Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein

ambit01 · 02.06.2012, 16:54

Benötige VPN nur um RDP zu benutzen. Ist sicher auch so nicht ganz ungefährlich.

Habe mehrere Versuche unternommen OTL auszuführen. Es scheitert immer an den MD5-Funktionalitäten.

Mal sehen ob Du 'mirres' weiterhelfen kannst. System neu aufsetzen kommt nur als letztes Mittel in Frage.

Danke,
Adrian

cosinus · 02.06.2012, 19:40

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3339107563-512239636-558935408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\Shell - "" = AutoRun
O33 - MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\Shell - "" = AutoRun
O33 - MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Win-Azure.pdf
[2012.05.22 23:06:17 | 000,042,625 | ---- | M] () -- C:\Windows\SysWow64\6.skb
[2012.05.22 23:01:15 | 000,037,681 | ---- | M] () -- C:\Windows\SysWow64\5.skb
[2012.05.22 22:56:10 | 000,019,378 | ---- | M] () -- C:\Windows\SysWow64\4.skb
[2012.05.22 00:15:22 | 000,030,779 | ---- | M] () -- C:\Windows\SysWow64\3.skb
[2012.05.22 00:08:58 | 000,028,544 | ---- | M] () -- C:\Windows\SysWow64\2.skb
[2012.05.22 00:03:10 | 000,028,708 | ---- | M] () -- C:\Windows\SysWow64\1.skb
[2012.05.21 23:58:06 | 000,010,740 | ---- | M] () -- C:\Windows\SysWow64\0.skb
[2012.04.25 09:17:32 | 000,000,000 | ---D | M] -- C:\Users\***** *****\AppData\Roaming\Ybxow
[2012.05.02 21:28:14 | 000,000,000 | ---D | M] -- C:\Users\***** *****\AppData\Roaming\Zaux
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:0574215C
:Files
C:\acroldr
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ambit01 · 02.06.2012, 21:12

Ohhhh! Das Script hat mächtig aufgeräumt. Es ist einiges Weg :-/ Passwörter, Links ....

... aber die Malware scheint auch weg zu sein!? Hurra!

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "Freeware.de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3339107563-512239636-558935408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Win-Azure.pdf not found.
C:\Windows\SysWOW64\6.skb moved successfully.
C:\Windows\SysWOW64\5.skb moved successfully.
C:\Windows\SysWOW64\4.skb moved successfully.
C:\Windows\SysWOW64\3.skb moved successfully.
C:\Windows\SysWOW64\2.skb moved successfully.
C:\Windows\SysWOW64\1.skb moved successfully.
C:\Windows\SysWOW64\0.skb moved successfully.
C:\Users\Adrian *****\AppData\Roaming\Ybxow folder moved successfully.
C:\Users\Adrian *****\AppData\Roaming\Zaux folder moved successfully.
ADS C:\ProgramData\TEMP:0574215C deleted successfully.
========== FILES ==========
C:\acroldr folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: a0273787
 
User: Adrian *****
->Temp folder emptied: 450042058 bytes
->Temporary Internet Files folder emptied: 10330105250 bytes
->Java cache emptied: 350210 bytes
->FireFox cache emptied: 173081321 bytes
->Flash cache emptied: 176211 bytes
 
User: All Users
 
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 290628896 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 638 bytes
RecycleBin emptied: 2285984038 bytes
 
Total Files Cleaned = 12'904.00 mb
 
 
[EMPTYFLASH]
 
User: a0273787
 
User: Adrian *****
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Classic .NET AppPool
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 06022012_220206

Files\Folders moved on Reboot...
C:\Users\Adrian *****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Ohhhh! Das Problem scheint tatsächlich gelöst zu sein. Unglaublich. Über 10 verschiedene professionelle Tolls haben nicht geholfen. Nun hat OTL dank Arne kräftig aufgeräumt und die lästige Werbung ist weg.

Bravo!

Melde mich morgen nochmals, mit der abschliessenden Bestätigung.

Danke,
Adrian

Ok! Die lästige Werbung ist weg. Super!

Nach dem Aufräumen konnte ich auf einige Verzeichnisse und Ordner nicht mehr zugreifen. Sie waren im Besitz eines unbekannten Benutzers. Es war jedoch viel einfacher den Besitz wieder zu übernehmen, als das ganze System neu aufzusetzen. Nur zur Info für Euch, falls andere ähnlich Fälle auftreten.

Vielen Dank,
Adrian

cosinus · 03.06.2012, 12:58

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

ambit01 · 03.06.2012, 13:15

Done:

Code:

