Zurück   Trojaner-Board > Malware entfernen > Überwachung, Datenschutz und Spam

Überwachung, Datenschutz und Spam: Mail Account gehackt? Was ist tokenserver?

Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 01.06.2012, 19:08   #31
ronze44
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



SE kann ich nicht mehr ausschalten, auch als Admin nicht.
TDSS Killer: Er scannt nicht, stattdessen steht da NO THREADS FOUND und im Log steht gar nix. Hab ich was falsch gemacht?

PS er initialisiert sich, und ein Fenster sagt CANT FIND DRIVER, wenn ich ok mklicke, initialisiert er vollends, und das Fenster erscheint.

Genauer :
Fenster 1: CANT INTITIALIZE LOG,
Fenster 2: CANT LOAD DRIVER,

Lösung war Benutzer Wechsel zu admin Konto.
Code:
ATTFilter
12:45:17.0592 7472	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:45:17.0927 7472	============================================================
12:45:17.0927 7472	Current date / time: 2012/06/02 12:45:17.0927
12:45:17.0927 7472	SystemInfo:
12:45:17.0927 7472	
12:45:17.0927 7472	OS Version: 6.1.7601 ServicePack: 1.0
12:45:17.0927 7472	Product type: Workstation
12:45:17.0927 7472	ComputerName: TOBI-PC
12:45:17.0928 7472	UserName: Surfer
12:45:17.0928 7472	Windows directory: C:\Windows
12:45:17.0928 7472	System windows directory: C:\Windows
12:45:17.0928 7472	Processor architecture: Intel x86
12:45:17.0928 7472	Number of processors: 2
12:45:17.0928 7472	Page size: 0x1000
12:45:17.0928 7472	Boot type: Normal boot
12:45:17.0928 7472	============================================================
12:45:19.0804 7472	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:45:19.0807 7472	============================================================
12:45:19.0807 7472	\Device\Harddisk0\DR0:
12:45:19.0807 7472	MBR partitions:
12:45:19.0807 7472	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1600806, BlocksNum 0xDDDFCA8
12:45:19.0807 7472	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF3E2800, BlocksNum 0xDDE2800
12:45:19.0807 7472	============================================================
12:45:19.0877 7472	C: <-> \Device\Harddisk0\DR0\Partition0
12:45:19.0961 7472	D: <-> \Device\Harddisk0\DR0\Partition1
12:45:19.0962 7472	============================================================
12:45:19.0962 7472	Initialize success
12:45:19.0962 7472	============================================================
12:45:41.0480 4004	============================================================
12:45:41.0480 4004	Scan started
12:45:41.0480 4004	Mode: Manual; SigCheck; TDLFS; 
12:45:41.0480 4004	============================================================
12:45:42.0472 4004	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:45:42.0684 4004	1394ohci - ok
12:45:42.0741 4004	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:45:42.0762 4004	ACPI - ok
12:45:42.0795 4004	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:45:42.0857 4004	AcpiPmi - ok
12:45:43.0396 4004	AcrSch2Svc      (2c41ae09bb51ea074069135f183daa9c) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:45:43.0462 4004	AcrSch2Svc - ok
12:45:43.0593 4004	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:45:43.0619 4004	AdobeFlashPlayerUpdateSvc - ok
12:45:43.0697 4004	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:43.0722 4004	adp94xx - ok
12:45:43.0763 4004	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:43.0783 4004	adpahci - ok
12:45:43.0802 4004	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:43.0820 4004	adpu320 - ok
12:45:43.0934 4004	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:45:44.0101 4004	AeLookupSvc - ok
12:45:44.0192 4004	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:45:44.0259 4004	AFD - ok
12:45:44.0290 4004	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:45:44.0309 4004	agp440 - ok
12:45:44.0342 4004	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:45:44.0358 4004	aic78xx - ok
12:45:44.0435 4004	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:45:44.0497 4004	ALG - ok
12:45:44.0536 4004	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:45:44.0559 4004	aliide - ok
12:45:44.0662 4004	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:45:44.0706 4004	amdagp - ok
12:45:44.0748 4004	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:45:44.0762 4004	amdide - ok
12:45:44.0815 4004	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:44.0861 4004	AmdK8 - ok
12:45:44.0868 4004	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:44.0895 4004	AmdPPM - ok
12:45:44.0936 4004	amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
12:45:44.0951 4004	amdsata - ok
12:45:44.0978 4004	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:44.0996 4004	amdsbs - ok
12:45:45.0016 4004	amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
12:45:45.0031 4004	amdxata - ok
12:45:45.0088 4004	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:45:45.0135 4004	AppID - ok
12:45:45.0183 4004	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:45:45.0240 4004	AppIDSvc - ok
12:45:45.0276 4004	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:45:45.0327 4004	Appinfo - ok
12:45:45.0383 4004	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:45:45.0425 4004	arc - ok
12:45:45.0444 4004	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:45.0460 4004	arcsas - ok
12:45:45.0519 4004	Aspi32          (5b01af89d16d562825c4db4530f20cbb) C:\Windows\system32\drivers\aspi32.sys
12:45:45.0542 4004	Aspi32 ( UnsignedFile.Multi.Generic ) - warning
12:45:45.0542 4004	Aspi32 - detected UnsignedFile.Multi.Generic (1)
12:45:45.0896 4004	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:45:45.0938 4004	aspnet_state - ok
12:45:45.0972 4004	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:46.0095 4004	AsyncMac - ok
12:45:46.0125 4004	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:45:46.0142 4004	atapi - ok
12:45:46.0974 4004	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
12:45:47.0097 4004	athr - ok
12:45:48.0246 4004	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:45:48.0347 4004	AudioEndpointBuilder - ok
12:45:48.0356 4004	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:45:48.0389 4004	Audiosrv - ok
12:45:48.0457 4004	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:45:48.0550 4004	AxInstSV - ok
12:45:48.0847 4004	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:45:48.0947 4004	b06bdrv - ok
12:45:49.0020 4004	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:45:49.0070 4004	b57nd60x - ok
12:45:49.0146 4004	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:45:49.0219 4004	BDESVC - ok
12:45:49.0269 4004	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:45:49.0318 4004	Beep - ok
12:45:49.0404 4004	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:45:49.0467 4004	BFE - ok
12:45:49.0531 4004	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:45:49.0591 4004	BITS - ok
12:45:49.0611 4004	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:49.0647 4004	blbdrive - ok
12:45:49.0954 4004	Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
12:45:50.0008 4004	Bonjour Service - ok
12:45:50.0056 4004	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:45:50.0108 4004	bowser - ok
12:45:50.0177 4004	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:50.0202 4004	BrFiltLo - ok
12:45:50.0212 4004	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:50.0250 4004	BrFiltUp - ok
12:45:50.0317 4004	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:45:50.0389 4004	Browser - ok
12:45:50.0690 4004	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:45:50.0821 4004	Brserid - ok
12:45:50.0851 4004	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:50.0874 4004	BrSerWdm - ok
12:45:50.0915 4004	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:50.0949 4004	BrUsbMdm - ok
12:45:50.0967 4004	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:51.0029 4004	BrUsbSer - ok
12:45:51.0091 4004	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
12:45:51.0161 4004	BthEnum - ok
12:45:51.0214 4004	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:51.0251 4004	BTHMODEM - ok
12:45:51.0304 4004	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
12:45:51.0333 4004	BthPan - ok
12:45:51.0379 4004	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
12:45:51.0414 4004	BTHPORT - ok
12:45:51.0461 4004	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:45:51.0492 4004	bthserv - ok
12:45:51.0515 4004	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
12:45:51.0547 4004	BTHUSB - ok
12:45:51.0584 4004	btmhsf          (d517ba16793d76210c963dab2a88b74f) C:\Windows\system32\DRIVERS\btmhsf.sys
12:45:51.0646 4004	btmhsf - ok
12:45:51.0680 4004	catchme - ok
12:45:51.0768 4004	cbfs3           (afab1d4cab04218cbab0ae69625d0d65) C:\Windows\system32\drivers\cbfs3.sys
12:45:51.0943 4004	cbfs3 - ok
12:45:51.0983 4004	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:52.0634 4004	cdfs - ok
12:45:52.0692 4004	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:52.0764 4004	cdrom - ok
12:45:52.0829 4004	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:45:52.0868 4004	CertPropSvc - ok
12:45:52.0937 4004	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:45:52.0965 4004	circlass - ok
12:45:53.0230 4004	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:45:53.0261 4004	CLFS - ok
12:45:53.0357 4004	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:53.0371 4004	clr_optimization_v2.0.50727_32 - ok
12:45:53.0451 4004	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:53.0501 4004	clr_optimization_v4.0.30319_32 - ok
12:45:53.0525 4004	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:53.0552 4004	CmBatt - ok
12:45:53.0587 4004	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:45:53.0602 4004	cmdide - ok
12:45:53.0894 4004	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:45:53.0987 4004	CNG - ok
12:45:54.0063 4004	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:54.0087 4004	Compbatt - ok
12:45:54.0130 4004	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:45:54.0219 4004	CompositeBus - ok
12:45:54.0241 4004	COMSysApp - ok
12:45:54.0264 4004	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:54.0288 4004	crcdisk - ok
12:45:54.0341 4004	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
12:45:54.0387 4004	CryptSvc - ok
12:45:54.0449 4004	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:45:54.0499 4004	DcomLaunch - ok
12:45:54.0752 4004	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:45:54.0819 4004	defragsvc - ok
12:45:54.0876 4004	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:45:54.0915 4004	DfsC - ok
12:45:54.0946 4004	DgiVecp - ok
12:45:55.0018 4004	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:45:55.0081 4004	Dhcp - ok
12:45:55.0124 4004	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:45:55.0171 4004	discache - ok
12:45:55.0228 4004	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:45:55.0244 4004	Disk - ok
12:45:55.0295 4004	DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
12:45:55.0309 4004	DKbFltr - ok
12:45:55.0451 4004	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:45:55.0521 4004	Dnscache - ok
12:45:55.0884 4004	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:45:55.0942 4004	dot3svc - ok
