 - detected UnsignedFile.Multi.Generic (1)
10:24:24.0906 3584 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
10:24:25.0015 3584 PSched - ok
10:24:25.0031 3584 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
10:24:25.0234 3584 Ptilink - ok
10:24:25.0234 3584 ql1080 - ok
10:24:25.0250 3584 Ql10wnt - ok
10:24:25.0250 3584 ql12160 - ok
10:24:25.0265 3584 ql1240 - ok
10:24:25.0281 3584 ql1280 - ok
10:24:25.0312 3584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
10:24:25.0468 3584 RasAcd - ok
10:24:25.0515 3584 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\windows\System32\rasauto.dll
10:24:25.0640 3584 RasAuto - ok
10:24:25.0656 3584 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
10:24:25.0796 3584 Rasl2tp - ok
10:24:25.0843 3584 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\windows\System32\rasmans.dll
10:24:25.0968 3584 RasMan - ok
10:24:25.0984 3584 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
10:24:26.0093 3584 RasPppoe - ok
10:24:26.0125 3584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
10:24:26.0312 3584 Raspti - ok
10:24:26.0328 3584 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
10:24:26.0453 3584 Rdbss - ok
10:24:26.0500 3584 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
10:24:26.0671 3584 RDPCDD - ok
10:24:26.0687 3584 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
10:24:26.0812 3584 rdpdr - ok
10:24:26.0875 3584 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\windows\system32\drivers\RDPWD.sys
10:24:26.0890 3584 RDPWD - ok
10:24:26.0937 3584 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
10:24:27.0078 3584 RDSessMgr - ok
10:24:27.0109 3584 redbook (ed761d453856f795a7fe056e42c36365) C:\windows\system32\DRIVERS\redbook.sys
10:24:27.0234 3584 redbook - ok
10:24:27.0281 3584 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\windows\System32\mprdim.dll
10:24:27.0437 3584 RemoteAccess - ok
10:24:27.0546 3584 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\windows\system32\regsvc.dll
10:24:27.0765 3584 RemoteRegistry - ok
10:24:27.0875 3584 RpcLocator (2a02e21867497df20b8fc95631395169) C:\windows\system32\locator.exe
10:24:28.0125 3584 RpcLocator - ok
10:24:28.0203 3584 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\windows\system32\rpcss.dll
10:24:28.0265 3584 RpcSs - ok
10:24:28.0312 3584 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\windows\system32\rsvp.exe
10:24:28.0515 3584 RSVP - ok
10:24:28.0562 3584 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:24:28.0671 3584 SamSs - ok
10:24:28.0703 3584 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\windows\System32\SCardSvr.exe
10:24:28.0843 3584 SCardSvr - ok
10:24:28.0875 3584 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\windows\system32\schedsvc.dll
10:24:29.0015 3584 Schedule - ok
10:24:29.0062 3584 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
10:24:29.0187 3584 Secdrv - ok
10:24:29.0203 3584 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\windows\System32\seclogon.dll
10:24:29.0343 3584 seclogon - ok
10:24:29.0375 3584 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\windows\system32\sens.dll
10:24:29.0515 3584 SENS - ok
10:24:29.0546 3584 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
10:24:29.0656 3584 serenum - ok
10:24:29.0671 3584 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\windows\system32\DRIVERS\serial.sys
10:24:29.0781 3584 Serial - ok
10:24:29.0875 3584 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Programme\ShadowExplorer\sesvc.exe
10:24:29.0906 3584 sesvc ( UnsignedFile.Multi.Generic ) - warning
10:24:29.0906 3584 sesvc - detected UnsignedFile.Multi.Generic (1)
10:24:29.0921 3584 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
10:24:30.0046 3584 Sfloppy - ok
10:24:30.0109 3584 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\windows\System32\ipnathlp.dll
10:24:30.0281 3584 SharedAccess - ok
10:24:30.0328 3584 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
10:24:30.0359 3584 ShellHWDetection - ok
10:24:30.0375 3584 Simbad - ok
10:24:30.0390 3584 Sparrow - ok
10:24:30.0437 3584 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
10:24:30.0609 3584 splitter - ok
10:24:30.0703 3584 Spooler (60784f891563fb1b767f70117fc2428f) C:\windows\system32\spoolsv.exe
10:24:30.0734 3584 Spooler - ok
10:24:30.0765 3584 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\windows\system32\DRIVERS\sr.sys
10:24:30.0906 3584 sr - ok
10:24:30.0968 3584 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
10:24:31.0109 3584 srservice - ok
10:24:31.0140 3584 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
10:24:31.0187 3584 Srv - ok
10:24:31.0203 3584 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\windows\system32\DRIVERS\sscdbus.sys
10:24:31.0218 3584 sscdbus - ok
10:24:31.0250 3584 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\windows\system32\DRIVERS\sscdmdfl.sys
10:24:31.0250 3584 sscdmdfl - ok
10:24:31.0281 3584 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\windows\system32\DRIVERS\sscdmdm.sys
10:24:31.0296 3584 sscdmdm - ok
10:24:31.0328 3584 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\windows\System32\ssdpsrv.dll
10:24:31.0453 3584 SSDPSRV - ok
10:24:31.0500 3584 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\windows\system32\wiaservc.dll
10:24:31.0640 3584 stisvc - ok
10:24:31.0687 3584 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
10:24:31.0859 3584 swenum - ok
10:24:31.0890 3584 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