ATTFilter

14:09:59.0305 5172	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:09:59.0367 5172	============================================================
14:09:59.0367 5172	Current date / time: 2012/06/03 14:09:59.0367
14:09:59.0367 5172	SystemInfo:
14:09:59.0367 5172	
14:09:59.0367 5172	OS Version: 6.1.7601 ServicePack: 1.0
14:09:59.0367 5172	Product type: Workstation
14:09:59.0367 5172	ComputerName: MY-PC
14:09:59.0367 5172	UserName: Adrian *****
14:09:59.0367 5172	Windows directory: C:\Windows
14:09:59.0367 5172	System windows directory: C:\Windows
14:09:59.0367 5172	Running under WOW64
14:09:59.0367 5172	Processor architecture: Intel x64
14:09:59.0367 5172	Number of processors: 12
14:09:59.0367 5172	Page size: 0x1000
14:09:59.0367 5172	Boot type: Normal boot
14:09:59.0367 5172	============================================================
14:09:59.0539 5172	Drive \Device\Harddisk0\DR0 - Size: 0x37E6380000 (223.60 Gb), SectorSize: 0x200, Cylinders: 0x7204, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
14:09:59.0539 5172	Drive \Device\Harddisk2\DR2 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:59.0539 5172	Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:59.0570 5172	============================================================
14:09:59.0570 5172	\Device\Harddisk0\DR0:
14:09:59.0570 5172	MBR partitions:
14:09:59.0570 5172	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF30800
14:09:59.0570 5172	\Device\Harddisk2\DR2:
14:09:59.0570 5172	MBR partitions:
14:09:59.0570 5172	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23000
14:09:59.0570 5172	\Device\Harddisk1\DR1:
14:09:59.0570 5172	MBR partitions:
14:09:59.0570 5172	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:09:59.0570 5172	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0800
14:09:59.0570 5172	============================================================
14:09:59.0570 5172	C: <-> \Device\Harddisk1\DR1\Partition1
14:09:59.0570 5172	F: <-> \Device\Harddisk2\DR2\Partition0
14:09:59.0570 5172	G: <-> \Device\Harddisk0\DR0\Partition0
14:09:59.0570 5172	============================================================
14:09:59.0570 5172	Initialize success
14:09:59.0570 5172	============================================================
14:11:17.0103 1948	============================================================
14:11:17.0103 1948	Scan started
14:11:17.0103 1948	Mode: Manual; SigCheck; TDLFS; 
14:11:17.0103 1948	============================================================
14:11:17.0415 1948	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:11:17.0446 1948	1394ohci - ok
14:11:17.0477 1948	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:11:17.0477 1948	ACPI - ok
14:11:17.0477 1948	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:11:17.0509 1948	AcpiPmi - ok
14:11:17.0555 1948	AcrSch2Svc      (7af09e7db9e7f1c0689b22a183e46e42) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
14:11:17.0571 1948	AcrSch2Svc - ok
14:11:17.0587 1948	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:11:17.0587 1948	AdobeARMservice - ok
14:11:17.0602 1948	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:17.0618 1948	AdobeFlashPlayerUpdateSvc - ok
14:11:17.0649 1948	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:11:17.0649 1948	adp94xx - ok
14:11:17.0665 1948	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:11:17.0665 1948	adpahci - ok
14:11:17.0680 1948	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:11:17.0680 1948	adpu320 - ok
14:11:17.0680 1948	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:11:17.0711 1948	AeLookupSvc - ok
14:11:17.0711 1948	afcdp           (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys
14:11:17.0727 1948	afcdp - ok
14:11:17.0805 1948	afcdpsrv        (a07f038b7a28c439accda9cc46eb999f) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
14:11:17.0836 1948	afcdpsrv - ok
14:11:17.0867 1948	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:11:17.0883 1948	AFD - ok
14:11:17.0883 1948	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:11:17.0899 1948	agp440 - ok
14:11:17.0899 1948	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:11:17.0899 1948	ALG - ok
14:11:17.0899 1948	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:11:17.0914 1948	aliide - ok
14:11:17.0914 1948	AMD External Events Utility (812349d328eb406815183a5d17b49e7c) C:\Windows\system32\atiesrxx.exe
14:11:17.0930 1948	AMD External Events Utility - ok
14:11:17.0930 1948	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:11:17.0945 1948	amdide - ok
14:11:17.0945 1948	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:11:17.0945 1948	AmdK8 - ok
14:11:18.0148 1948	amdkmdag        (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
14:11:18.0257 1948	amdkmdag - ok
14:11:18.0289 1948	amdkmdap        (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
14:11:18.0304 1948	amdkmdap - ok
14:11:18.0304 1948	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:11:18.0304 1948	AmdPPM - ok
14:11:18.0304 1948	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:11:18.0320 1948	amdsata - ok
14:11:18.0320 1948	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:11:18.0335 1948	amdsbs - ok
14:11:18.0335 1948	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:11:18.0335 1948	amdxata - ok
14:11:18.0335 1948	AnyDVD          (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys
14:11:18.0351 1948	AnyDVD - ok
14:11:18.0351 1948	AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
14:11:18.0351 1948	AppHostSvc - ok
14:11:18.0367 1948	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:11:18.0382 1948	AppID - ok
14:11:18.0382 1948	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:11:18.0398 1948	AppIDSvc - ok
14:11:18.0398 1948	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:11:18.0413 1948	Appinfo - ok
14:11:18.0429 1948	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:11:18.0445 1948	AppMgmt - ok
14:11:18.0445 1948	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:11:18.0460 1948	arc - ok
14:11:18.0476 1948	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:11:18.0491 1948	arcsas - ok
14:11:18.0507 1948	ArcSec          (a7409b5c0e35ddee64f16f3054e5530b) C:\Windows\system32\drivers\ArcSec.sys
14:11:18.0523 1948	ArcSec - ok
14:11:18.0523 1948	asahci64        (d7989234601a2de9a1801f4ed9533b6e) C:\Windows\system32\DRIVERS\asahci64.sys
14:11:18.0523 1948	asahci64 - ok
14:11:18.0585 1948	asComSvc        (fbddf3593b218d4fb73564b74817eeaa) C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe
14:11:18.0601 1948	asComSvc - ok
14:11:18.0632 1948	asHmComSvc      (3b52ca3643113058ed95097cba4ae469) C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe
14:11:18.0647 1948	asHmComSvc - ok
14:11:18.0679 1948	AsIO            (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
14:11:18.0694 1948	AsIO - ok
14:11:18.0725 1948	asmthub3        (6d9c024aa8f24065a6dbeab1f431d854) C:\Windows\system32\DRIVERS\asmthub3.sys
14:11:18.0725 1948	asmthub3 - ok
14:11:18.0741 1948	asmtxhci        (ecad22f15d8f17cc04f24e9a6fb00f2f) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:11:18.0741 1948	asmtxhci - ok
14:11:18.0757 1948	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:11:18.0757 1948	aspnet_state - ok
14:11:18.0772 1948	AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
14:11:18.0788 1948	AsSysCtrlService - ok
14:11:18.0803 1948	AsUpIO          (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
14:11:18.0803 1948	AsUpIO - ok
14:11:18.0835 1948	AsusFanControlService (9ad4e6b30045230eab43c5582accea99) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.08\AsusFanControlService.exe
14:11:18.0850 1948	AsusFanControlService - ok
14:11:18.0850 1948	ASUSFILTER      (a5e4cdb420540095d1293c874b5f89aa) C:\Windows\syswow64\drivers\ASUSFILTER.sys
14:11:18.0866 1948	ASUSFILTER - ok
14:11:18.0881 1948	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:18.0897 1948	AsyncMac - ok
14:11:18.0897 1948	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:11:18.0897 1948	atapi - ok
14:11:18.0913 1948	AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
14:11:18.0913 1948	AtiHDAudioService - ok
14:11:18.0928 1948	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:11:18.0959 1948	AudioEndpointBuilder - ok
14:11:18.0959 1948	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:11:18.0975 1948	AudioSrv - ok
14:11:18.0991 1948	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:11:19.0006 1948	AxInstSV - ok
14:11:19.0006 1948	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:11:19.0022 1948	b06bdrv - ok
14:11:19.0037 1948	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:11:19.0037 1948	b57nd60a - ok
14:11:19.0037 1948	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:11:19.0053 1948	BDESVC - ok