12:45:56.0074 4004	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:45:56.0137 4004	DPS - ok
12:45:56.0204 4004	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:45:56.0282 4004	drmkaud - ok
12:45:56.0617 4004	dtsoftbus01     (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:45:56.0636 4004	dtsoftbus01 - ok
12:45:56.0952 4004	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:57.0014 4004	DXGKrnl - ok
12:45:57.0145 4004	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:45:57.0198 4004	EapHost - ok
12:46:01.0387 4004	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:46:01.0596 4004	ebdrv - ok
12:46:02.0612 4004	EchoIndigo      (aa9d3951465cff3137c6b531e19fb21b) C:\Windows\system32\DRIVERS\echondgo.sys
12:46:02.0735 4004	EchoIndigo - ok
12:46:02.0771 4004	echondgo        (aa9d3951465cff3137c6b531e19fb21b) C:\Windows\system32\drivers\echondgo.sys
12:46:02.0792 4004	echondgo - ok
12:46:02.0838 4004	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:46:02.0902 4004	EFS - ok
12:46:03.0478 4004	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:46:03.0552 4004	ehRecvr - ok
12:46:03.0678 4004	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:46:03.0707 4004	ehSched - ok
12:46:03.0786 4004	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:46:03.0813 4004	elxstor - ok
12:46:03.0906 4004	epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
12:46:03.0976 4004	epmntdrv ( UnsignedFile.Multi.Generic ) - warning
12:46:03.0976 4004	epmntdrv - detected UnsignedFile.Multi.Generic (1)
12:46:04.0006 4004	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:46:04.0031 4004	ErrDev - ok
12:46:04.0117 4004	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
12:46:04.0202 4004	EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
12:46:04.0202 4004	EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
12:46:04.0247 4004	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:46:04.0301 4004	EventSystem - ok
12:46:04.0458 4004	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:46:04.0512 4004	exfat - ok
12:46:04.0548 4004	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:46:04.0593 4004	fastfat - ok
12:46:04.0701 4004	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:46:04.0782 4004	Fax - ok
12:46:04.0796 4004	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:46:04.0815 4004	fdc - ok
12:46:04.0859 4004	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:46:04.0914 4004	fdPHost - ok
12:46:04.0964 4004	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:46:05.0042 4004	FDResPub - ok
12:46:05.0102 4004	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:46:05.0126 4004	FileInfo - ok
12:46:05.0150 4004	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:46:05.0198 4004	Filetrace - ok
12:46:05.0602 4004	FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:46:05.0661 4004	FLEXnet Licensing Service - ok
12:46:05.0698 4004	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:46:05.0733 4004	flpydisk - ok
12:46:05.0777 4004	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:46:05.0796 4004	FltMgr - ok
12:46:06.0208 4004	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:46:06.0300 4004	FontCache - ok
12:46:06.0443 4004	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:46:06.0473 4004	FontCache3.0.0.0 - ok
12:46:06.0496 4004	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:46:06.0512 4004	FsDepends - ok
12:46:06.0548 4004	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:46:06.0565 4004	Fs_Rec - ok
12:46:06.0613 4004	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:46:06.0634 4004	fvevol - ok
12:46:06.0679 4004	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:46:06.0703 4004	gagp30kx - ok
12:46:06.0736 4004	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
12:46:06.0748 4004	ggflt - ok
12:46:06.0782 4004	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
12:46:06.0794 4004	ggsemc - ok
12:46:07.0288 4004	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:46:07.0397 4004	gpsvc - ok
12:46:07.0736 4004	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:46:07.0776 4004	gupdate - ok
12:46:07.0800 4004	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:46:07.0812 4004	gupdatem - ok
12:46:07.0861 4004	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:46:07.0948 4004	hcw85cir - ok
12:46:08.0217 4004	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:46:08.0281 4004	HdAudAddService - ok
12:46:08.0337 4004	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:46:08.0383 4004	HDAudBus - ok
12:46:08.0435 4004	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:46:08.0495 4004	HidBatt - ok
12:46:08.0532 4004	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:46:08.0577 4004	HidBth - ok
12:46:08.0596 4004	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:46:08.0642 4004	HidIr - ok
12:46:08.0759 4004	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:46:08.0846 4004	hidserv - ok
12:46:08.0907 4004	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:46:08.0939 4004	HidUsb - ok
12:46:09.0067 4004	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:46:09.0141 4004	hkmsvc - ok
12:46:09.0226 4004	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:46:09.0281 4004	HomeGroupListener - ok
12:46:09.0343 4004	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:46:09.0402 4004	HomeGroupProvider - ok
12:46:09.0461 4004	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:46:09.0486 4004	HpSAMD - ok
12:46:09.0669 4004	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:46:09.0717 4004	HTTP - ok
12:46:09.0757 4004	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:46:09.0771 4004	hwpolicy - ok
12:46:09.0828 4004	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:46:09.0864 4004	i8042prt - ok
12:46:09.0938 4004	iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
12:46:09.0966 4004	iaStor - ok
12:46:10.0019 4004	iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
12:46:10.0041 4004	iaStorV - ok
12:46:10.0121 4004	iBtFltCoex      (61401ba4183bc171ba114fce4981bb33) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
12:46:10.0170 4004	iBtFltCoex - ok
12:46:10.0360 4004	IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:46:10.0395 4004	IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:46:10.0395 4004	IDriverT - detected UnsignedFile.Multi.Generic (1)
12:46:11.0289 4004	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:46:11.0381 4004	idsvc - ok
12:46:14.0316 4004	igfx            (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:46:14.0572 4004	igfx - ok
12:46:14.0744 4004	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:46:14.0789 4004	iirsp - ok
12:46:14.0870 4004	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:46:14.0952 4004	IKEEXT - ok
12:46:15.0595 4004	IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
12:46:15.0710 4004	IntcAzAudAddService - ok
12:46:16.0539 4004	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:46:16.0562 4004	intelide - ok
12:46:16.0596 4004	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:46:16.0632 4004	intelppm - ok
12:46:16.0677 4004	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:46:16.0735 4004	IPBusEnum - ok
12:46:16.0809 4004	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:16.0882 4004	IpFilterDriver - ok
12:46:16.0965 4004	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:46:17.0021 4004	iphlpsvc - ok
12:46:17.0061 4004	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:46:17.0101 4004	IPMIDRV - ok
12:46:17.0151 4004	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:46:17.0183 4004	IPNAT - ok
12:46:17.0211 4004	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:46:17.0230 4004	IRENUM - ok
12:46:17.0248 4004	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:46:17.0263 4004	isapnp - ok
12:46:17.0307 4004	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:46:17.0326 4004	iScsiPrt - ok
12:46:17.0362 4004	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:46:17.0378 4004	kbdclass - ok
12:46:17.0400 4004	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:46:17.0437 4004	kbdhid - ok
12:46:17.0487 4004	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:46:17.0510 4004	KeyIso - ok
12:46:17.0580 4004	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:46:17.0601 4004	KSecDD - ok
12:46:17.0813 4004	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:46:17.0843 4004	KSecPkg - ok
12:46:17.0902 4004	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:46:17.0972 4004	KtmRm - ok
12:46:18.0037 4004	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:46:18.0078 4004	LanmanServer - ok
12:46:18.0110 4004	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:46:18.0141 4004	LanmanWorkstation - ok
12:46:18.0694 4004	LBTServ         (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:46:18.0734 4004	LBTServ - ok
12:46:18.0842 4004	LHidFilt        (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:46:18.0867 4004	LHidFilt - ok
12:46:18.0910 4004	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:46:18.0974 4004	lltdio - ok
12:46:19.0294 4004	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:46:19.0344 4004	lltdsvc - ok
12:46:19.0378 4004	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:46:19.0421 4004	lmhosts - ok
12:46:19.0458 4004	LMouFilt        (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:46:19.0473 4004	LMouFilt - ok
12:46:19.0510 4004	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:46:19.0526 4004	LSI_FC - ok
12:46:19.0567 4004	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:46:19.0583 4004	LSI_SAS - ok
12:46:19.0613 4004	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:46:19.0628 4004	LSI_SAS2 - ok
12:46:19.0647 4004	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:46:19.0677 4004	LSI_SCSI - ok
12:46:19.0727 4004	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:46:19.0758 4004	luafv - ok
12:46:19.0883 4004	MCSWASVR        (fa4a4270b22b8e16fbae59dc03c38d6f) C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe
12:46:19.0940 4004	MCSWASVR - ok
12:46:19.0997 4004	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:46:20.0025 4004	Mcx2Svc - ok
12:46:20.0173 4004	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:46:20.0206 4004	megasas - ok
12:46:20.0247 4004	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:46:20.0266 4004	MegaSR - ok
12:46:20.0294 4004	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:46:20.0338 4004	MMCSS - ok
12:46:20.0366 4004	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:46:20.0410 4004	Modem - ok
12:46:20.0434 4004	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:46:20.0464 4004	monitor - ok
12:46:20.0494 4004	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:46:20.0509 4004	mouclass - ok
12:46:20.0536 4004	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:46:20.0566 4004	mouhid - ok
12:46:20.0631 4004	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:46:20.0646 4004	mountmgr - ok
12:46:20.0733 4004	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:46:20.0770 4004	MozillaMaintenance - ok
12:46:20.0844 4004	MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:46:20.0873 4004	MpFilter - ok
12:46:21.0130 4004	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:46:21.0169 4004	mpio - ok