10:24:32.0015 3584 swmidi - ok
10:24:32.0031 3584 SwPrv - ok
10:24:32.0046 3584 symc810 - ok
10:24:32.0062 3584 symc8xx - ok
10:24:32.0062 3584 sym_hi - ok
10:24:32.0078 3584 sym_u3 - ok
10:24:32.0109 3584 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
10:24:32.0250 3584 sysaudio - ok
10:24:32.0265 3584 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\windows\system32\smlogsvc.exe
10:24:32.0421 3584 SysmonLog - ok
10:24:32.0468 3584 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\windows\System32\tapisrv.dll
10:24:32.0734 3584 TapiSrv - ok
10:24:32.0781 3584 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
10:24:32.0843 3584 Tcpip - ok
10:24:32.0875 3584 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
10:24:33.0015 3584 TDPIPE - ok
10:24:33.0031 3584 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
10:24:33.0171 3584 TDTCP - ok
10:24:33.0187 3584 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
10:24:33.0328 3584 TermDD - ok
10:24:33.0390 3584 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\windows\System32\termsrv.dll
10:24:33.0531 3584 TermService - ok
10:24:33.0562 3584 Themes (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
10:24:33.0593 3584 Themes - ok
10:24:33.0625 3584 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
10:24:33.0750 3584 TlntSvr - ok
10:24:33.0765 3584 TosIde - ok
10:24:33.0796 3584 TrkWks (626504572b175867f30f3215c04b3e2f) C:\windows\system32\trkwks.dll
10:24:33.0921 3584 TrkWks - ok
10:24:33.0953 3584 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
10:24:34.0125 3584 Udfs - ok
10:24:34.0125 3584 ultra - ok
10:24:34.0203 3584 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
10:24:34.0375 3584 Update - ok
10:24:34.0406 3584 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\windows\System32\upnphost.dll
10:24:34.0546 3584 upnphost - ok
10:24:34.0562 3584 UPS (9b11e6118958e63e1fef129466e2bda7) C:\windows\System32\ups.exe
10:24:34.0703 3584 UPS - ok
10:24:34.0734 3584 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
10:24:34.0875 3584 usbccgp - ok
10:24:34.0906 3584 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
10:24:35.0046 3584 usbehci - ok
10:24:35.0078 3584 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
10:24:35.0234 3584 usbhub - ok
10:24:35.0265 3584 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys
10:24:35.0375 3584 usbohci - ok
10:24:35.0406 3584 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:24:35.0531 3584 USBSTOR - ok
10:24:35.0562 3584 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
10:24:35.0687 3584 VgaSave - ok
10:24:35.0703 3584 ViaIde - ok
10:24:35.0750 3584 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\windows\system32\drivers\VolSnap.sys
10:24:35.0906 3584 VolSnap - ok
10:24:35.0953 3584 VSS (68f106273be29e7b7ef8266977268e78) C:\windows\System32\vssvc.exe
10:24:36.0093 3584 VSS - ok
10:24:36.0125 3584 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
10:24:36.0265 3584 W32Time - ok
10:24:36.0312 3584 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
10:24:36.0453 3584 Wanarp - ok
10:24:36.0515 3584 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\windows\system32\Drivers\wdf01000.sys
10:24:36.0546 3584 Wdf01000 - ok
10:24:36.0546 3584 WDICA - ok
10:24:36.0578 3584 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
10:24:36.0718 3584 wdmaud - ok
10:24:36.0765 3584 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\windows\System32\webclnt.dll
10:24:36.0906 3584 WebClient - ok
10:24:36.0984 3584 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\windows\system32\wbem\WMIsvc.dll
10:24:37.0109 3584 winmgmt - ok
10:24:37.0171 3584 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
10:24:37.0281 3584 WmdmPmSN - ok
10:24:37.0359 3584 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\windows\System32\advapi32.dll
10:24:37.0437 3584 Wmi - ok
10:24:37.0468 3584 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:24:37.0609 3584 WmiApSrv - ok
10:24:37.0671 3584 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\windows\system32\wscsvc.dll
10:24:37.0781 3584 wscsvc - ok
10:24:37.0796 3584 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
10:24:37.0937 3584 wuauserv - ok
10:24:37.0984 3584 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\windows\System32\wzcsvc.dll
10:24:38.0156 3584 WZCSVC - ok
10:24:38.0187 3584 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\windows\System32\xmlprov.dll
10:24:38.0312 3584 xmlprov - ok
10:24:38.0406 3584 ZD1211BU(Atheros) (70d8b3366fea270682bca277e0eef9fd) C:\windows\system32\DRIVERS\zd1211Bu.sys
10:24:38.0453 3584 ZD1211BU(Atheros) - ok
10:24:38.0468 3584 ZD1211BU(ZyDAS) (70d8b3366fea270682bca277e0eef9fd) C:\windows\system32\DRIVERS\zd1211Bu.sys
10:24:38.0500 3584 ZD1211BU(ZyDAS) - ok
10:24:38.0546 3584 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
10:24:39.0000 3584 \Device\Harddisk0\DR0 - ok
10:24:39.0015 3584 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
10:24:43.0671 3584 \Device\Harddisk1\DR2 - ok
10:24:43.0687 3584 Boot (0x1200) (8932083bd10940a029580de60b92d3ad) \Device\Harddisk0\DR0\Partition0
10:24:43.0687 3584 \Device\Harddisk0\DR0\Partition0 - ok
10:24:43.0687 3584 Boot (0x1200) (c2d517638cf3cf9f64c9db98caf63279) \Device\Harddisk1\DR2\Partition0
10:24:43.0687 3584 \Device\Harddisk1\DR2\Partition0 - ok
10:24:43.0703 3584 ============================================================
10:24:43.0703 3584 Scan finished