14:11:19.0053 1948	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:11:19.0069 1948	Beep - ok
14:11:19.0084 1948	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:11:19.0115 1948	BFE - ok
14:11:19.0131 1948	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:11:19.0162 1948	BITS - ok
14:11:19.0178 1948	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:11:19.0178 1948	blbdrive - ok
14:11:19.0178 1948	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:11:19.0193 1948	bowser - ok
14:11:19.0193 1948	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:11:19.0209 1948	BrFiltLo - ok
14:11:19.0209 1948	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:11:19.0209 1948	BrFiltUp - ok
14:11:19.0225 1948	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:11:19.0240 1948	Browser - ok
14:11:19.0240 1948	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:11:19.0256 1948	Brserid - ok
14:11:19.0256 1948	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:11:19.0271 1948	BrSerWdm - ok
14:11:19.0271 1948	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:11:19.0271 1948	BrUsbMdm - ok
14:11:19.0271 1948	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:11:19.0287 1948	BrUsbSer - ok
14:11:19.0287 1948	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:11:19.0287 1948	BTHMODEM - ok
14:11:19.0303 1948	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:11:19.0318 1948	bthserv - ok
14:11:19.0318 1948	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:11:19.0334 1948	cdfs - ok
14:11:19.0334 1948	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:11:19.0349 1948	cdrom - ok
14:11:19.0349 1948	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:11:19.0365 1948	CertPropSvc - ok
14:11:19.0381 1948	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:11:19.0381 1948	circlass - ok
14:11:19.0396 1948	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:11:19.0396 1948	CLFS - ok
14:11:19.0396 1948	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:19.0412 1948	clr_optimization_v2.0.50727_32 - ok
14:11:19.0412 1948	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:11:19.0412 1948	clr_optimization_v2.0.50727_64 - ok
14:11:19.0427 1948	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:19.0427 1948	clr_optimization_v4.0.30319_32 - ok
14:11:19.0443 1948	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:11:19.0443 1948	clr_optimization_v4.0.30319_64 - ok
14:11:19.0443 1948	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:11:19.0459 1948	CmBatt - ok
14:11:19.0474 1948	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:11:19.0474 1948	cmdide - ok
14:11:19.0505 1948	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:11:19.0521 1948	CNG - ok
14:11:19.0537 1948	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:11:19.0537 1948	Compbatt - ok
14:11:19.0537 1948	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:11:19.0552 1948	CompositeBus - ok
14:11:19.0552 1948	COMSysApp - ok
14:11:19.0552 1948	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:11:19.0568 1948	crcdisk - ok
14:11:19.0583 1948	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:11:19.0599 1948	CryptSvc - ok
14:11:19.0615 1948	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:11:19.0630 1948	CSC - ok
14:11:19.0646 1948	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:11:19.0661 1948	CscService - ok
14:11:19.0661 1948	DAZContentManagementService (958ef96991abccfdac0953c4a24081dc) C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
14:11:19.0661 1948	DAZContentManagementService ( UnsignedFile.Multi.Generic ) - warning
14:11:19.0661 1948	DAZContentManagementService - detected UnsignedFile.Multi.Generic (1)
14:11:19.0661 1948	dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:11:19.0677 1948	dc3d - ok
14:11:19.0693 1948	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:11:19.0708 1948	DcomLaunch - ok
14:11:19.0708 1948	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:11:19.0739 1948	defragsvc - ok
14:11:19.0739 1948	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:11:19.0755 1948	DfsC - ok
14:11:19.0755 1948	dgderdrv - ok
14:11:19.0771 1948	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:11:19.0786 1948	Dhcp - ok
14:11:19.0786 1948	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:11:19.0817 1948	discache - ok
14:11:19.0817 1948	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:11:19.0817 1948	Disk - ok
14:11:19.0817 1948	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:11:19.0833 1948	Dnscache - ok
14:11:19.0833 1948	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:11:19.0864 1948	dot3svc - ok
14:11:19.0864 1948	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:11:19.0880 1948	DPS - ok
14:11:19.0880 1948	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:11:19.0895 1948	drmkaud - ok
14:11:19.0911 1948	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:11:19.0927 1948	DXGKrnl - ok
14:11:19.0927 1948	e1cexpress      (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys
14:11:19.0942 1948	e1cexpress - ok
14:11:19.0942 1948	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:11:19.0958 1948	EapHost - ok
14:11:20.0020 1948	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:11:20.0067 1948	ebdrv - ok
14:11:20.0083 1948	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:11:20.0083 1948	EFS - ok
14:11:20.0098 1948	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:11:20.0114 1948	ehRecvr - ok
14:11:20.0129 1948	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:11:20.0129 1948	ehSched - ok
14:11:20.0129 1948	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:11:20.0145 1948	ElbyCDIO - ok
14:11:20.0145 1948	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:11:20.0161 1948	elxstor - ok
14:11:20.0161 1948	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:11:20.0176 1948	ErrDev - ok
14:11:20.0176 1948	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:11:20.0207 1948	EventSystem - ok
14:11:20.0207 1948	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:11:20.0223 1948	exfat - ok
14:11:20.0223 1948	Fabs - ok
14:11:20.0239 1948	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:11:20.0254 1948	fastfat - ok
14:11:20.0270 1948	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:11:20.0285 1948	Fax - ok
14:11:20.0285 1948	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:11:20.0285 1948	fdc - ok
14:11:20.0301 1948	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:11:20.0317 1948	fdPHost - ok
14:11:20.0317 1948	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:11:20.0332 1948	FDResPub - ok
14:11:20.0332 1948	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:11:20.0348 1948	FileInfo - ok
14:11:20.0348 1948	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:11:20.0363 1948	Filetrace - ok
14:11:20.0410 1948	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:11:20.0441 1948	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:11:20.0441 1948	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:11:20.0457 1948	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:20.0473 1948	flpydisk - ok
14:11:20.0551 1948	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:11:20.0566 1948	FltMgr - ok
14:11:20.0566 1948	fltsrv          (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys
14:11:20.0582 1948	fltsrv - ok
14:11:20.0707 1948	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:11:20.0738 1948	FontCache - ok
14:11:20.0753 1948	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:11:20.0753 1948	FontCache3.0.0.0 - ok
14:11:20.0785 1948	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:11:20.0800 1948	FsDepends - ok
14:11:20.0800 1948	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:11:20.0800 1948	Fs_Rec - ok
14:11:20.0816 1948	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:11:20.0816 1948	fvevol - ok
14:11:20.0831 1948	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:11:20.0831 1948	gagp30kx - ok
14:11:20.0831 1948	gpslc64         (4dc6018ba975a1e4ac2121f0bd1ea894) C:\Windows\system32\Drivers\gpslc64.sys
14:11:20.0831 1948	gpslc64 - ok
14:11:20.0863 1948	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:11:20.0894 1948	gpsvc - ok
14:11:20.0894 1948	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:11:20.0909 1948	hcw85cir - ok
14:11:20.0909 1948	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:11:20.0925 1948	HdAudAddService - ok
14:11:20.0925 1948	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:11:20.0941 1948	HDAudBus - ok
14:11:20.0941 1948	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:11:20.0941 1948	HidBatt - ok
14:11:20.0941 1948	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:11:20.0956 1948	HidBth - ok