12:46:21.0368 4004	MpKsla7fba890   (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\MpKsla7fba890.sys
12:46:21.0394 4004	MpKsla7fba890 - ok
12:46:21.0420 4004	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:46:21.0469 4004	mpsdrv - ok
12:46:22.0124 4004	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:46:22.0232 4004	MpsSvc - ok
12:46:22.0266 4004	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:46:22.0286 4004	MRxDAV - ok
12:46:22.0335 4004	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:22.0402 4004	mrxsmb - ok
12:46:22.0437 4004	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:22.0470 4004	mrxsmb10 - ok
12:46:22.0492 4004	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:22.0521 4004	mrxsmb20 - ok
12:46:22.0585 4004	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:46:22.0604 4004	msahci - ok
12:46:22.0632 4004	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:46:22.0649 4004	msdsm - ok
12:46:22.0683 4004	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:46:22.0711 4004	MSDTC - ok
12:46:22.0774 4004	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:46:22.0803 4004	Msfs - ok
12:46:22.0813 4004	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:46:22.0852 4004	mshidkmdf - ok
12:46:22.0929 4004	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:46:22.0964 4004	msisadrv - ok
12:46:23.0008 4004	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:46:23.0064 4004	MSiSCSI - ok
12:46:23.0072 4004	msiserver - ok
12:46:23.0121 4004	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:46:23.0178 4004	MSKSSRV - ok
12:46:23.0283 4004	MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:46:23.0298 4004	MsMpSvc - ok
12:46:23.0331 4004	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:23.0362 4004	MSPCLOCK - ok
12:46:23.0368 4004	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:46:23.0418 4004	MSPQM - ok
12:46:23.0445 4004	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:46:23.0463 4004	MsRPC - ok
12:46:23.0536 4004	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:46:23.0562 4004	mssmbios - ok
12:46:23.0600 4004	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:46:23.0653 4004	MSTEE - ok
12:46:23.0676 4004	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:46:23.0712 4004	MTConfig - ok
12:46:23.0737 4004	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:46:23.0752 4004	Mup - ok
12:46:24.0076 4004	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:46:24.0167 4004	napagent - ok
12:46:24.0282 4004	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:46:24.0325 4004	NativeWifiP - ok
12:46:24.0415 4004	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:46:24.0451 4004	NDIS - ok
12:46:24.0491 4004	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:46:24.0548 4004	NdisCap - ok
12:46:24.0582 4004	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:46:24.0625 4004	NdisTapi - ok
12:46:24.0669 4004	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:46:24.0735 4004	Ndisuio - ok
12:46:24.0984 4004	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:46:25.0036 4004	NdisWan - ok
12:46:25.0067 4004	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:46:25.0096 4004	NDProxy - ok
12:46:25.0148 4004	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:46:25.0196 4004	NetBIOS - ok
12:46:25.0331 4004	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:46:25.0421 4004	NetBT - ok
12:46:25.0460 4004	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:46:25.0475 4004	Netlogon - ok
12:46:25.0546 4004	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:46:25.0600 4004	Netman - ok
12:46:25.0822 4004	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:25.0836 4004	NetMsmqActivator - ok
12:46:25.0849 4004	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:25.0862 4004	NetPipeActivator - ok
12:46:25.0910 4004	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:46:25.0948 4004	netprofm - ok
12:46:25.0953 4004	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:25.0967 4004	NetTcpActivator - ok
12:46:25.0972 4004	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:25.0986 4004	NetTcpPortSharing - ok
12:46:27.0558 4004	Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
12:46:27.0666 4004	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
12:46:27.0666 4004	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
12:46:29.0081 4004	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:46:29.0117 4004	nfrd960 - ok
12:46:29.0230 4004	NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:46:29.0263 4004	NisDrv - ok
12:46:29.0487 4004	NisSrv          (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
12:46:29.0516 4004	NisSrv - ok
12:46:29.0599 4004	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:46:29.0655 4004	NlaSvc - ok
12:46:29.0745 4004	nlsX86cc        (b5efddcd8a686c4999afd1d7ec29fa12) C:\Windows\system32\NlsSrv32.exe
12:46:29.0819 4004	nlsX86cc ( UnsignedFile.Multi.Generic ) - warning
12:46:29.0819 4004	nlsX86cc - detected UnsignedFile.Multi.Generic (1)
12:46:29.0882 4004	NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
12:46:29.0937 4004	NMSAccessU - ok
12:46:30.0026 4004	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:46:30.0081 4004	Npfs - ok
12:46:30.0139 4004	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:46:30.0188 4004	nsi - ok
12:46:30.0203 4004	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:46:30.0258 4004	nsiproxy - ok
12:46:30.0612 4004	Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
12:46:30.0687 4004	Ntfs - ok
12:46:31.0393 4004	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:46:31.0434 4004	Null - ok
12:46:31.0483 4004	nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
12:46:31.0500 4004	nvraid - ok
12:46:31.0526 4004	nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
12:46:31.0544 4004	nvstor - ok
12:46:31.0563 4004	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:46:31.0580 4004	nv_agp - ok
12:46:31.0608 4004	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:46:31.0639 4004	ohci1394 - ok
12:46:31.0739 4004	OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
12:46:31.0760 4004	OMSI download service ( UnsignedFile.Multi.Generic ) - warning
12:46:31.0760 4004	OMSI download service - detected UnsignedFile.Multi.Generic (1)
12:46:31.0854 4004	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:46:31.0870 4004	ose - ok
12:46:31.0922 4004	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:46:31.0989 4004	p2pimsvc - ok
12:46:32.0021 4004	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:46:32.0079 4004	p2psvc - ok
12:46:32.0134 4004	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:46:32.0191 4004	Parport - ok
12:46:32.0238 4004	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:46:32.0253 4004	partmgr - ok
12:46:32.0273 4004	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:46:32.0311 4004	Parvdm - ok
12:46:32.0357 4004	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:46:32.0387 4004	PcaSvc - ok
12:46:32.0507 4004	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:46:32.0560 4004	pci - ok
12:46:32.0593 4004	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:46:32.0607 4004	pciide - ok
12:46:32.0758 4004	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:46:32.0794 4004	pcmcia - ok
12:46:32.0809 4004	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:46:32.0824 4004	pcw - ok
12:46:33.0238 4004	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:46:33.0329 4004	PEAUTH - ok
12:46:33.0374 4004	PenClass        (4a108cc9cc0e0605e68cce7021479879) C:\Windows\system32\Drivers\PenClass.sys
12:46:33.0398 4004	PenClass ( UnsignedFile.Multi.Generic ) - warning
12:46:33.0398 4004	PenClass - detected UnsignedFile.Multi.Generic (1)
12:46:34.0801 4004	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:46:34.0917 4004	pla - ok
12:46:35.0368 4004	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:46:35.0428 4004	PlugPlay - ok
12:46:35.0464 4004	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:46:35.0504 4004	PNRPAutoReg - ok
12:46:35.0776 4004	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:46:35.0810 4004	PNRPsvc - ok
12:46:36.0199 4004	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:46:36.0287 4004	PolicyAgent - ok
12:46:36.0328 4004	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:46:36.0376 4004	Power - ok
12:46:36.0456 4004	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:46:36.0501 4004	PptpMiniport - ok
12:46:36.0520 4004	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:46:36.0549 4004	Processor - ok
12:46:36.0657 4004	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
12:46:36.0717 4004	ProfSvc - ok
12:46:36.0778 4004	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:46:36.0806 4004	ProtectedStorage - ok
12:46:36.0881 4004	ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\Windows\system32\PSIService.exe
12:46:36.0899 4004	ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
12:46:36.0900 4004	ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
12:46:36.0953 4004	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:46:36.0999 4004	Psched - ok
12:46:37.0046 4004	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
12:46:37.0082 4004	PSI - ok
12:46:38.0258 4004	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:46:38.0364 4004	ql2300 - ok
12:46:39.0340 4004	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:46:39.0362 4004	ql40xx - ok
12:46:39.0398 4004	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:46:39.0435 4004	QWAVE - ok
12:46:39.0460 4004	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:46:39.0492 4004	QWAVEdrv - ok
12:46:39.0529 4004	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:46:39.0592 4004	RasAcd - ok
12:46:39.0648 4004	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:46:39.0695 4004	RasAgileVpn - ok
12:46:39.0736 4004	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:46:39.0769 4004	RasAuto - ok
12:46:39.0797 4004	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:46:39.0848 4004	Rasl2tp - ok
12:46:39.0920 4004	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:46:39.0992 4004	RasMan - ok
12:46:40.0052 4004	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:46:40.0128 4004	RasPppoe - ok
12:46:40.0147 4004	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:46:40.0195 4004	RasSstp - ok
12:46:40.0345 4004	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:46:40.0412 4004	rdbss - ok
12:46:40.0484 4004	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:46:40.0532 4004	rdpbus - ok
12:46:40.0557 4004	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:46:40.0600 4004	RDPCDD - ok
12:46:40.0637 4004	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:46:40.0683 4004	RDPENCDD - ok
12:46:40.0727 4004	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:46:40.0793 4004	RDPREFMP - ok
12:46:40.0876 4004	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
12:46:40.0944 4004	RDPWD - ok
12:46:41.0228 4004	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:46:41.0274 4004	rdyboost - ok
12:46:41.0457 4004	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:46:41.0512 4004	RemoteAccess - ok