10:24:43.0703 3584 ============================================================
10:24:43.0828 3792 Detected object count: 3
10:24:43.0828 3792 Actual detected object count: 3
10:26:43.0078 3792 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:43.0078 3792 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:26:43.0078 3792 Ps2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:43.0078 3792 Ps2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:26:43.0078 3792 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:43.0078 3792 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:26:53.0750 1080 ============================================================
10:26:53.0750 1080 Scan started
10:26:53.0750 1080 Mode: Manual; SigCheck; TDLFS;
10:26:53.0750 1080 ============================================================
10:26:53.0984 1080 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\windows\system32\drivers\Aavmker4.sys
10:26:54.0015 1080 Aavmker4 - ok
10:26:54.0031 1080 Abiosdsk - ok
10:26:54.0046 1080 abp480n5 - ok
10:26:54.0109 1080 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\windows\system32\DRIVERS\ACPI.sys
10:26:54.0312 1080 ACPI - ok
10:26:54.0375 1080 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\windows\system32\drivers\ACPIEC.sys
10:26:54.0625 1080 ACPIEC - ok
10:26:55.0406 1080 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:26:55.0437 1080 AdobeFlashPlayerUpdateSvc - ok
10:26:55.0437 1080 adpu160m - ok
10:26:55.0546 1080 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
10:26:55.0687 1080 aec - ok
10:26:55.0796 1080 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
10:26:55.0828 1080 AFD - ok
10:26:55.0843 1080 Aha154x - ok
10:26:55.0843 1080 aic78u2 - ok
10:26:55.0859 1080 aic78xx - ok
10:26:55.0890 1080 Alerter (738d80cc01d7bc7584be917b7f544394) C:\windows\system32\alrsvc.dll
10:26:56.0000 1080 Alerter - ok
10:26:56.0031 1080 ALG (190cd73d4984f94d823f9444980513e5) C:\windows\System32\alg.exe
10:26:56.0171 1080 ALG - ok
10:26:56.0187 1080 AliIde - ok
10:26:56.0218 1080 AmdK7 (3a0dafac778236559c14c7203fb550eb) C:\windows\system32\DRIVERS\amdk7.sys
10:26:56.0343 1080 AmdK7 - ok
10:26:56.0359 1080 amsint - ok
10:26:56.0390 1080 AppMgmt (d45960be52c3c610d361977057f98c54) C:\windows\System32\appmgmts.dll
10:26:56.0531 1080 AppMgmt - ok
10:26:56.0562 1080 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
10:26:56.0671 1080 Arp1394 - ok
10:26:56.0687 1080 asc - ok
10:26:56.0703 1080 asc3350p - ok
10:26:56.0718 1080 asc3550 - ok
10:26:56.0796 1080 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:26:56.0812 1080 aspnet_state - ok
10:26:56.0859 1080 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\windows\system32\drivers\aswFsBlk.sys
10:26:56.0859 1080 aswFsBlk - ok
10:26:56.0875 1080 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\windows\system32\drivers\aswMon2.sys
10:26:56.0890 1080 aswMon2 - ok
10:26:56.0906 1080 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\windows\system32\drivers\aswRdr.sys
10:26:56.0921 1080 aswRdr - ok
10:26:56.0968 1080 aswSnx (dcb199b967375753b5019ec15f008f53) C:\windows\system32\drivers\aswSnx.sys
10:26:57.0000 1080 aswSnx - ok
10:26:57.0046 1080 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\windows\system32\drivers\aswSP.sys
10:26:57.0062 1080 aswSP - ok
10:26:57.0093 1080 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\windows\system32\drivers\aswTdi.sys
10:26:57.0109 1080 aswTdi - ok
10:26:57.0171 1080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
10:26:57.0296 1080 AsyncMac - ok
10:26:57.0312 1080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
10:26:57.0421 1080 atapi - ok
10:26:57.0437 1080 Atdisk - ok
10:26:57.0468 1080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
10:26:57.0609 1080 Atmarpc - ok
10:26:57.0640 1080 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\windows\System32\audiosrv.dll
10:26:57.0765 1080 AudioSrv - ok
10:26:57.0812 1080 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
10:26:58.0000 1080 audstub - ok
10:26:58.0109 1080 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Programme\AVAST Software\Avast\AvastSvc.exe
10:26:58.0109 1080 avast! Antivirus - ok
10:26:58.0171 1080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
10:26:58.0359 1080 Beep - ok
10:26:58.0421 1080 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
10:26:58.0546 1080 BITS - ok
10:26:58.0578 1080 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\windows\System32\browser.dll
10:26:58.0718 1080 Browser - ok
10:26:58.0734 1080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
10:26:58.0921 1080 cbidf2k - ok
10:26:58.0937 1080 cd20xrnt - ok
10:26:58.0953 1080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
10:26:59.0125 1080 Cdaudio - ok
10:26:59.0171 1080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
10:26:59.0281 1080 Cdfs - ok
10:26:59.0296 1080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
10:26:59.0421 1080 Cdrom - ok
10:26:59.0437 1080 Changer - ok
10:26:59.0453 1080 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\windows\system32\cisvc.exe
10:26:59.0562 1080 CiSvc - ok
10:26:59.0578 1080 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\windows\system32\clipsrv.exe
10:26:59.0703 1080 ClipSrv - ok
10:26:59.0781 1080 clr_optimization_v2.0.50727_32 (7fa87325900183197bc9710d1ce4c9fa) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:26:59.0812 1080 clr_optimization_v2.0.50727_32 - ok
10:26:59.0812 1080 CmdIde - ok