14:11:20.0956 1948	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:11:20.0956 1948	HidIr - ok
14:11:20.0956 1948	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:11:20.0987 1948	hidserv - ok
14:11:20.0987 1948	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:11:20.0987 1948	HidUsb - ok
14:11:20.0987 1948	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:11:21.0019 1948	hkmsvc - ok
14:11:21.0019 1948	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:11:21.0019 1948	HomeGroupListener - ok
14:11:21.0034 1948	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:11:21.0034 1948	HomeGroupProvider - ok
14:11:21.0034 1948	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:11:21.0050 1948	HpSAMD - ok
14:11:21.0065 1948	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:11:21.0081 1948	HTTP - ok
14:11:21.0097 1948	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:11:21.0097 1948	hwpolicy - ok
14:11:21.0097 1948	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:11:21.0112 1948	i8042prt - ok
14:11:21.0112 1948	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:11:21.0128 1948	iaStorV - ok
14:11:21.0128 1948	ICCWDT          (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
14:11:21.0128 1948	ICCWDT - ok
14:11:21.0143 1948	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:11:21.0159 1948	idsvc - ok
14:11:21.0159 1948	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:11:21.0175 1948	iirsp - ok
14:11:21.0190 1948	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:11:21.0221 1948	IKEEXT - ok
14:11:21.0284 1948	IntcAzAudAddService (254faae42afc641c0be628de123ea9de) C:\Windows\system32\drivers\RTKVHD64.sys
14:11:21.0315 1948	IntcAzAudAddService - ok
14:11:21.0331 1948	Intel(R) PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe
14:11:21.0331 1948	Intel(R) PROSet Monitoring Service - ok
14:11:21.0346 1948	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:11:21.0346 1948	intelide - ok
14:11:21.0346 1948	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:11:21.0346 1948	intelppm - ok
14:11:21.0362 1948	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:11:21.0377 1948	IPBusEnum - ok
14:11:21.0377 1948	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:21.0393 1948	IpFilterDriver - ok
14:11:21.0409 1948	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:11:21.0440 1948	iphlpsvc - ok
14:11:21.0440 1948	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:11:21.0440 1948	IPMIDRV - ok
14:11:21.0440 1948	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:11:21.0471 1948	IPNAT - ok
14:11:21.0471 1948	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:11:21.0487 1948	IRENUM - ok
14:11:21.0487 1948	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:11:21.0487 1948	isapnp - ok
14:11:21.0502 1948	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys
14:11:21.0518 1948	iScsiPrt - ok
14:11:21.0549 1948	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:11:21.0549 1948	kbdclass - ok
14:11:21.0549 1948	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:11:21.0549 1948	kbdhid - ok
14:11:21.0565 1948	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:21.0565 1948	KeyIso - ok
14:11:21.0565 1948	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:11:21.0580 1948	KSecDD - ok
14:11:21.0580 1948	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:11:21.0580 1948	KSecPkg - ok
14:11:21.0611 1948	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:11:21.0627 1948	ksthunk - ok
14:11:21.0643 1948	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:11:21.0658 1948	KtmRm - ok
14:11:21.0674 1948	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:11:21.0689 1948	LanmanServer - ok
14:11:21.0689 1948	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:11:21.0705 1948	LanmanWorkstation - ok
14:11:21.0721 1948	libusb0         (02538e602280c07438c94489dcbe77d5) C:\Windows\system32\DRIVERS\libusb0.sys
14:11:21.0721 1948	libusb0 - ok
14:11:21.0721 1948	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:11:21.0736 1948	lltdio - ok
14:11:21.0752 1948	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:11:21.0767 1948	lltdsvc - ok
14:11:21.0767 1948	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:11:21.0799 1948	lmhosts - ok
14:11:21.0799 1948	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:11:21.0799 1948	LSI_FC - ok
14:11:21.0814 1948	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:11:21.0814 1948	LSI_SAS - ok
14:11:21.0814 1948	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:11:21.0814 1948	LSI_SAS2 - ok
14:11:21.0830 1948	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:11:21.0830 1948	LSI_SCSI - ok
14:11:21.0830 1948	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:11:21.0861 1948	luafv - ok
14:11:21.0861 1948	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:11:21.0861 1948	Mcx2Svc - ok
14:11:21.0861 1948	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:11:21.0877 1948	megasas - ok
14:11:21.0877 1948	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:11:21.0892 1948	MegaSR - ok
14:11:21.0892 1948	MEIx64          (e4dd818ef22bbbf4274af767a96d34c8) C:\Windows\system32\DRIVERS\HECIx64.sys
14:11:21.0892 1948	MEIx64 - ok
14:11:21.0892 1948	Microsoft SharePoint Workspace Audit Service - ok
14:11:21.0908 1948	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:11:21.0923 1948	MMCSS - ok
14:11:21.0923 1948	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:11:21.0939 1948	Modem - ok
14:11:21.0939 1948	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:11:21.0955 1948	monitor - ok
14:11:21.0955 1948	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:11:21.0955 1948	mouclass - ok
14:11:21.0955 1948	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:11:21.0970 1948	mouhid - ok
14:11:21.0970 1948	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:11:21.0970 1948	mountmgr - ok
14:11:21.0986 1948	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:11:21.0986 1948	MpFilter - ok
14:11:21.0986 1948	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:11:22.0001 1948	mpio - ok
14:11:22.0001 1948	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:11:22.0017 1948	mpsdrv - ok
14:11:22.0033 1948	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:11:22.0064 1948	MpsSvc - ok
14:11:22.0064 1948	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:11:22.0079 1948	MRxDAV - ok
14:11:22.0079 1948	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:22.0095 1948	mrxsmb - ok
14:11:22.0095 1948	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:22.0111 1948	mrxsmb10 - ok
14:11:22.0111 1948	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:22.0111 1948	mrxsmb20 - ok
14:11:22.0111 1948	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
14:11:22.0126 1948	msahci - ok
14:11:22.0126 1948	MsDepSvc        (aaac4b494de45836121a40aec980b631) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
14:11:22.0126 1948	MsDepSvc - ok
14:11:22.0126 1948	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:11:22.0142 1948	msdsm - ok
14:11:22.0142 1948	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:11:22.0157 1948	MSDTC - ok
14:11:22.0157 1948	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:11:22.0173 1948	Msfs - ok
14:11:22.0173 1948	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:11:22.0189 1948	mshidkmdf - ok
14:11:22.0189 1948	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:11:22.0204 1948	msisadrv - ok
14:11:22.0204 1948	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:11:22.0220 1948	MSiSCSI - ok
14:11:22.0220 1948	msiserver - ok
14:11:22.0220 1948	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:11:22.0251 1948	MSKSSRV - ok
14:11:22.0251 1948	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:11:22.0251 1948	MsMpSvc - ok
14:11:22.0251 1948	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:22.0267 1948	MSPCLOCK - ok
14:11:22.0282 1948	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:11:22.0298 1948	MSPQM - ok
14:11:22.0298 1948	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:11:22.0313 1948	MsRPC - ok
14:11:22.0313 1948	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:11:22.0313 1948	mssmbios - ok
14:11:22.0313 1948	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:11:22.0345 1948	MSTEE - ok
14:11:22.0345 1948	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:11:22.0345 1948	MTConfig - ok
14:11:22.0345 1948	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
14:11:22.0345 1948	MTsensor - ok
14:11:22.0360 1948	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:11:22.0360 1948	Mup - ok
14:11:22.0360 1948	mvs91xx         (97cca67fcdabb8441149f04b34abf510) C:\Windows\system32\DRIVERS\mvs91xx.sys