12:46:41.0572 4004	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:46:41.0643 4004	RemoteRegistry - ok
12:46:41.0694 4004	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
12:46:41.0713 4004	RFCOMM - ok
12:46:41.0743 4004	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:46:41.0792 4004	RpcEptMapper - ok
12:46:41.0835 4004	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:46:41.0881 4004	RpcLocator - ok
12:46:41.0950 4004	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:46:41.0990 4004	RpcSs - ok
12:46:42.0040 4004	RRamdisk        (519d3c83d04bc3e0289e80f61d2febc0) C:\Windows\system32\DRIVERS\rramdisk.sys
12:46:42.0074 4004	RRamdisk ( UnsignedFile.Multi.Generic ) - warning
12:46:42.0074 4004	RRamdisk - detected UnsignedFile.Multi.Generic (1)
12:46:42.0171 4004	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:46:42.0231 4004	rspndr - ok
12:46:42.0271 4004	s0017bus        (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
12:46:42.0284 4004	s0017bus - ok
12:46:42.0309 4004	s0017mdfl       (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
12:46:42.0320 4004	s0017mdfl - ok
12:46:42.0345 4004	s0017mdm        (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
12:46:42.0358 4004	s0017mdm - ok
12:46:42.0387 4004	s0017mgmt       (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
12:46:42.0401 4004	s0017mgmt - ok
12:46:42.0426 4004	s0017nd5        (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
12:46:42.0438 4004	s0017nd5 - ok
12:46:42.0492 4004	s0017obex       (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
12:46:42.0505 4004	s0017obex - ok
12:46:42.0530 4004	s0017unic       (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
12:46:42.0544 4004	s0017unic - ok
12:46:42.0568 4004	s217bus         (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys
12:46:42.0581 4004	s217bus - ok
12:46:42.0616 4004	s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys
12:46:42.0627 4004	s217mdfl - ok
12:46:42.0647 4004	s217mdm         (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys
12:46:42.0660 4004	s217mdm - ok
12:46:42.0769 4004	s217mgmt        (de9562ad0c91e1857d11f65a91ee1a47) C:\Windows\system32\DRIVERS\s217mgmt.sys
12:46:42.0786 4004	s217mgmt - ok
12:46:42.0819 4004	s217nd5         (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys
12:46:42.0833 4004	s217nd5 - ok
12:46:42.0853 4004	s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys
12:46:42.0870 4004	s217obex - ok
12:46:42.0888 4004	s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys
12:46:42.0902 4004	s217unic - ok
12:46:42.0940 4004	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:46:42.0954 4004	SamSs - ok
12:46:42.0989 4004	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:46:43.0007 4004	sbp2port - ok
12:46:43.0186 4004	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:46:43.0269 4004	SCardSvr - ok
12:46:43.0299 4004	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:46:43.0347 4004	scfilter - ok
12:46:43.0417 4004	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:46:43.0486 4004	Schedule - ok
12:46:43.0547 4004	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:46:43.0586 4004	SCPolicySvc - ok
12:46:43.0785 4004	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:46:43.0890 4004	SDRSVC - ok
12:46:43.0982 4004	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:46:44.0053 4004	secdrv - ok
12:46:44.0097 4004	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:46:44.0149 4004	seclogon - ok
12:46:45.0238 4004	Secunia PSI Agent (fc4842cecaf2a938be13a6c534034088) C:\Program Files\Secunia\PSI\PSIA.exe
12:46:45.0316 4004	Secunia PSI Agent - ok
12:46:45.0365 4004	Secunia Update Agent (401c960e9c95d35cffb17ca57c4406fb) C:\Program Files\Secunia\PSI\sua.exe
12:46:45.0520 4004	Secunia Update Agent - ok
12:46:45.0682 4004	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
12:46:45.0727 4004	seehcri - ok
12:46:45.0775 4004	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:46:45.0833 4004	SENS - ok
12:46:45.0868 4004	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:46:45.0913 4004	SensrSvc - ok
12:46:45.0962 4004	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:46:45.0993 4004	Serenum - ok
12:46:46.0036 4004	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:46:46.0064 4004	Serial - ok
12:46:46.0099 4004	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:46:46.0139 4004	sermouse - ok
12:46:46.0208 4004	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:46:46.0239 4004	SessionEnv - ok
12:46:46.0347 4004	sesvc           (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe
12:46:46.0389 4004	sesvc ( UnsignedFile.Multi.Generic ) - warning
12:46:46.0389 4004	sesvc - detected UnsignedFile.Multi.Generic (1)
12:46:46.0424 4004	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:46:46.0465 4004	sffdisk - ok
12:46:46.0483 4004	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:46:46.0500 4004	sffp_mmc - ok
12:46:46.0506 4004	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:46:46.0541 4004	sffp_sd - ok
12:46:46.0586 4004	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:46:46.0623 4004	sfloppy - ok
12:46:46.0688 4004	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:46:46.0756 4004	SharedAccess - ok
12:46:47.0079 4004	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:46:47.0154 4004	ShellHWDetection - ok
12:46:47.0191 4004	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:46:47.0206 4004	sisagp - ok
12:46:47.0250 4004	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:46:47.0265 4004	SiSRaid2 - ok
12:46:47.0281 4004	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:46:47.0297 4004	SiSRaid4 - ok
12:46:47.0329 4004	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:46:47.0361 4004	Smb - ok
12:46:47.0426 4004	snapman         (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
12:46:47.0440 4004	snapman - ok
12:46:47.0473 4004	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:46:47.0489 4004	SNMPTRAP - ok
12:46:47.0507 4004	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:46:47.0522 4004	spldr - ok
12:46:47.0708 4004	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:46:47.0756 4004	Spooler - ok
12:46:50.0578 4004	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:46:50.0729 4004	sppsvc - ok
12:46:50.0884 4004	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:46:50.0933 4004	sppuinotify - ok
12:46:51.0427 4004	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:46:51.0508 4004	srv - ok
12:46:51.0574 4004	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:46:51.0649 4004	srv2 - ok
12:46:51.0685 4004	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:46:51.0702 4004	srvnet - ok
12:46:51.0736 4004	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:46:51.0783 4004	SSDPSRV - ok
12:46:51.0840 4004	SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
12:46:51.0845 4004	SSPORT ( UnsignedFile.Multi.Generic ) - warning
12:46:51.0845 4004	SSPORT - detected UnsignedFile.Multi.Generic (1)
12:46:51.0876 4004	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:46:51.0906 4004	SstpSvc - ok
12:46:51.0940 4004	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
12:46:51.0960 4004	StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:46:51.0960 4004	StarOpen - detected UnsignedFile.Multi.Generic (1)
12:46:51.0987 4004	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:46:52.0002 4004	stexstor - ok
12:46:52.0068 4004	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:46:52.0128 4004	StiSvc - ok
12:46:52.0156 4004	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:46:52.0173 4004	swenum - ok
12:46:52.0235 4004	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:46:52.0273 4004	swprv - ok
12:46:52.0323 4004	SynasUSB        (e46088b882e6315518630e249ddf958c) C:\Windows\system32\drivers\SynasUSB.sys
12:46:52.0403 4004	SynasUSB - ok
12:46:53.0108 4004	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:46:53.0201 4004	SysMain - ok
12:46:53.0285 4004	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:46:53.0335 4004	TabletInputService - ok
12:46:57.0615 4004	TabletServiceWacom (77e974834b9c246de54de4f430315b09) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
12:46:57.0856 4004	TabletServiceWacom - ok
12:46:58.0089 4004	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:46:58.0158 4004	TapiSrv - ok
12:46:58.0188 4004	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:46:58.0231 4004	TBS - ok
12:46:58.0493 4004	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:46:58.0580 4004	Tcpip - ok
12:46:59.0213 4004	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:46:59.0253 4004	TCPIP6 - ok
12:47:00.0087 4004	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:47:00.0147 4004	tcpipreg - ok
12:47:00.0207 4004	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:47:00.0234 4004	TDPIPE - ok
12:47:00.0268 4004	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:47:00.0283 4004	TDTCP - ok
12:47:00.0313 4004	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:47:00.0359 4004	tdx - ok
12:47:02.0413 4004	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:47:02.0550 4004	TeamViewer7 - ok
12:47:02.0848 4004	TelekomNM3      (5d528200679c3b4595b4237e02c077d5) C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
12:47:02.0877 4004	TelekomNM3 - ok
12:47:04.0087 4004	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:47:04.0119 4004	TermDD - ok
12:47:04.0587 4004	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:47:04.0670 4004	TermService - ok
12:47:04.0774 4004	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:47:04.0836 4004	Themes - ok
12:47:04.0924 4004	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:47:04.0969 4004	THREADORDER - ok
12:47:05.0018 4004	tifsfilter      (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
12:47:05.0031 4004	tifsfilter - ok
12:47:05.0071 4004	timounter       (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
12:47:05.0094 4004	timounter - ok
12:47:05.0821 4004	TouchServiceWacom (7496f4c86cac98ca7a24586570e214aa) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
12:47:05.0999 4004	TouchServiceWacom - ok
12:47:06.0118 4004	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:47:06.0193 4004	TrkWks - ok
12:47:06.0534 4004	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:47:06.0620 4004	TrustedInstaller - ok
12:47:07.0445 4004	TryAndDecideService (abee0a9ed1e0eb558c60f0881132ae32) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
12:47:07.0518 4004	TryAndDecideService - ok
12:47:07.0583 4004	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:07.0614 4004	tssecsrv - ok
12:47:07.0766 4004	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:47:07.0838 4004	TsUsbFlt - ok
12:47:07.0886 4004	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:47:07.0951 4004	tunnel - ok
12:47:08.0033 4004	TVicPort        (3147063508eae931becc01573c204fac) C:\Windows\system32\DRIVERS\TVICPORT.SYS
12:47:08.0052 4004	TVicPort - ok
12:47:08.0142 4004	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:47:08.0179 4004	uagp35 - ok
12:47:08.0437 4004	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:47:08.0524 4004	udfs - ok
12:47:08.0641 4004	UDST7000BDA     (d785cdc0d6e27aa27dc30d3b3aad7819) C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys
12:47:08.0731 4004	UDST7000BDA - ok
12:47:08.0762 4004	UDST7000HID     (527fea6f1669fca060c8fa17174db19b) C:\Windows\system32\DRIVERS\TerraTecUsbHid.sys
12:47:08.0791 4004	UDST7000HID - ok
12:47:08.0885 4004	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:47:08.0936 4004	UI0Detect - ok
12:47:08.0975 4004	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:47:08.0990 4004	uliagpkx - ok
12:47:09.0020 4004	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:47:09.0049 4004	umbus - ok
12:47:09.0100 4004	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:47:09.0130 4004	UmPass - ok
12:47:09.0190 4004	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:47:09.0253 4004	upnphost - ok
12:47:09.0517 4004	USB28xxBGA      (47d967b6f4c3870da6859824fefc3829) C:\Windows\system32\DRIVERS\emBDA.sys
12:47:09.0613 4004	USB28xxBGA - ok
12:47:09.0679 4004	USB28xxOEM      (8b5addd61fb0f415337f04cae2a5f532) C:\Windows\system32\DRIVERS\emOEM.sys
12:47:09.0739 4004	USB28xxOEM - ok
12:47:09.0780 4004	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
12:47:09.0819 4004	usbaudio - ok
12:47:09.0845 4004	usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:09.0861 4004	usbccgp - ok
12:47:09.0879 4004	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:47:09.0938 4004	usbcir - ok
12:47:09.0977 4004	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
12:47:10.0007 4004	usbehci - ok
12:47:10.0113 4004	usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys
12:47:10.0168 4004	usbhub - ok
12:47:10.0193 4004	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
12:47:10.0227 4004	usbohci - ok
12:47:10.0252 4004	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:47:10.0270 4004	usbprint - ok
12:47:10.0313 4004	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:47:10.0345 4004	usbscan - ok
12:47:10.0481 4004	USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:10.0533 4004	USBSTOR - ok
12:47:10.0604 4004	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
12:47:10.0658 4004	usbuhci - ok
12:47:10.0699 4004	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
12:47:10.0719 4004	usbvideo - ok
12:47:10.0800 4004	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:47:10.0851 4004	UxSms - ok
12:47:10.0947 4004	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:47:10.0969 4004	VaultSvc - ok
12:47:11.0017 4004	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:47:11.0035 4004	vdrvroot - ok
12:47:11.0508 4004	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:47:11.0599 4004	vds - ok
12:47:11.0661 4004	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:11.0699 4004	vga - ok
12:47:11.0736 4004	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:47:11.0815 4004	VgaSave - ok
12:47:11.0845 4004	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:47:11.0865 4004	vhdmp - ok
12:47:11.0897 4004	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:47:11.0912 4004	viaagp - ok
12:47:11.0947 4004	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:47:11.0964 4004	ViaC7 - ok
12:47:11.0975 4004	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:47:11.0990 4004	viaide - ok
12:47:12.0004 4004	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:47:12.0019 4004	volmgr - ok
12:47:12.0150 4004	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:47:12.0189 4004	volmgrx - ok
12:47:12.0432 4004	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:47:12.0493 4004	volsnap - ok
12:47:12.0550 4004	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:12.0570 4004	vsmraid - ok
12:47:13.0355 4004	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:47:13.0462 4004	VSS - ok
12:47:13.0480 4004	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:47:13.0511 4004	vwifibus - ok
12:47:13.0528 4004	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:47:13.0548 4004	vwififlt - ok
12:47:13.0585 4004	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
12:47:13.0604 4004	vwifimp - ok
12:47:13.0807 4004	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:47:13.0897 4004	W32Time - ok
12:47:13.0957 4004	wacmoumonitor   (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
12:47:13.0983 4004	wacmoumonitor - ok
12:47:14.0003 4004	wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
12:47:14.0014 4004	wacommousefilter - ok
12:47:14.0035 4004	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:47:14.0062 4004	WacomPen - ok
12:47:14.0098 4004	wacomvhid       (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
12:47:14.0108 4004	wacomvhid - ok
12:47:14.0129 4004	WacomVKHid - ok
12:47:14.0174 4004	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:14.0222 4004	WANARP - ok
12:47:14.0226 4004	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:14.0256 4004	Wanarpv6 - ok
12:47:14.0489 4004	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:47:14.0546 4004	WatAdminSvc - ok
12:47:16.0166 4004	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:47:16.0300 4004	wbengine - ok
12:47:16.0456 4004	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:47:16.0523 4004	WbioSrvc - ok
12:47:16.0840 4004	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:47:16.0930 4004	wcncsvc - ok
12:47:16.0960 4004	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:47:17.0021 4004	WcsPlugInService - ok
12:47:17.0088 4004	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:47:17.0111 4004	Wd - ok
12:47:17.0185 4004	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:47:17.0222 4004	Wdf01000 - ok
12:47:17.0242 4004	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:47:17.0312 4004	WdiServiceHost - ok
12:47:17.0318 4004	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:47:17.0339 4004	WdiSystemHost - ok
12:47:17.0706 4004	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:47:17.0746 4004	WebClient - ok
12:47:17.0942 4004	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:47:18.0018 4004	Wecsvc - ok
12:47:18.0090 4004	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:47:18.0141 4004	wercplsupport - ok
12:47:18.0186 4004	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:47:18.0220 4004	WerSvc - ok
12:47:18.0251 4004	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:18.0299 4004	WfpLwf - ok
12:47:18.0359 4004	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:47:18.0393 4004	WIMMount - ok
12:47:19.0162 4004	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:47:19.0248 4004	WinDefend - ok
12:47:19.0519 4004	Windows7FirewallService (ec9ffcd405c576f27b2385e3c580d3ff) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
12:47:19.0584 4004	Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
12:47:19.0584 4004	Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
12:47:19.0591 4004	WinHttpAutoProxySvc - ok
12:47:19.0818 4004	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:47:19.0909 4004	Winmgmt - ok
12:47:20.0614 4004	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:47:20.0725 4004	WinRM - ok
12:47:20.0861 4004	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:47:20.0924 4004	WinUsb - ok
12:47:21.0232 4004	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:47:21.0329 4004	Wlansvc - ok
12:47:21.0517 4004	wlcrasvc        (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:47:21.0537 4004	wlcrasvc - ok
12:47:22.0600 4004	wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:47:22.0684 4004	wlidsvc - ok
12:47:23.0856 4004	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:47:23.0895 4004	WmiAcpi - ok
12:47:24.0154 4004	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:47:24.0196 4004	wmiApSrv - ok
12:47:25.0305 4004	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:47:25.0429 4004	WMPNetworkSvc - ok
12:47:26.0429 4004	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:47:26.0465 4004	WPCSvc - ok
12:47:26.0512 4004	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:47:26.0547 4004	WPDBusEnum - ok
12:47:26.0610 4004	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:47:26.0657 4004	ws2ifsl - ok
12:47:26.0736 4004	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:47:26.0774 4004	wscsvc - ok
12:47:26.0779 4004	WSearch - ok
12:47:28.0221 4004	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:47:28.0333 4004	wuauserv - ok
12:47:29.0747 4004	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:47:29.0806 4004	WudfPf - ok
12:47:29.0882 4004	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:29.0927 4004	WUDFRd - ok
12:47:30.0067 4004	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:47:30.0123 4004	wudfsvc - ok
12:47:30.0402 4004	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:47:30.0477 4004	WwanSvc - ok
12:47:30.0560 4004	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:47:34.0394 4004	\Device\Harddisk0\DR0 - ok
12:47:34.0435 4004	Boot (0x1200)   (8cf92dc1f396f1ca9c01c47517e8cf42) \Device\Harddisk0\DR0\Partition0
12:47:34.0459 4004	\Device\Harddisk0\DR0\Partition0 - ok
12:47:34.0479 4004	Boot (0x1200)   (3b39d2ae28780f363ba7a59b3969f9c6) \Device\Harddisk0\DR0\Partition1
12:47:34.0494 4004	\Device\Harddisk0\DR0\Partition1 - ok
12:47:34.0494 4004	============================================================
12:47:34.0494 4004	Scan finished
12:47:34.0495 4004	============================================================
12:47:34.0515 7908	Detected object count: 14
12:47:34.0515 7908	Actual detected object count: 14
12:49:39.0353 7908	Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0354 7908	Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0359 7908	epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0359 7908	epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0364 7908	EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0364 7908	EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0370 7908	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0370 7908	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0371 7908	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0372 7908	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0376 7908	nlsX86cc ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0376 7908	nlsX86cc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0382 7908	OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0382 7908	OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0388 7908	PenClass ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0388 7908	PenClass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0392 7908	ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0392 7908	ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0395 7908	RRamdisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0395 7908	RRamdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0399 7908	sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0400 7908	sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0402 7908	SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0402 7908	SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0405 7908	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0406 7908	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:49:39.0408 7908	Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0408 7908	Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
EDDIT:
Hatte aber vergessen, den MSE auszuschalten.