10:26:59.0828 1080 COMSysApp - ok
10:26:59.0843 1080 Cpqarray - ok
10:26:59.0890 1080 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\windows\System32\cryptsvc.dll
10:27:00.0015 1080 CryptSvc - ok
10:27:00.0031 1080 dac2w2k - ok
10:27:00.0046 1080 dac960nt - ok
10:27:00.0093 1080 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\windows\system32\rpcss.dll
10:27:00.0156 1080 DcomLaunch - ok
10:27:00.0203 1080 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\windows\System32\dhcpcsvc.dll
10:27:00.0343 1080 Dhcp - ok
10:27:00.0375 1080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
10:27:00.0484 1080 Disk - ok
10:27:00.0500 1080 dmadmin - ok
10:27:00.0578 1080 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\windows\system32\drivers\dmboot.sys
10:27:00.0750 1080 dmboot - ok
10:27:00.0906 1080 dmio (53720ab12b48719d00e327da470a619a) C:\windows\system32\drivers\dmio.sys
10:27:01.0031 1080 dmio - ok
10:27:01.0046 1080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
10:27:01.0250 1080 dmload - ok
10:27:01.0281 1080 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\windows\System32\dmserver.dll
10:27:01.0390 1080 dmserver - ok
10:27:01.0406 1080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
10:27:01.0531 1080 DMusic - ok
10:27:01.0562 1080 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\windows\System32\dnsrslvr.dll
10:27:01.0625 1080 Dnscache - ok
10:27:01.0656 1080 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\windows\System32\dot3svc.dll
10:27:01.0781 1080 Dot3svc - ok
10:27:01.0796 1080 dpti2o - ok
10:27:01.0828 1080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
10:27:01.0953 1080 drmkaud - ok
10:27:01.0968 1080 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\windows\System32\eapsvc.dll
10:27:02.0093 1080 EapHost - ok
10:27:02.0140 1080 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\windows\System32\ersvc.dll
10:27:02.0281 1080 ERSvc - ok
10:27:02.0312 1080 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\windows\system32\services.exe
10:27:02.0375 1080 Eventlog - ok
10:27:02.0421 1080 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
10:27:02.0437 1080 EventSystem - ok
10:27:02.0500 1080 ewusbnet (fb54f67974d13d73be3e2f1df042d295) C:\windows\system32\DRIVERS\ewusbnet.sys
10:27:02.0515 1080 ewusbnet - ok
10:27:02.0531 1080 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\windows\system32\DRIVERS\ew_hwusbdev.sys
10:27:02.0578 1080 ew_hwusbdev - ok
10:27:02.0609 1080 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
10:27:02.0750 1080 Fastfat - ok
10:27:02.0781 1080 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
10:27:02.0812 1080 FastUserSwitchingCompatibility - ok
10:27:02.0828 1080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
10:27:02.0937 1080 Fdc - ok
10:27:02.0953 1080 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\windows\system32\drivers\Fips.sys
10:27:03.0078 1080 Fips - ok
10:27:03.0109 1080 FIXUSTOR (a06be9eaf78b91743104c9b86315ac31) C:\windows\system32\DRIVERS\fixustor.sys
10:27:03.0140 1080 FIXUSTOR - ok
10:27:03.0171 1080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
10:27:03.0296 1080 Flpydisk - ok
10:27:03.0343 1080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
10:27:03.0453 1080 FltMgr - ok
10:27:03.0562 1080 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:27:03.0578 1080 FontCache3.0.0.0 - ok
10:27:03.0625 1080 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\windows\system32\FsUsbExDisk.SYS
10:27:03.0640 1080 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
10:27:03.0640 1080 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
10:27:03.0687 1080 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\windows\system32\FsUsbExService.Exe
10:27:03.0703 1080 FsUsbExService - ok
10:27:03.0734 1080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
10:27:03.0937 1080 Fs_Rec - ok
10:27:03.0968 1080 Ftdisk (8f1955ce42e1484714b542f341647778) C:\windows\system32\DRIVERS\ftdisk.sys
10:27:04.0203 1080 Ftdisk - ok
10:27:04.0218 1080 gameenum (065639773d8b03f33577f6cdaea21063) C:\windows\system32\DRIVERS\gameenum.sys
10:27:04.0359 1080 gameenum - ok
10:27:04.0390 1080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
10:27:04.0500 1080 Gpc - ok
10:27:04.0656 1080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:27:04.0671 1080 gupdate - ok
10:27:04.0671 1080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:27:04.0687 1080 gupdatem - ok
10:27:04.0734 1080 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
10:27:04.0750 1080 gusvc - ok
10:27:04.0828 1080 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:27:04.0953 1080 helpsvc - ok
10:27:04.0968 1080 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\windows\System32\hidserv.dll
10:27:05.0093 1080 HidServ - ok
10:27:05.0140 1080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
10:27:05.0265 1080 HidUsb - ok
10:27:05.0406 1080 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\windows\System32\kmsvc.dll
10:27:05.0531 1080 hkmsvc - ok
10:27:05.0546 1080 hpn - ok
10:27:05.0593 1080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
10:27:05.0625 1080 HTTP - ok
10:27:05.0671 1080 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\windows\System32\w3ssl.dll
10:27:05.0812 1080 HTTPFilter - ok
10:27:05.0843 1080 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\windows\system32\DRIVERS\ew_jubusenum.sys
10:27:05.0890 1080 huawei_enumerator - ok