14:11:22.0376 1948	mvs91xx - ok
14:11:22.0376 1948	MySQL - ok
14:11:22.0376 1948	NAL             (2dff58e4821866027388570eb78e73ed) C:\Windows\system32\Drivers\iqvw64e.sys
14:11:22.0376 1948	NAL - ok
14:11:22.0391 1948	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:11:22.0423 1948	napagent - ok
14:11:22.0423 1948	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:11:22.0438 1948	NativeWifiP - ok
14:11:22.0454 1948	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:11:22.0469 1948	NDIS - ok
14:11:22.0469 1948	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:11:22.0501 1948	NdisCap - ok
14:11:22.0501 1948	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:22.0516 1948	NdisTapi - ok
14:11:22.0516 1948	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:22.0547 1948	Ndisuio - ok
14:11:22.0547 1948	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:22.0579 1948	NdisWan - ok
14:11:22.0594 1948	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:11:22.0610 1948	NDProxy - ok
14:11:22.0625 1948	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:11:22.0657 1948	NetBIOS - ok
14:11:22.0672 1948	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:11:22.0703 1948	NetBT - ok
14:11:22.0703 1948	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:22.0703 1948	Netlogon - ok
14:11:22.0719 1948	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:11:22.0735 1948	Netman - ok
14:11:22.0750 1948	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:22.0766 1948	NetMsmqActivator - ok
14:11:22.0766 1948	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:22.0766 1948	NetPipeActivator - ok
14:11:22.0781 1948	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:11:22.0813 1948	netprofm - ok
14:11:22.0813 1948	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:22.0813 1948	NetTcpActivator - ok
14:11:22.0813 1948	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:22.0813 1948	NetTcpPortSharing - ok
14:11:22.0828 1948	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:11:22.0828 1948	nfrd960 - ok
14:11:22.0828 1948	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:11:22.0844 1948	NisDrv - ok
14:11:22.0844 1948	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:11:22.0859 1948	NisSrv - ok
14:11:22.0859 1948	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:11:22.0875 1948	NlaSvc - ok
14:11:22.0891 1948	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:11:22.0906 1948	Npfs - ok
14:11:22.0906 1948	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:11:22.0922 1948	nsi - ok
14:11:22.0922 1948	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:11:22.0937 1948	nsiproxy - ok
14:11:22.0984 1948	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:11:23.0000 1948	Ntfs - ok
14:11:23.0015 1948	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:11:23.0047 1948	Null - ok
14:11:23.0047 1948	nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:11:23.0047 1948	nusb3hub - ok
14:11:23.0047 1948	nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:11:23.0062 1948	nusb3xhc - ok
14:11:23.0062 1948	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:11:23.0062 1948	nvraid - ok
14:11:23.0078 1948	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:11:23.0078 1948	nvstor - ok
14:11:23.0078 1948	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:11:23.0093 1948	nv_agp - ok
14:11:23.0093 1948	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:11:23.0093 1948	ohci1394 - ok
14:11:23.0109 1948	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:23.0109 1948	ose - ok
14:11:23.0203 1948	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:11:23.0265 1948	osppsvc - ok
14:11:23.0296 1948	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:11:23.0312 1948	p2pimsvc - ok
14:11:23.0312 1948	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:11:23.0327 1948	p2psvc - ok
14:11:23.0327 1948	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:11:23.0343 1948	Parport - ok
14:11:23.0343 1948	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:11:23.0343 1948	partmgr - ok
14:11:23.0359 1948	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:11:23.0359 1948	PcaSvc - ok
14:11:23.0359 1948	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:11:23.0374 1948	pci - ok
14:11:23.0374 1948	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:11:23.0374 1948	pciide - ok
14:11:23.0390 1948	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:11:23.0390 1948	pcmcia - ok
14:11:23.0390 1948	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:11:23.0405 1948	pcw - ok
14:11:23.0405 1948	PDFProFiltSrv   (7e6ff5e2efc174201cf8c47b8a853647) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
14:11:23.0421 1948	PDFProFiltSrv - ok
14:11:23.0421 1948	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:11:23.0452 1948	PEAUTH - ok
14:11:23.0483 1948	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:11:23.0499 1948	PeerDistSvc - ok
14:11:23.0764 1948	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:11:23.0764 1948	PerfHost - ok
14:11:23.0873 1948	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:11:23.0905 1948	pla - ok
14:11:23.0920 1948	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:11:23.0936 1948	PlugPlay - ok
14:11:23.0936 1948	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:11:23.0936 1948	PNRPAutoReg - ok
14:11:23.0951 1948	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:11:23.0951 1948	PNRPsvc - ok
14:11:23.0951 1948	Point64         (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:11:23.0967 1948	Point64 - ok
14:11:23.0967 1948	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:11:23.0998 1948	PolicyAgent - ok
14:11:23.0998 1948	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:11:24.0014 1948	Power - ok
14:11:24.0029 1948	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:11:24.0045 1948	PptpMiniport - ok
14:11:24.0045 1948	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:11:24.0061 1948	Processor - ok
14:11:24.0061 1948	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:11:24.0076 1948	ProfSvc - ok
14:11:24.0076 1948	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:24.0092 1948	ProtectedStorage - ok
14:11:24.0092 1948	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:11:24.0107 1948	Psched - ok
14:11:24.0139 1948	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:11:24.0170 1948	ql2300 - ok
14:11:24.0185 1948	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:11:24.0185 1948	ql40xx - ok
14:11:24.0201 1948	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:11:24.0217 1948	QWAVE - ok
14:11:24.0217 1948	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:11:24.0217 1948	QWAVEdrv - ok
14:11:24.0217 1948	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:11:24.0232 1948	RasAcd - ok
14:11:24.0248 1948	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:11:24.0263 1948	RasAgileVpn - ok
14:11:24.0263 1948	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:11:24.0279 1948	RasAuto - ok
14:11:24.0295 1948	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:24.0310 1948	Rasl2tp - ok
14:11:24.0310 1948	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:11:24.0341 1948	RasMan - ok
14:11:24.0341 1948	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:24.0357 1948	RasPppoe - ok
14:11:24.0357 1948	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:11:24.0388 1948	RasSstp - ok
14:11:24.0388 1948	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:11:24.0404 1948	rdbss - ok
14:11:24.0419 1948	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:11:24.0419 1948	rdpbus - ok
14:11:24.0419 1948	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:24.0435 1948	RDPCDD - ok
14:11:24.0451 1948	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:11:24.0451 1948	RDPDR - ok
14:11:24.0451 1948	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:11:24.0466 1948	RDPENCDD - ok
14:11:24.0466 1948	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:11:24.0497 1948	RDPREFMP - ok
14:11:24.0497 1948	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:11:24.0497 1948	RdpVideoMiniport - ok
14:11:24.0497 1948	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:11:24.0513 1948	RDPWD - ok
14:11:24.0513 1948	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:11:24.0529 1948	rdyboost - ok
14:11:24.0529 1948	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:11:24.0544 1948	RemoteAccess - ok
14:11:24.0560 1948	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:11:24.0575 1948	RemoteRegistry - ok
14:11:24.0591 1948	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:11:24.0622 1948	RpcEptMapper - ok
14:11:24.0622 1948	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:11:24.0638 1948	RpcLocator - ok