Alt 02.06.2012, 17:39   #32
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________

__________________

Alt 02.06.2012, 20:41   #33
ronze44
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Wieder mit Admin Konto gescannt, wegen MSE.
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-02.03 - Surfer 02.06.2012  21:20:10.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2973.1527 [GMT 2:00]
ausgeführt von:: c:\users\tobi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\isRS-000.tmp
c:\windows\system32\msvcsv60.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-02 bis 2012-06-02  ))))))))))))))))))))))))))))))
.
.
2012-06-02 19:29 . 2012-06-02 19:29	--------	d-----w-	c:\users\tobi\AppData\Local\temp
2012-06-02 19:29 . 2012-06-02 19:29	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-06-02 19:29 . 2012-06-02 19:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-01 22:01 . 2012-03-22 11:43	2557952	----a-w-	c:\windows\system32\QtCore4.dll
2012-06-01 22:01 . 2012-04-18 11:49	405176	----a-w-	c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-01 21:59 . 2012-06-01 22:02	--------	d-----w-	c:\users\Surfer\AppData\Roaming\DVDVideoSoft
2012-06-01 19:15 . 2012-06-01 19:15	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\offreg.dll
2012-06-01 17:59 . 2012-06-01 17:59	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\MpKsla7fba890.sys
2012-06-01 13:03 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\mpengine.dll
2012-06-01 13:01 . 2012-05-14 23:43	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A57855F9-9ACF-4937-9C44-BDE4C30F513A}\mpengine.dll
2012-06-01 10:05 . 2012-06-01 10:05	--------	d-----w-	C:\_OTL
2012-05-31 22:54 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-31 14:51 . 2012-05-31 14:51	--------	d-----w-	c:\program files\ESET
2012-05-31 12:37 . 2012-05-31 12:37	--------	d-----w-	c:\program files\Common Files\Java
2012-05-31 12:37 . 2012-05-31 12:36	772552	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-05-31 12:33 . 2012-05-31 12:33	3584	----a-r-	c:\users\tobi\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-05-31 12:33 . 2012-05-31 12:33	--------	d-----w-	c:\program files\Windows Installer Clean Up
2012-05-29 18:14 . 2012-05-29 18:14	15712	----a-w-	c:\program files\Common Files\Windows Live\.cache\e314842b1cd3dc602\MeshBetaRemover.exe
2012-05-29 18:14 . 2012-05-29 18:14	537432	----a-w-	c:\program files\Common Files\Windows Live\.cache\e27b4f2d1cd3dc601\DXSETUP.exe
2012-05-29 18:14 . 2012-05-29 18:14	89944	----a-w-	c:\program files\Common Files\Windows Live\.cache\e27b4f2d1cd3dc601\DSETUP.dll
2012-05-29 18:14 . 2012-05-29 18:14	1801048	----a-w-	c:\program files\Common Files\Windows Live\.cache\e27b4f2d1cd3dc601\dsetup32.dll
2012-05-21 08:50 . 2012-05-21 08:50	--------	d-----w-	c:\program files\Gitarrero Software
2012-05-11 01:46 . 2012-05-11 01:46	--------	d-----w-	c:\users\Surfer\AppData\Roaming\Logitech
2012-05-10 11:30 . 2012-03-30 10:23	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-10 11:30 . 2012-03-31 04:30	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 11:30 . 2012-03-31 04:29	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:30 . 2012-03-31 04:29	989184	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 11:30 . 2012-03-31 04:29	969216	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 11:30 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-10 11:30 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-10 11:30 . 2012-03-31 02:36	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-05-10 11:30 . 2012-03-17 07:27	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-10 11:30 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-05-08 21:07 . 2012-05-31 21:26	--------	d-----w-	c:\programdata\Tarma Installer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 12:36 . 2010-05-11 08:44	687560	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-04 17:53 . 2012-04-10 00:41	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-04 17:53 . 2011-10-19 23:44	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-10 10:19 . 2009-11-21 11:42	44384	----a-w-	c:\windows\system32\drivers\tifsfilt.sys
2012-04-10 10:19 . 2009-11-21 11:42	441760	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-04-10 10:19 . 2012-04-10 10:19	132224	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-04-10 10:19 . 2009-11-21 11:42	368480	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2012-04-06 02:00 . 2012-04-06 02:00	53248	----a-r-	c:\users\tobi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-06 02:00 . 2012-04-06 02:00	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-04-04 13:56 . 2011-03-30 21:04	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-20 18:44 . 2010-10-24 20:25	74112	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2010-03-25 19:30	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-04-25 00:30 . 2011-10-19 14:58	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDavOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2010-10-27 11:13	284304	----a-w-	c:\windows\System32\WebDAV.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Buyertools Reminder"="c:\program files\Buyertools Reminder\Reminder.exe" [2012-05-09 6592000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"ACFanControl"="c:\program files\ACFanControl\ACFanControl.exe" [2010-10-04 249856]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-11-01 802816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-12 365632]
"OMEA"="c:\program files\GO! Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe" [2009-05-20 180224]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Surfer\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2010-10-12 4142448]
.
c:\users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2011-11-10 14000128]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2010-10-12 4142448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03	66328	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI3"=timiditydrv.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^tobi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Impulse Now.lnk]
path=c:\users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk
backup=c:\windows\pss\Impulse Now.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2009-08-19 14:15	487424	----a-w-	c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-02-12 05:40	365632	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-12-03 10:09	911184	----a-w-	c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Check Mail]
2007-04-18 21:37	2158080	----a-w-	c:\program files\CheckMail V2\CK_Mail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Koma-Mail]
2010-03-12 14:14	2836992	----a-w-	c:\program files\KomaMail\Koma_Mail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-09-15 13:24	883208	----a-w-	c:\program files\Launch Manager\LManager.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseExtender]
2010-09-23 01:26	455168	----a-w-	c:\users\tobi\Desktop\MouseExtender.1.9.7.2\MouseExtender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2010-07-11 09:42	2199040	----a-w-	c:\program files\Rainlendar2\Rainlendar2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-10-10 06:51	614400	----a-w-	c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17	434176	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher]
2007-10-28 10:35	425984	----a-w-	c:\program files\Switcher\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-12-03 10:06	2622104	----a-w-	c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"emsisoftantimalwaresetup"="t:\temp\EmsisoftAntiMalwareSetup.exe"
"Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 EchoIndigo;echondgo;c:\windows\system32\DRIVERS\echondgo.sys [2009-12-08 132544]
R3 echondgo;Indigo Service;c:\windows\system32\drivers\echondgo.sys [2009-12-08 132544]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-09-05 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 47104]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-07-29 994360]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UDST7000BDA;TerraTec H7 service;c:\windows\system32\DRIVERS\TerraTecUsbBda.sys [2010-08-17 782840]
R3 UDST7000HID;TerraTec H7/S7 HID service;c:\windows\system32\DRIVERS\TerraTecUsbHid.sys [2010-08-04 22136]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-11-14 10752]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2009-04-30 12288]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-05-15 265800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-27 232512]
S1 MpKsla7fba890;MpKsla7fba890;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\MpKsla7fba890.sys [2012-06-01 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\WebDAV.AdminService.exe [2010-07-09 16016]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [2009-06-07 61440]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-07-29 399416]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-11-30 5120]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-01-23 6321016]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-01-23 470904]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-11-01 401408]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [2010-09-16 35040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 86367465
*NewlyCreated* - MPKSLA7FBA890
*Deregistered* - 86367465
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:53]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 19:30]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 19:30]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube to MP3 Converter - c:\users\Surfer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{27914077-B4D6-4A0E-9763-76B6E9DD9A81} - c:\program files\Buyertools Reminder\ReminderIE.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\jye9hvyp.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Surfer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Surfer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Surfer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Fences - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-Netzmanager - c:\programdata\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}\Netzmanager1.070.0305_111110b.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-{43B74FAB-FB58-447D-8D3A-5F638AF36FD1} - c:\programdata\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}\Netzmanager1.070.0305_111110b.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\relog_ap.DLL
.
Zeit der Fertigstellung: 2012-06-02  21:31:57
ComboFix-quarantined-files.txt  2012-06-02 19:31
ComboFix2.txt  2011-04-01 13:00
.
Vor Suchlauf: 21 Verzeichnis(se), 67.806.941.184 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 67.601.440.768 Bytes frei
.
- - End Of File - - E5E24508663BAA75B1F641A62C3377EC
         