10:27:05.0937 1080 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\windows\system32\DRIVERS\ewusbmdm.sys
10:27:05.0968 1080 hwdatacard - ok
10:27:06.0062 1080 HWDeviceService.exe - ok
10:27:06.0093 1080 i2omgmt - ok
10:27:06.0093 1080 i2omp - ok
10:27:06.0125 1080 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\windows\system32\DRIVERS\i8042prt.sys
10:27:06.0265 1080 i8042prt - ok
10:27:06.0453 1080 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:27:06.0500 1080 idsvc - ok
10:27:06.0515 1080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
10:27:06.0625 1080 Imapi - ok
10:27:06.0671 1080 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
10:27:06.0828 1080 ImapiService - ok
10:27:06.0828 1080 ini910u - ok
10:27:06.0859 1080 IntelIde - ok
10:27:06.0890 1080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
10:27:07.0015 1080 Ip6Fw - ok
10:27:07.0031 1080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:27:07.0203 1080 IpFilterDriver - ok
10:27:07.0218 1080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
10:27:07.0343 1080 IpInIp - ok
10:27:07.0390 1080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
10:27:07.0531 1080 IpNat - ok
10:27:07.0578 1080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
10:27:07.0703 1080 IPSec - ok
10:27:07.0734 1080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
10:27:07.0859 1080 IRENUM - ok
10:27:07.0906 1080 isapnp (6dfb88f64135c525433e87648bda30de) C:\windows\system32\DRIVERS\isapnp.sys
10:27:08.0015 1080 isapnp - ok
10:27:08.0171 1080 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
10:27:08.0187 1080 JavaQuickStarterService - ok
10:27:08.0234 1080 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\windows\system32\DRIVERS\kbdclass.sys
10:27:08.0359 1080 Kbdclass - ok
10:27:08.0406 1080 kbdhid (b6d6c117d771c98130497265f26d1882) C:\windows\system32\DRIVERS\kbdhid.sys
10:27:08.0531 1080 kbdhid - ok
10:27:08.0562 1080 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
10:27:08.0703 1080 kmixer - ok
10:27:08.0734 1080 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
10:27:08.0750 1080 KSecDD - ok
10:27:08.0796 1080 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\windows\System32\srvsvc.dll
10:27:08.0812 1080 lanmanserver - ok
10:27:08.0859 1080 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\windows\System32\wkssvc.dll
10:27:08.0890 1080 lanmanworkstation - ok
10:27:08.0906 1080 lbrtfdc - ok
10:27:08.0953 1080 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\windows\system32\DRIVERS\LHidFlt2.Sys
10:27:08.0984 1080 LHidFlt2 - ok
10:27:09.0015 1080 LmHosts (636714b7d43c8d0c80449123fd266920) C:\windows\System32\lmhsvc.dll
10:27:09.0140 1080 LmHosts - ok
10:27:09.0156 1080 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\windows\system32\DRIVERS\LMouFlt2.Sys
10:27:09.0171 1080 LMouFlt2 - ok
10:27:09.0203 1080 Messenger (b7550a7107281d170ce85524b1488c98) C:\windows\System32\msgsvc.dll
10:27:09.0312 1080 Messenger - ok
10:27:09.0343 1080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
10:27:09.0562 1080 mnmdd - ok
10:27:09.0593 1080 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
10:27:09.0734 1080 mnmsrvc - ok
10:27:09.0812 1080 Mobile Partner. RunOuc (60ac73eb57682f361e07ae26a62dfd6a) C:\Programme\Mobile Partner\UpdateDog\ouc.exe
10:27:09.0828 1080 Mobile Partner. RunOuc - ok
10:27:09.0875 1080 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\windows\system32\drivers\Modem.sys
10:27:10.0015 1080 Modem - ok
10:27:10.0046 1080 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\windows\system32\DRIVERS\mouclass.sys
10:27:10.0171 1080 Mouclass - ok
10:27:10.0218 1080 mouhid (66a6f73c74e1791464160a7065ce711a) C:\windows\system32\DRIVERS\mouhid.sys
10:27:10.0406 1080 mouhid - ok
10:27:10.0656 1080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
10:27:10.0781 1080 MountMgr - ok
10:27:10.0781 1080 mraid35x - ok
10:27:10.0812 1080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
10:27:10.0921 1080 MRxDAV - ok
10:27:10.0984 1080 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
10:27:11.0031 1080 MRxSmb - ok
10:27:11.0046 1080 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
10:27:11.0171 1080 MSDTC - ok
10:27:11.0171 1080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
10:27:11.0312 1080 Msfs - ok
10:27:11.0312 1080 MSIServer - ok
10:27:11.0359 1080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
10:27:11.0484 1080 MSKSSRV - ok
10:27:11.0515 1080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
10:27:11.0625 1080 MSPCLOCK - ok
10:27:11.0625 1080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
10:27:11.0765 1080 MSPQM - ok
10:27:11.0796 1080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
10:27:11.0906 1080 mssmbios - ok
10:27:11.0953 1080 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\windows\system32\drivers\msmpu401.sys
10:27:12.0125 1080 ms_mpu401 - ok
10:27:12.0187 1080 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
10:27:12.0218 1080 Mup - ok
10:27:12.0250 1080 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\windows\System32\qagentrt.dll
10:27:12.0375 1080 napagent - ok
10:27:12.0406 1080 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
10:27:12.0546 1080 NDIS - ok
10:27:12.0593 1080 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
10:27:12.0625 1080 NdisTapi - ok
10:27:12.0656 1080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
10:27:12.0765 1080 Ndisuio - ok
10:27:12.0781 1080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
10:27:12.0906 1080 NdisWan - ok