14:11:24.0731 1948	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:11:24.0747 1948	RpcSs - ok
14:11:24.0763 1948	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:11:24.0778 1948	rspndr - ok
14:11:24.0809 1948	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:11:24.0825 1948	RTL8167 - ok
14:11:24.0825 1948	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:11:24.0825 1948	s3cap - ok
14:11:24.0825 1948	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:24.0841 1948	SamSs - ok
14:11:24.0841 1948	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:11:24.0856 1948	sbp2port - ok
14:11:24.0856 1948	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:11:24.0872 1948	SCardSvr - ok
14:11:24.0887 1948	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:11:24.0903 1948	scfilter - ok
14:11:24.0919 1948	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:11:24.0950 1948	Schedule - ok
14:11:24.0965 1948	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:11:24.0981 1948	SCPolicySvc - ok
14:11:24.0981 1948	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:11:24.0981 1948	SDRSVC - ok
14:11:24.0997 1948	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:11:25.0012 1948	secdrv - ok
14:11:25.0012 1948	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:11:25.0028 1948	seclogon - ok
14:11:25.0028 1948	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:11:25.0059 1948	SENS - ok
14:11:25.0059 1948	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:11:25.0059 1948	SensrSvc - ok
14:11:25.0059 1948	Ser2pl          (3dc3ec72952bd60c438e397781ff0572) C:\Windows\system32\DRIVERS\ser2pl64.sys
14:11:25.0075 1948	Ser2pl - ok
14:11:25.0075 1948	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:11:25.0075 1948	Serenum - ok
14:11:25.0090 1948	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:11:25.0090 1948	Serial - ok
14:11:25.0090 1948	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:11:25.0090 1948	sermouse - ok
14:11:25.0106 1948	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:11:25.0121 1948	SessionEnv - ok
14:11:25.0121 1948	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:11:25.0137 1948	sffdisk - ok
14:11:25.0137 1948	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:11:25.0137 1948	sffp_mmc - ok
14:11:25.0137 1948	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:11:25.0153 1948	sffp_sd - ok
14:11:25.0153 1948	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:11:25.0153 1948	sfloppy - ok
14:11:25.0168 1948	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:11:25.0184 1948	SharedAccess - ok
14:11:25.0199 1948	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:11:25.0215 1948	ShellHWDetection - ok
14:11:25.0215 1948	Si3124r5        (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\DRIVERS\Si3124r5.sys
14:11:25.0231 1948	Si3124r5 - ok
14:11:25.0231 1948	SiFilter        (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\DRIVERS\SiWinAcc.sys
14:11:25.0231 1948	SiFilter - ok
14:11:25.0231 1948	SiRemFil        (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\DRIVERS\SiRemFil.sys
14:11:25.0246 1948	SiRemFil - ok
14:11:25.0246 1948	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:11:25.0246 1948	SiSRaid2 - ok
14:11:25.0246 1948	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:11:25.0262 1948	SiSRaid4 - ok
14:11:25.0262 1948	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:11:25.0277 1948	Smb - ok
14:11:25.0293 1948	snapman         (bbfb94699c8c265a6af5fd51bde26dfc) C:\Windows\system32\DRIVERS\snapman.sys
14:11:25.0293 1948	snapman - ok
14:11:25.0293 1948	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:11:25.0309 1948	SNMPTRAP - ok
14:11:25.0309 1948	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:11:25.0309 1948	spldr - ok
14:11:25.0324 1948	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:11:25.0355 1948	Spooler - ok
14:11:25.0418 1948	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:11:25.0480 1948	sppsvc - ok
14:11:25.0496 1948	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:11:25.0511 1948	sppuinotify - ok
14:11:25.0527 1948	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:11:25.0543 1948	srv - ok
14:11:25.0543 1948	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:11:25.0558 1948	srv2 - ok
14:11:25.0558 1948	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:11:25.0558 1948	srvnet - ok
14:11:25.0574 1948	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:11:25.0605 1948	SSDPSRV - ok
14:11:25.0605 1948	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:11:25.0636 1948	SstpSvc - ok
14:11:25.0667 1948	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:11:25.0667 1948	stexstor - ok
14:11:25.0745 1948	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:11:25.0761 1948	stisvc - ok
14:11:25.0761 1948	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:11:25.0761 1948	storflt - ok
14:11:25.0777 1948	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:11:25.0777 1948	storvsc - ok
14:11:25.0777 1948	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:11:25.0777 1948	swenum - ok
14:11:25.0792 1948	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:11:25.0823 1948	swprv - ok
14:11:25.0948 1948	syncagentsrv    (60cd74de7993661649093da9a94987bd) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
14:11:26.0011 1948	syncagentsrv - ok
14:11:26.0042 1948	Synth3dVsc - ok
14:11:26.0073 1948	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:11:26.0104 1948	SysMain - ok
14:11:26.0120 1948	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:11:26.0120 1948	TabletInputService - ok
14:11:26.0135 1948	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:11:26.0151 1948	TapiSrv - ok
14:11:26.0167 1948	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:11:26.0182 1948	TBS - ok
14:11:26.0213 1948	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:11:26.0245 1948	Tcpip - ok
14:11:26.0307 1948	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:11:26.0323 1948	TCPIP6 - ok
14:11:26.0338 1948	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:11:26.0369 1948	tcpipreg - ok
14:11:26.0369 1948	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:11:26.0369 1948	TDPIPE - ok
14:11:26.0401 1948	tdrpman         (9c1a823d4e729c965167b6e71e984296) C:\Windows\system32\DRIVERS\tdrpman.sys
14:11:26.0416 1948	tdrpman - ok
14:11:26.0416 1948	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:11:26.0432 1948	TDTCP - ok
14:11:26.0432 1948	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:11:26.0447 1948	tdx - ok
14:11:26.0447 1948	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:11:26.0447 1948	TermDD - ok
14:11:26.0463 1948	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:11:26.0494 1948	TermService - ok
14:11:26.0494 1948	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:11:26.0510 1948	Themes - ok
14:11:26.0510 1948	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:11:26.0525 1948	THREADORDER - ok
14:11:26.0541 1948	timounter       (990447334615a0db84f620e1426dcfe0) C:\Windows\system32\DRIVERS\timntr.sys
14:11:26.0557 1948	timounter - ok
14:11:26.0572 1948	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:11:26.0588 1948	TrkWks - ok
14:11:26.0588 1948	truecrypt       (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
14:11:26.0603 1948	truecrypt - ok
14:11:26.0619 1948	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:11:26.0635 1948	TrustedInstaller - ok
14:11:26.0666 1948	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:26.0681 1948	tssecsrv - ok
14:11:26.0681 1948	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:11:26.0697 1948	TsUsbFlt - ok
14:11:26.0697 1948	tsusbhub - ok
14:11:26.0697 1948	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:11:26.0728 1948	tunnel - ok
14:11:26.0791 1948	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:11:26.0791 1948	uagp35 - ok
14:11:26.0806 1948	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:11:26.0822 1948	udfs - ok
14:11:26.0837 1948	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:11:26.0837 1948	UI0Detect - ok
14:11:26.0837 1948	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:11:26.0853 1948	uliagpkx - ok
14:11:26.0853 1948	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:11:26.0853 1948	umbus - ok
14:11:26.0853 1948	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:11:26.0869 1948	UmPass - ok
14:11:26.0869 1948	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:11:26.0869 1948	UmRdpService - ok
14:11:26.0884 1948	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:11:26.0900 1948	upnphost - ok
14:11:26.0915 1948	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:11:26.0915 1948	usbaudio - ok