--- --- ---
PS: Schon wieder neue Mails als gelesen markiert, Fehlermeldungen in beiden Konten: "Papierkorb beschädigt, leeren?"
__________________

Geändert von ronze44 (02.06.2012 um 21:05 Uhr) Grund: Fehlermeldungen

Alt 03.06.2012, 12:54   #34
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.06.2012, 13:48   #35
ronze44
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Zwischenfrage, kann ich GMER und OSam auch ohne adminrechte im Standard-konto starten- dort kann ich MSE nicht ausschalten.


Alt 03.06.2012, 14:03   #36
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Nein ohne Adminrechte geht das nicht
__________________
--> Mail Account gehackt? Was ist tokenserver?

Alt 03.06.2012, 15:48   #37
ronze44
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Arne, ich weiß nicht, ob alles richtig war.
habe während der scans im Admin Konto versehentlich vergessen, FF im Standard Konto zu schließen.

GMER scannte, auf T (die RAM Disk) scannte er einen Windows Ordner, der dort aber nicht vorhanden ist (?). Nachdem auf T erneut dasselbe gescannt wurde, habe ich STOP probiert. Danach Absturz beim sichern...also kein Ergebnis

Ständig "blockierte Ereignisse" , ist wohl die Windows FW

OSAM sendete files ins Netz, etwa Tablet driver, danach Fenster offen(?) Hat er so schnell gescannt? Ich hab wohl was falsch gemacht.

Papierkorb beschädigt...

Nun muss ich etvtl . alles nochmal machen, doch hier die Logs, die ich momentan habe:

Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:04:51 on 03.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PLWMidiMap.cpl" - "Putzlowitsch" - C:\Windows\system32\PLWMidiMap.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Bamboo" - ? - C:\Program Files\Tablet\Pen\Consumer_CPL.exe  (File not found)
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"Wacom Tablett" - "Wacom Technology, Corp." - C:\Program Files\Tablet\Wacom\Professional_CPL.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\Windows\System32\drivers\aspi32.sys
"aswMBR" (aswMBR) - ? - C:\Users\Surfer\AppData\Local\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\Users\Surfer\AppData\Local\Temp\catchme.sys  (File not found)
"cbfs3" (cbfs3) - "EldoS Corporation" - C:\Windows\system32\drivers\cbfs3.sys
"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"kgldipod" (kgldipod) - ? - C:\Users\Surfer\AppData\Local\Temp\kgldipod.sys  (Hidden registry entry, rootkit activity | File not found)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsl7421232e" (MpKsl7421232e) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6F3380A-5697-496F-B20A-5504998E0611}\MpKsl7421232e.sys
"Pen Class" (PenClass) - "Wacom Technology Corporation" - C:\Windows\System32\Drivers\PenClass.sys
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"Ramdisk Driver" (RRamdisk) - "gavotte" - C:\Windows\System32\DRIVERS\rramdisk.sys
"Seagate DiscWizard FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"Seagate DiscWizard Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynasUSB.sys
"Telekom Netzmanager Packet Filter Driver" (TelekomNM3) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
"TerraTec H7 service" (UDST7000BDA) - "TerraTec Electronic GmbH." - C:\Windows\System32\DRIVERS\TerraTecUsbBda.sys
"TerraTec H7/S7 HID service" (UDST7000HID) - "TerraTec Electronic GmbH." - C:\Windows\System32\DRIVERS\TerraTecUsbHid.sys
"TVICPORT" (TVicPort) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\TVICPORT.SYS
"Virtual Keyboard Driver" (WacomVKHid) - ? - C:\Windows\System32\DRIVERS\WacomVKHid.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{1984DD45-52CF-49cd-AB77-18F378FEA264} "FencesShlExt Class" - "Stardock" - C:\Program Files\Stardock\Fences\FencesMenu.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt Class" - "Stardock" - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - ? -   (File not found | COM-object registry key not found)
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - ? -   (File not found | COM-object registry key not found)
{5D607245-F832-4faa-9C92-895B7E06CFCF} "ArtRage Painting Thumbnail Handler" - "Ambient Design Ltd" - C:\Program Files\Ambient Design\ArtRage Studio Pro\AR3Thumb.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\shellext.dll
{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} "Fast Explorer Shell Extension" - "Alex Yakovlev" - C:\ProgramData\AllDup\FEShlExt.dll
{1984DD45-52CF-49cd-AB77-18F378FEA264} "FencesShlExt Class" - "Stardock" - C:\Program Files\Stardock\Fences\FencesMenu.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt Class" - "Stardock" - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "PhotoToysClone" - "Brice Lambson" - C:\Program Files\Brice Lambson\PhotoToysClone\PhotoToysClone.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -   (File not found | COM-object registry key not found)
{0420B051-ECD8-4B18-9037-8739B4B6469F} "WebDavContextMenu Class" - "Deutsche Telekom AG" - C:\Windows\system32\WebDAV.ShellExtension.dll
{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262} "WebDavOverlayUpload Class" - "Deutsche Telekom AG" - C:\Windows\system32\WebDAV.ShellExtension.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? -   (File not found | COM-object registry key not found)
{1984DD45-52CF-49cd-AB77-18F378FEA264} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984DD45-52CF-49cd-AB77-18F378FEA264} {000214e8-0000-0000-c000-000000000046} 0x401" - ? -   (File not found | COM-object registry key not found)
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"Buyertools Reminder" - ? - C:\Program Files\Buyertools Reminder\ReminderIE.exe  (File found, but it contains no detailed information)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{2B171655-A69C-5c18-B693-6CB5DC269D41} "FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{7C7A8947-5935-4430-AC0E-E7D04697414E} "Buyertools" - ? - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL  (File found, but it contains no detailed information)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{2B171655-A69C-5c18-B693-6CB5DC269D44} "Open FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\Windows\system32\relog_ap.dll
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Netzmanager.lnk" - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\netzmanager.exe  (Shortcut exists | File exists)
"Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Buyertools Reminder" - "Buyertools Ltd." - "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ACFanControl" - "troubadix" - C:\Program Files\ACFanControl\ACFanControl.exe
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"OMEA" - "Ours Technology Inc." - C:\Program Files\GO! Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Windows7FirewallControl" - "Sphinx Software" - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Virtual Network Shares CallbackFS v3" - "EldoS Corporation" - C:\Windows\System32\CbFsNetRdr3.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"SSA1M Langmon" - ? - C:\Windows\system32\ssa1ml3.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\NisSrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Acronis Try And Decide Service" (TryAndDecideService) - ? - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe  (File found, but it contains no detailed information)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Mediencenter Service" (MCSWASVR) - "Deutsche Telekom AG" - C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\MsMpEng.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Nalpeiron Licensing Service" (nlsX86cc) - "Nalpeiron Ltd." - C:\Windows\system32\NlsSrv32.exe
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe
"ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files\ShadowExplorer\sesvc.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"TabletServiceWacom" (TabletServiceWacom) - "Wacom Technology, Corp." - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
"Wacom Professional Touch Service" (TouchServiceWacom) - "Wacom Technology, Corp." - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows7FirewallService" (Windows7FirewallService) - "Sphinx Software" - C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 16:07:32
-----------------------------
16:07:32.262    OS Version: Windows 6.1.7601 Service Pack 1
16:07:32.262    Number of processors: 2 586 0x170A
16:07:32.264    ComputerName: TOBI-PC  UserName: Surfer
16:07:32.724    Initialize success
16:09:15.931    AVAST engine defs: 12060300
16:09:32.476    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:09:32.484    Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
16:09:32.887    Disk 0 MBR read successfully
16:09:32.891    Disk 0 MBR scan
16:09:32.897    Disk 0 Windows 7 default MBR code
16:09:33.115    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        11264 MB offset 2048
16:09:33.197    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       113599 MB offset 23070726
16:09:33.230    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       113605 MB offset 255731712
16:09:33.246    Disk 0 scanning sectors +488394752
16:09:33.648    Disk 0 scanning C:\Windows\system32\drivers
16:10:29.825    Service scanning
16:10:43.788    Service MpKsl7421232e C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6F3380A-5697-496F-B20A-5504998E0611}\MpKsl7421232e.sys **LOCKED** 32
16:11:04.990    Modules scanning
16:11:33.680    Disk 0 trace - called modules:
16:11:33.721    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys 
16:11:33.728    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ae7030]
16:11:33.735    3 CLASSPNP.SYS[8baa159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d33908]
16:11:34.358    AVAST engine scan C:\Windows
16:11:41.387    AVAST engine scan C:\Windows\system32
16:31:30.186    AVAST engine scan C:\Windows\system32\drivers
16:32:06.103    AVAST engine scan C:\Users\Surfer
16:32:41.656    AVAST engine scan C:\ProgramData
16:34:42.515    Scan finished successfully
16:35:25.787    Disk 0 MBR has been saved successfully to "C:\Users\tobi\Desktop\MBR.dat"
16:35:25.797    The log file has been saved successfully to "C:\Users\tobi\Desktop\aswMBR.txt"
         