10:27:12.0937 1080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
10:27:12.0968 1080 NDProxy - ok
10:27:13.0000 1080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
10:27:13.0125 1080 NetBIOS - ok
10:27:13.0171 1080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
10:27:13.0296 1080 NetBT - ok
10:27:13.0343 1080 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\windows\system32\netdde.exe
10:27:13.0468 1080 NetDDE - ok
10:27:13.0484 1080 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\windows\system32\netdde.exe
10:27:13.0593 1080 NetDDEdsdm - ok
10:27:13.0640 1080 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:27:13.0765 1080 Netlogon - ok
10:27:13.0812 1080 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\windows\System32\netman.dll
10:27:13.0937 1080 Netman - ok
10:27:14.0062 1080 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:27:14.0078 1080 NetTcpPortSharing - ok
10:27:14.0109 1080 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
10:27:14.0218 1080 NIC1394 - ok
10:27:14.0265 1080 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\windows\System32\mswsock.dll
10:27:14.0328 1080 Nla - ok
10:27:14.0359 1080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
10:27:14.0468 1080 Npfs - ok
10:27:14.0515 1080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
10:27:14.0640 1080 Ntfs - ok
10:27:14.0640 1080 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:27:14.0765 1080 NtLmSsp - ok
10:27:14.0812 1080 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\windows\system32\ntmssvc.dll
10:27:14.0953 1080 NtmsSvc - ok
10:27:14.0984 1080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
10:27:15.0171 1080 Null - ok
10:27:15.0328 1080 nv (c43d9d777d53d668d1fe683947c9ffe1) C:\windows\system32\DRIVERS\nv4_mini.sys
10:27:15.0437 1080 nv - ok
10:27:15.0546 1080 nvax (47b3852808dd579a463fce7085b77413) C:\windows\system32\drivers\nvax.sys
10:27:15.0578 1080 nvax - ok
10:27:15.0609 1080 NVENET (1cf77b30dee5c75dea1eee697281802c) C:\windows\system32\DRIVERS\NVENET.sys
10:27:15.0640 1080 NVENET - ok
10:27:15.0687 1080 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\windows\system32\drivers\nvapu.sys
10:27:15.0734 1080 nvnforce - ok
10:27:15.0765 1080 NVSvc (d1b1d9f8cfcaf03872b6f769a79ca3e8) C:\windows\system32\nvsvc32.exe
10:27:15.0812 1080 NVSvc - ok
10:27:15.0875 1080 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\windows\system32\DRIVERS\nv_agp.sys
10:27:15.0890 1080 nv_agp - ok
10:27:15.0921 1080 NWCWorkstation (c34a6a72dec2c317d67355dc18f87090) C:\windows\System32\nwwks.dll
10:27:16.0062 1080 NWCWorkstation - ok
10:27:16.0093 1080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
10:27:16.0281 1080 NwlnkFlt - ok
10:27:16.0296 1080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
10:27:16.0468 1080 NwlnkFwd - ok
10:27:16.0500 1080 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\windows\system32\DRIVERS\nwlnkipx.sys
10:27:16.0640 1080 NwlnkIpx - ok
10:27:16.0640 1080 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\windows\system32\DRIVERS\nwlnknb.sys
10:27:16.0812 1080 NwlnkNb - ok
10:27:16.0843 1080 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\windows\system32\DRIVERS\nwlnkspx.sys
10:27:16.0984 1080 NwlnkSpx - ok
10:27:17.0031 1080 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\windows\system32\DRIVERS\nwrdr.sys
10:27:17.0156 1080 NWRDR - ok
10:27:17.0171 1080 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys
10:27:17.0281 1080 ohci1394 - ok
10:27:17.0296 1080 Parport (f84785660305b9b903fb3bca8ba29837) C:\windows\system32\DRIVERS\parport.sys
10:27:17.0421 1080 Parport - ok
10:27:17.0437 1080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
10:27:17.0562 1080 PartMgr - ok
10:27:17.0593 1080 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\windows\system32\drivers\ParVdm.sys
10:27:17.0750 1080 ParVdm - ok
10:27:17.0765 1080 PCI (387e8dedc343aa2d1efbc30580273acd) C:\windows\system32\DRIVERS\pci.sys
10:27:17.0890 1080 PCI - ok
10:27:17.0906 1080 PCIDump - ok
10:27:17.0921 1080 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\windows\system32\DRIVERS\pciide.sys
10:27:18.0125 1080 PCIIde - ok
10:27:18.0156 1080 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\windows\system32\drivers\Pcmcia.sys
10:27:18.0281 1080 Pcmcia - ok
10:27:18.0296 1080 PDCOMP - ok
10:27:18.0312 1080 PDFRAME - ok
10:27:18.0328 1080 PDRELI - ok
10:27:18.0343 1080 PDRFRAME - ok
10:27:18.0359 1080 perc2 - ok
10:27:18.0375 1080 perc2hib - ok
10:27:18.0437 1080 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\windows\system32\services.exe
10:27:18.0484 1080 PlugPlay - ok
10:27:18.0515 1080 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:27:18.0640 1080 PolicyAgent - ok
10:27:18.0671 1080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
10:27:18.0812 1080 PptpMiniport - ok
10:27:18.0828 1080 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:27:18.0937 1080 ProtectedStorage - ok
10:27:18.0984 1080 Ps2 (390c204ced3785609ab24e9c52054a84) C:\windows\system32\DRIVERS\PS2.sys
10:27:19.0000 1080 Ps2 ( UnsignedFile.Multi.Generic ) - warning
10:27:19.0000 1080 Ps2 - detected UnsignedFile.Multi.Generic (1)
10:27:19.0031 1080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
10:27:19.0156 1080 PSched - ok
10:27:19.0171 1080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
10:27:19.0375 1080 Ptilink - ok
10:27:19.0375 1080 ql1080 - ok
10:27:19.0406 1080 Ql10wnt - ok
10:27:19.0421 1080 ql12160 - ok