14:11:26.0915 1948	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:26.0931 1948	usbccgp - ok
14:11:26.0931 1948	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:11:26.0947 1948	usbcir - ok
14:11:26.0947 1948	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:11:26.0947 1948	usbehci - ok
14:11:26.0962 1948	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:11:26.0962 1948	usbhub - ok
14:11:26.0962 1948	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:11:26.0978 1948	usbohci - ok
14:11:26.0978 1948	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:11:26.0978 1948	usbprint - ok
14:11:26.0978 1948	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:11:26.0993 1948	usbscan - ok
14:11:26.0993 1948	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:26.0993 1948	USBSTOR - ok
14:11:26.0993 1948	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:11:27.0009 1948	usbuhci - ok
14:11:27.0009 1948	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:11:27.0025 1948	UxSms - ok
14:11:27.0025 1948	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:27.0040 1948	VaultSvc - ok
14:11:27.0040 1948	VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
14:11:27.0040 1948	VClone - ok
14:11:27.0040 1948	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:11:27.0056 1948	vdrvroot - ok
14:11:27.0056 1948	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:11:27.0087 1948	vds - ok
14:11:27.0087 1948	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:27.0087 1948	vga - ok
14:11:27.0103 1948	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:11:27.0118 1948	VgaSave - ok
14:11:27.0118 1948	VGPU - ok
14:11:27.0118 1948	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:11:27.0134 1948	vhdmp - ok
14:11:27.0134 1948	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:11:27.0134 1948	viaide - ok
14:11:27.0149 1948	vididr          (ee12faffdd1fb13be0d6ef67cb0d1617) C:\Windows\system32\DRIVERS\vididr.sys
14:11:27.0149 1948	vididr - ok
14:11:27.0149 1948	vidsflt61       (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys
14:11:27.0165 1948	vidsflt61 - ok
14:11:27.0165 1948	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:11:27.0165 1948	vmbus - ok
14:11:27.0181 1948	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:11:27.0181 1948	VMBusHID - ok
14:11:27.0181 1948	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:11:27.0181 1948	volmgr - ok
14:11:27.0196 1948	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:11:27.0212 1948	volmgrx - ok
14:11:27.0212 1948	volsnap         (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
14:11:27.0227 1948	volsnap - ok
14:11:27.0227 1948	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:11:27.0227 1948	vsmraid - ok
14:11:27.0274 1948	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:11:27.0305 1948	VSS - ok
14:11:27.0321 1948	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:11:27.0337 1948	vwifibus - ok
14:11:27.0337 1948	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:11:27.0368 1948	W32Time - ok
14:11:27.0368 1948	W3SVC           (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
14:11:27.0383 1948	W3SVC - ok
14:11:27.0383 1948	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:11:27.0383 1948	WacomPen - ok
14:11:27.0399 1948	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:27.0415 1948	WANARP - ok
14:11:27.0415 1948	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:27.0430 1948	Wanarpv6 - ok
14:11:27.0430 1948	WAS             (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
14:11:27.0446 1948	WAS - ok
14:11:27.0461 1948	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:11:27.0493 1948	WatAdminSvc - ok
14:11:27.0524 1948	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:11:27.0539 1948	wbengine - ok
14:11:27.0571 1948	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:11:27.0571 1948	WbioSrvc - ok
14:11:27.0586 1948	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:11:27.0602 1948	wcncsvc - ok
14:11:27.0602 1948	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:11:27.0602 1948	WcsPlugInService - ok
14:11:27.0602 1948	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:11:27.0617 1948	Wd - ok
14:11:27.0633 1948	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:11:27.0633 1948	Wdf01000 - ok
14:11:27.0649 1948	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:11:27.0695 1948	WdiServiceHost - ok
14:11:27.0695 1948	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:11:27.0695 1948	WdiSystemHost - ok
14:11:27.0805 1948	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:11:27.0820 1948	WebClient - ok
14:11:27.0836 1948	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:11:27.0851 1948	Wecsvc - ok
14:11:27.0851 1948	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:11:27.0883 1948	wercplsupport - ok
14:11:27.0883 1948	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:11:27.0898 1948	WerSvc - ok
14:11:27.0898 1948	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:11:27.0914 1948	WfpLwf - ok
14:11:27.0929 1948	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
14:11:27.0929 1948	WimFltr - ok
14:11:27.0929 1948	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:11:27.0945 1948	WIMMount - ok
14:11:27.0945 1948	WinDefend - ok
14:11:27.0945 1948	WinHttpAutoProxySvc - ok
14:11:27.0961 1948	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:11:27.0976 1948	Winmgmt - ok
14:11:28.0023 1948	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:11:28.0054 1948	WinRM - ok
14:11:28.0085 1948	winusb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\winusb.sys
14:11:28.0085 1948	winusb - ok
14:11:28.0101 1948	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:11:28.0132 1948	Wlansvc - ok
14:11:28.0132 1948	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:11:28.0132 1948	wlcrasvc - ok
14:11:28.0179 1948	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:11:28.0210 1948	wlidsvc - ok
14:11:28.0241 1948	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:11:28.0241 1948	WmiAcpi - ok
14:11:28.0257 1948	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:11:28.0257 1948	wmiApSrv - ok
14:11:28.0257 1948	WMPNetworkSvc - ok
14:11:28.0257 1948	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:11:28.0273 1948	WPCSvc - ok
14:11:28.0273 1948	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:11:28.0288 1948	WPDBusEnum - ok
14:11:28.0288 1948	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:11:28.0304 1948	ws2ifsl - ok
14:11:28.0304 1948	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:11:28.0319 1948	wscsvc - ok
14:11:28.0319 1948	WSearch - ok
14:11:28.0366 1948	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:11:28.0413 1948	wuauserv - ok
14:11:28.0429 1948	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:11:28.0460 1948	WudfPf - ok
14:11:28.0460 1948	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:28.0475 1948	WUDFRd - ok
14:11:28.0475 1948	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:11:28.0507 1948	wudfsvc - ok
14:11:28.0507 1948	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:11:28.0522 1948	WwanSvc - ok
14:11:28.0538 1948	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:11:28.0569 1948	\Device\Harddisk0\DR0 - ok
14:11:28.0569 1948	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:11:28.0585 1948	\Device\Harddisk2\DR2 - ok
14:11:28.0585 1948	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:11:28.0647 1948	\Device\Harddisk1\DR1 - ok
14:11:28.0647 1948	Boot (0x1200)   (0c2942db6d17046c244316317f7dfa25) \Device\Harddisk0\DR0\Partition0
14:11:28.0647 1948	\Device\Harddisk0\DR0\Partition0 - ok
14:11:28.0647 1948	Boot (0x1200)   (4c9003ff4dab3e6c4d0251a65f1a99b7) \Device\Harddisk2\DR2\Partition0
14:11:28.0647 1948	\Device\Harddisk2\DR2\Partition0 - ok
14:11:28.0647 1948	Boot (0x1200)   (a3905a87e5a1e8adaaf8026d46e71338) \Device\Harddisk1\DR1\Partition0
14:11:28.0647 1948	\Device\Harddisk1\DR1\Partition0 - ok
14:11:28.0647 1948	Boot (0x1200)   (7983e97fff75d03a2ac303b3aae1e8d9) \Device\Harddisk1\DR1\Partition1
14:11:28.0647 1948	\Device\Harddisk1\DR1\Partition1 - ok
14:11:28.0647 1948	============================================================
14:11:28.0647 1948	Scan finished
14:11:28.0647 1948	============================================================
14:11:28.0647 5440	Detected object count: 2
14:11:28.0647 5440	Actual detected object count: 2
14:11:41.0907 5440	DAZContentManagementService ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:41.0907 5440	DAZContentManagementService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:41.0907 5440	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:41.0907 5440	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 03.06.2012, 13:37