Alt 03.06.2012, 16:49   #38
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Zitat:
GMER scannte, auf T (die RAM Disk)
Wieso erstellst du dir auch eine RAM-Disk, was soll das bringen? Du nimmst damit eine Menge neuer Probleme in Kauf und das bei einem winzigen Geschwindigkeitsvorteil
Zumindest wenn die RAMdisk nur dafür nutzen will, um die TEMP-Pfade dahin zu legen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.06.2012, 19:34   #39
ronze44
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Habe den Temp ja umgestellt, nur noch nicht auf der RAM Disk gelöscht.
Löschen kann ich ja nicht, wegen Papierkorb.
Sind die Logs brauchbar?

Alt 03.06.2012, 20:59   #40
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Zitat:
nur noch nicht auf der RAM Disk gelöscht.
Anscheinend hast du auch nicht verstanden was ein flüchtiger Speicher ist
Warum genau hast du dir eine RAMdisk erstellst?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.06.2012, 23:04   #41
ronze44
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Zitat:
Zitat von cosinus Beitrag anzeigen
Anscheinend hast du auch nicht verstanden was ein flüchtiger Speicher ist
Warum genau hast du dir eine RAMdisk erstellst?
schon, nur hatte ich eben andere Sorgen und dachte nicht über RAM Disk nach, hab sie nur aus Jux und Dollerei.
Kann man eine Aussage treffen über den momentanen Sicherheits- Zustand, oder soll ich nochmal scannen?

Alt 04.06.2012, 12:40   #42
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Nimm die RAMDisk wieder weg und leg die TEMP-Pfade falls verschoben wieder auf die richtigen (ursprünglichen) Bereiche
Probier dann GMER bitte nochmal

Ich weiß nicht ob die RAM-Disk wirklich so von Vorteil ist, hab da so meine Zweifel. Naja aber ausprobieren kann man mal. Ich hab deswegen meine Zweifel, weil ich doch manchen Programme nicht traue, und die doch nicht irgendeine Datei abgreifen will die in TMP legt. Da der RAM aber ein flüchtiger Speicher ist,ist diese RAMDisk logischerweise spätestens beim nächsten Neustart wieder leer.

http://www.piksa.info/blog/2008/08/0...-wem-es-nutzt/
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.06.2012, 12:45   #43
ronze44
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



die hatte ich doch längst umgestellt!!!
Bitte, aber das war doch vor Tagen schon erledigt, versteh ich nicht.
Ach so, ich soll sie komplett vom System nehmen... da muss ich erst sehen, wie man das macht, das weiß ich nämlich nicht.

Alt 04.06.2012, 16:13   #44
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



Dann lass die RAMdisk da und mach die PFade zu TEMP wieder richtig oder ist das jetzt erledigt?

Warum frag ich nach?! Wegen dieser Meldung!

Zitat:
GMER scannte, auf T (die RAM Disk)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.06.2012, 23:17   #45
ronze44
 
Mail Account gehackt? Was ist tokenserver? - Standard

Mail Account gehackt? Was ist tokenserver?



wie ich meinte , ich hab die Temp Pfade längst umgestellt.
Diese Papierkorb-Beschädigung hängt wohl mit dem Umstellen zusammen. Keine Lösung in Sicht.

Im GMER hatte ich bloß bei /:T halt noch den Haken gesetzt.
Seit heut morgen läuft GMER nun durch, (nur /:C) er ist grad bei files-Buchstabe C - das dauert wohl noch Tage. Hätte den Haken bei files weg machen sollen. Gehe mit dem auch nicht ins Netz während er scannt. Hoffentlich stürtzt er nicht ab. Muss ich dann SAFE klicken und als Text speichern, richtig?

Antwort

Themen zu Mail Account gehackt? Was ist tokenserver?
account, anderes, angriffe, anzahl, bereits, bild, eintrag, entdeck, entdeckt, firefox, gehackt, gmx, grund, https, ide, kontakt, mail, mails, markiert, nichts, private, server, speicher, stelle, würde




Ähnliche Themen: Mail Account gehackt? Was ist tokenserver?


  1. E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 28.10.2015 (57)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. E-Mail Account gehackt - Rechner betroffen?
    Log-Analyse und Auswertung - 24.06.2014 (5)
  4. Email Account gehackt? Mail Delivery
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (24)
  5. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  6. E-Mail-Account auf Mac gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (5)
  7. Mail account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (11)
  8. E-Mail Account gehackt? mailer-daemon@gmx.de
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (17)
  9. AOL E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 08.07.2013 (23)
  10. Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (23)
  11. Gmx Mail Account gehackt? Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (38)
  12. Amazon + E-mail account gehackt
    Log-Analyse und Auswertung - 26.02.2013 (13)
  13. E- Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (82)
  14. AOL E-Mail Account gehackt? Nr. 2
    Überwachung, Datenschutz und Spam - 14.02.2012 (0)
  15. In Yahoo Mail Account gehackt
    Log-Analyse und Auswertung - 18.01.2012 (18)
  16. E-Mail Account gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (28)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema Mail Account gehackt? Was ist tokenserver? - SE kann ich nicht mehr ausschalten, auch als Admin nicht. TDSS Killer: Er scannt nicht, stattdessen steht da NO THREADS FOUND und im Log steht gar nix. Hab ich was - Mail Account gehackt? Was ist tokenserver?...
Archiv
Du betrachtest: Mail Account gehackt? Was ist tokenserver? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.