10:27:19.0421 1080 ql1240 - ok
10:27:19.0437 1080 ql1280 - ok
10:27:19.0484 1080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
10:27:19.0703 1080 RasAcd - ok
10:27:19.0875 1080 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\windows\System32\rasauto.dll
10:27:20.0015 1080 RasAuto - ok
10:27:20.0046 1080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
10:27:20.0187 1080 Rasl2tp - ok
10:27:20.0234 1080 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\windows\System32\rasmans.dll
10:27:20.0375 1080 RasMan - ok
10:27:20.0390 1080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
10:27:20.0500 1080 RasPppoe - ok
10:27:20.0531 1080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
10:27:20.0734 1080 Raspti - ok
10:27:20.0765 1080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
10:27:20.0906 1080 Rdbss - ok
10:27:20.0937 1080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
10:27:21.0093 1080 RDPCDD - ok
10:27:21.0109 1080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
10:27:21.0234 1080 rdpdr - ok
10:27:21.0281 1080 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\windows\system32\drivers\RDPWD.sys
10:27:21.0296 1080 RDPWD - ok
10:27:21.0515 1080 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
10:27:21.0656 1080 RDSessMgr - ok
10:27:21.0687 1080 redbook (ed761d453856f795a7fe056e42c36365) C:\windows\system32\DRIVERS\redbook.sys
10:27:21.0828 1080 redbook - ok
10:27:21.0859 1080 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\windows\System32\mprdim.dll
10:27:21.0968 1080 RemoteAccess - ok
10:27:22.0015 1080 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\windows\system32\regsvc.dll
10:27:22.0156 1080 RemoteRegistry - ok
10:27:22.0187 1080 RpcLocator (2a02e21867497df20b8fc95631395169) C:\windows\system32\locator.exe
10:27:22.0312 1080 RpcLocator - ok
10:27:22.0359 1080 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\windows\system32\rpcss.dll
10:27:22.0421 1080 RpcSs - ok
10:27:22.0468 1080 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\windows\system32\rsvp.exe
10:27:22.0640 1080 RSVP - ok
10:27:22.0687 1080 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
10:27:22.0796 1080 SamSs - ok
10:27:22.0812 1080 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\windows\System32\SCardSvr.exe
10:27:22.0937 1080 SCardSvr - ok
10:27:22.0984 1080 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\windows\system32\schedsvc.dll
10:27:23.0125 1080 Schedule - ok
10:27:23.0156 1080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
10:27:23.0265 1080 Secdrv - ok
10:27:23.0281 1080 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\windows\System32\seclogon.dll
10:27:23.0437 1080 seclogon - ok
10:27:23.0468 1080 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\windows\system32\sens.dll
10:27:23.0593 1080 SENS - ok
10:27:23.0609 1080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
10:27:23.0734 1080 serenum - ok
10:27:23.0750 1080 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\windows\system32\DRIVERS\serial.sys
10:27:23.0875 1080 Serial - ok
10:27:23.0984 1080 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Programme\ShadowExplorer\sesvc.exe
10:27:24.0015 1080 sesvc ( UnsignedFile.Multi.Generic ) - warning
10:27:24.0015 1080 sesvc - detected UnsignedFile.Multi.Generic (1)
10:27:24.0046 1080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
10:27:24.0203 1080 Sfloppy - ok
10:27:24.0265 1080 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\windows\System32\ipnathlp.dll
10:27:24.0406 1080 SharedAccess - ok
10:27:24.0453 1080 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
10:27:24.0468 1080 ShellHWDetection - ok
10:27:24.0484 1080 Simbad - ok
10:27:24.0500 1080 Sparrow - ok
10:27:24.0531 1080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
10:27:24.0718 1080 splitter - ok
10:27:24.0765 1080 Spooler (60784f891563fb1b767f70117fc2428f) C:\windows\system32\spoolsv.exe
10:27:24.0796 1080 Spooler - ok
10:27:24.0828 1080 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\windows\system32\DRIVERS\sr.sys
10:27:24.0937 1080 sr - ok
10:27:25.0000 1080 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
10:27:25.0125 1080 srservice - ok
10:27:25.0171 1080 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
10:27:25.0218 1080 Srv - ok
10:27:25.0250 1080 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\windows\system32\DRIVERS\sscdbus.sys
10:27:25.0265 1080 sscdbus - ok
10:27:25.0281 1080 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\windows\system32\DRIVERS\sscdmdfl.sys
10:27:25.0296 1080 sscdmdfl - ok
10:27:25.0312 1080 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\windows\system32\DRIVERS\sscdmdm.sys
10:27:25.0328 1080 sscdmdm - ok
10:27:25.0375 1080 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\windows\System32\ssdpsrv.dll
10:27:25.0515 1080 SSDPSRV - ok
10:27:25.0765 1080 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\windows\system32\wiaservc.dll
10:27:25.0937 1080 stisvc - ok
10:27:25.0984 1080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
10:27:26.0125 1080 swenum - ok
10:27:26.0140 1080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
10:27:26.0265 1080 swmidi - ok
10:27:26.0265 1080 SwPrv - ok
10:27:26.0281 1080 symc810 - ok
10:27:26.0296 1080 symc8xx - ok
10:27:26.0312 1080 sym_hi - ok
10:27:26.0328 1080 sym_u3 - ok
10:27:26.0343 1080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
10:27:26.0500 1080 sysaudio - ok
10:27:26.0531 1080 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\windows\system32\smlogsvc.exe
10:27:26.0656 1080 SysmonLog - ok
10:27:26.0703 1080 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\windows\System32\tapisrv.dll
10:27:26.0843 1080 TapiSrv - ok
10:27:26.0921 1080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
10:27:26.0968 1080 Tcpip - ok
10:27:27.0000 1080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
10:27:27.0140 1080 TDPIPE - ok
10:27:27.0140 1080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
10:27:27.0265 1080 TDTCP - ok
10:27:27.0296 1080 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
10:27:27.0437 1080 TermDD - ok
10:27:27.0484 1080 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\windows\System32\termsrv.dll
10:27:27.0625 1080 TermService - ok
10:27:27.0734 1080 Themes (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
10:27:27.0750 1080 Themes - ok
10:27:27.0796 1080 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
10:27:27.0921 1080 TlntSvr - ok
10:27:27.0937 1080 TosIde - ok
10:27:27.0968 1080 TrkWks (626504572b175867f30f3215c04b3e2f) C:\windows\system32\trkwks.dll
10:27:28.0093 1080 TrkWks - ok
10:27:28.0109 1080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
10:27:28.0250 1080 Udfs - ok
10:27:28.0250 1080 ultra - ok
10:27:28.0312 1080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
10:27:28.0453 1080 Update - ok
10:27:28.0484 1080 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\windows\System32\upnphost.dll
10:27:28.0625 1080 upnphost - ok
10:27:28.0656 1080 UPS (9b11e6118958e63e1fef129466e2bda7) C:\windows\System32\ups.exe
10:27:28.0812 1080 UPS - ok
10:27:28.0843 1080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
10:27:28.0984 1080 usbccgp - ok
10:27:29.0000 1080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
10:27:29.0140 1080 usbehci - ok
10:27:29.0171 1080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
10:27:29.0296 1080 usbhub - ok
10:27:29.0312 1080 Scan interrupted by user!
10:27:29.0312 1080 Scan interrupted by user!
10:27:29.0312 1080 Scan interrupted by user!
10:27:29.0312 1080 ============================================================
10:27:29.0312 1080 Scan finished
10:27:29.0312 1080 ============================================================
10:27:29.0312 0232 Detected object count: 3
10:27:29.0312 0232 Actual detected object count: 3
10:27:31.0171 0232 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:31.0171 0232 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:31.0171 0232 Ps2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:31.0171 0232 Ps2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:31.0171 0232 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:31.0171 0232 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:34.0062 4040 Deinitialize success
Geändert von Wolf-XIII (30.05.2012 um 09:39 Uhr) |
|
30.05.2012, 11:26
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 11:46
| #21 |
| | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Hi, beim Ausführen von ComboFix erhielt nach einer Weile einen BlueScreen! Grund: "BAD_POOL_HEADER" Technische Information: Code:
ATTFilter Stop: 0x00000019 (0x00000020, 0x87FFD168, 0x87FFD580, 0x1A830015)
|
|
30.05.2012, 11:55
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2012, 10:49
| #23 |
| | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Hi, dass habe ich bisher dreimal gemacht... Immer bei 50 kommt ein Bluescreen, mittlerweile eine neue Meldung im BlueScree : Code:
ATTFilter PAGE_FAULT_IN_NONPAGED_AREA
Technische Information: 0x00000050 (0x974D16FD, 0x00000001, 0x80564055, 0x00000000)
Meine Liebe Frau Mutter ,der der Rechner gehört, hat gestern wohl gemeint, am Rechner rumfummeln zu müssen...  Anderst kann ich mir diese Änderung des BlueScreens nicht erklären. Als Folgen hieraus habe ich sämtliche Benutzerkonten mit neuen Passwörtern versehen. Ich möchte mich hiermit in aller Form für den Fall, dass dies deine Arbeit erschwert, entschuldigen! |
|
01.06.2012, 13:59
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Was meint sie mit rumfummeln...bekommt man das noch zusammen was verändert wurde 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2012, 21:42
| #25 |
| |  Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Nein, leider... heute hat sie während ich bei der Arbeit war (Spätschicht/Azubi), wahrscheinlich als Reaktion auf die Änderungen der Passwörter (obwohl ich sie darüber informiert hatte), die Festplatte formatiert und Windows neuinstalliert...  Ich möchte mich hiermit in aller Form bei dir und dem Board für deine Hilfe bedanken, im gleichen Zug jedoch auch entschuldigen, dass dies alles nun doch umsonst war. Es ist zu heulen und ich kann nur hoffen, dass das keinen flaschen Schatten auf mich wirft... Mit freundlichen Grüßen, Wolf-XIII |
|
02.06.2012, 18:11
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Wenn sie formatiert hat ist jetzt es alles gegessen. Brauchst dich nicht zu entschuldigen, war ja nicht deine Schuld  Wurden die verschlüsselten Dateien noch gesichert oder ist das eh alles nicht so wichtig? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.06.2012, 20:21
| #27 |
| | Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... Eigentlich war es schon wichtig...aber ist nun alles futsch |
|
| Themen zu Verschlüsselungs-Trojaner: 2 (ex-)befallenen Systeme... |
| antivirus, avast, entfernen, gmer, log, log's, regedit, unterschiedlich, warum, win7, winxp, xp-rechner |
Linear-Darstellung