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ambit01 · 03.06.2012, 14:42

Done:
[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-03.01 - Adrian ***** 03.06.2012  15:09:27.1.12 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.41.1031.18.16360.13489 [GMT 2:00]
ausgeführt von:: c:\users\Adrian *****\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-03 bis 2012-06-03  ))))))))))))))))))))))))))))))
.
.
2012-06-03 12:39 . 2012-06-03 12:39	--------	d-----w-	c:\users\Adrian *****\AppData\Local\Google
2012-06-03 12:14 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB5F5EA7-1E13-4D0E-89FC-98DFF164CDBC}\mpengine.dll
2012-06-02 21:57 . 2012-06-02 22:00	--------	d-----w-	C:\Blog
2012-06-02 20:02 . 2012-06-02 20:02	--------	d-----w-	C:\_OTL
2012-06-02 10:07 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 21:39 . 2012-05-31 20:31	595968	----a-w-	C:\OTL.exe
2012-05-31 16:49 . 2012-06-02 11:15	--------	d-----w-	c:\program files (x86)\Panda Security
2012-05-31 10:56 . 2012-05-31 10:56	--------	d-----w-	c:\program files (x86)\ESET
2012-05-31 07:56 . 2012-05-31 08:18	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-05-31 07:56 . 2012-05-31 07:58	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-05-30 16:07 . 2012-05-30 16:07	--------	d-----w-	c:\users\Adrian *****\AppData\Roaming\Malwarebytes
2012-05-30 16:07 . 2012-05-30 16:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-30 14:59 . 2012-05-30 14:59	--------	d-----w-	c:\programdata\Samsung
2012-05-24 22:15 . 2012-05-24 22:15	--------	d-----w-	c:\users\Adrian *****\AppData\Roaming\FrontDesign
2012-05-24 22:14 . 2012-05-24 22:14	--------	d-----w-	c:\program files (x86)\FrontDesign
2012-05-21 17:34 . 2012-05-30 14:53	--------	d-----w-	c:\users\a0273787
2012-05-21 16:53 . 2012-05-21 16:53	--------	d-----w-	c:\users\Adrian *****\AppData\Roaming\Crosshairs Embedded
2012-05-21 16:20 . 2012-05-30 19:04	--------	d-----w-	c:\users\Adrian *****\AppData\Roaming\controlSUITE
2012-05-21 16:17 . 2012-05-21 16:19	--------	d-----w-	c:\program files\controlSUITE
2012-05-15 12:35 . 2012-05-15 12:34	955848	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-05-15 12:31 . 2012-05-15 12:31	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-05-15 12:26 . 2012-04-04 16:47	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-05-14 21:01 . 2012-05-14 21:01	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-05-12 17:11 . 2012-05-12 17:11	--------	d-----w-	c:\programdata\Ant
2012-05-12 10:36 . 2012-05-12 10:36	--------	d--h--w-	c:\programdata\Common Files
2012-05-12 10:31 . 2012-05-12 15:53	--------	d-----w-	c:\programdata\MFAData
2012-05-11 23:56 . 2012-05-11 23:56	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-10 22:10 . 2008-01-18 23:10	154168	----a-w-	c:\windows\system32\drivers\WimFltr.sys
2012-05-10 20:25 . 2012-05-10 20:25	--------	d-----w-	c:\program files\Windows Imaging
2012-05-10 20:25 . 2012-05-10 20:25	--------	d-----w-	c:\program files\Windows AIK
2012-05-10 11:01 . 2012-04-21 01:16	43960	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-10 11:01 . 2012-04-21 01:16	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-10 11:01 . 2012-04-21 01:16	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-10 11:01 . 2012-04-21 01:16	588728	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-10 11:01 . 2012-04-21 01:15	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-10 11:01 . 2012-04-21 01:15	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-10 11:01 . 2012-04-21 01:15	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-09 15:05 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-05-09 15:05 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-09 15:05 . 2012-03-31 06:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-09 15:05 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 15:05 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 15:05 . 2012-03-31 03:10	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-05-09 15:05 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-09 15:03 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 15:03 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 15:03 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:03 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 15:03 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:03 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-07 17:43 . 2012-06-02 10:42	--------	d-----w-	c:\users\Adrian *****\AppData\Roaming\AllDup
2012-05-07 17:43 . 2012-05-07 17:43	--------	d-----w-	c:\programdata\AllDup
2012-05-07 17:43 . 2010-10-13 04:42	2369456	----a-w-	c:\windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx
2012-05-07 17:43 . 2010-06-11 07:50	89888	----a-w-	c:\windows\SysWow64\mtFrame.ocx
2012-05-07 17:43 . 2010-03-25 07:33	171752	----a-w-	c:\windows\SysWow64\mtRTF2.ocx
2012-05-07 17:43 . 2009-12-29 15:00	1000992	----a-w-	c:\windows\SysWow64\TList8.ocx
2012-05-07 17:43 . 2009-10-12 21:02	44736	----a-w-	c:\windows\SysWow64\mtSubclass.dll
2012-05-07 17:43 . 2009-10-12 21:01	77504	----a-w-	c:\windows\SysWow64\mtScrollContainer.ocx
2012-05-07 17:43 . 2008-01-29 04:57	450560	----a-w-	c:\windows\SysWow64\fldrvw90.ocx
2012-05-07 17:43 . 2010-08-20 18:53	86016	----a-w-	c:\windows\SysWow64\mtSplitter.ocx
2012-05-07 17:43 . 2012-05-07 17:43	--------	d-----w-	c:\program files (x86)\AllDup
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 15:35 . 2006-11-01 11:07	334720	----a-w-	c:\windows\system32\RootkitRevealer.exe
2012-05-15 12:34 . 2011-11-05 09:33	839112	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-04 08:21 . 2012-05-04 08:21	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CE42E1C-E1AB-4A9C-B000-68B8CD41F3DC}\gapaengine.dll
2012-04-22 09:04 . 2012-04-22 09:04	159527	----a-w-	c:\windows\FlyChart Uninstaller.exe
2012-04-22 09:03 . 2012-04-22 08:59	159866	----a-w-	c:\windows\FlyChart Uninstaller.exe.bak
2012-04-04 16:47 . 2012-01-21 20:23	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-03 15:10 . 2012-04-03 15:10	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 15:10 . 2011-08-23 13:12	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-26 23:42 . 2012-03-26 23:42	138360	----a-w-	c:\windows\SysWow64\drivers\AnyDVD.sys
2012-03-26 23:42 . 2012-03-26 23:42	138360	----a-w-	c:\windows\system32\drivers\AnyDVD.sys
2012-03-20 18:44 . 2012-03-20 18:44	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-03-19 16:09 . 2012-03-19 16:09	49152	----a-w-	c:\windows\system32\AntUsbCIv2.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 116648]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gpslc64;gpslc64;c:\windows\system32\Drivers\gpslc64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 116648]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
R4 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-29 3483600]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe [2011-08-09 918144]
R4 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe [2011-08-09 947328]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
R4 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.08\AsusFanControlService.exe [2011-09-19 1406080]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R4 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-08-26 134944]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5899240]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 MsDepSvc;Webbereitstellungs-Agent-Dienst;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:10]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 12:39]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 12:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-01 12856936]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.heise.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Adrian *****\AppData\Roaming\Mozilla\Firefox\Profiles\k00bo4vt.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-DS4 Default Content 4.0.0.16 - c:\3d\DAZ 3D\Studio\My Library\Uninstallers\Remove-DS4 Default Content.exe
AddRemove-iNTERNET Turbo - c:\program files (x86)\iNTERNET Turbo\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Adrian *****\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-03  15:30:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-03 13:30
.
Vor Suchlauf: 9 Verzeichnis(se), 50'661'609'472 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 50'132'103'168 Bytes frei
.
- - End Of File - - A9AFCDB1B8979A93CB6A6BF4E70D7755

--- --- ---

cosinus · 03.06.2012, 16:27

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

ambit01 · 03.06.2012, 17:02

Erster Versuch 'abgestürzt'. Dann mit AV scan: none

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 17:59:32
-----------------------------
17:59:32.621    OS Version: Windows x64 6.1.7601 Service Pack 1
17:59:32.621    Number of processors: 12 586 0x2D06
17:59:32.621    ComputerName: MY-PC  UserName: 
17:59:32.933    Initialize success
17:59:35.304    AVAST engine defs: 12060300
17:59:42.246    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\Si3124r51Port0Path0Target10Lun0
17:59:42.246    Disk 0 Vendor: SiImage_ 0000 Size: 228963MB BusType: 8
17:59:42.246    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
17:59:42.246    Disk 1 Vendor: OCZ-VERTEX4 1.4 Size: 244198MB BusType: 11
17:59:42.246    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
17:59:42.246    Disk 2 Vendor: OCZ-AGILITY3 2.08 Size: 228936MB BusType: 11
17:59:42.246    Disk 1 MBR read successfully
17:59:42.246    Disk 1 MBR scan
17:59:42.262    Disk 1 Windows 7 default MBR code
17:59:42.262    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:59:42.262    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       244097 MB offset 206848
17:59:42.262    Disk 1 scanning C:\Windows\system32\drivers
17:59:44.461    Service scanning
17:59:50.483    Modules scanning
17:59:50.483    Disk 1 trace - called modules:
17:59:50.483    ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
17:59:50.483    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800e84a790]
17:59:50.483    3 CLASSPNP.SYS[fffff8800174d43f] -> nt!IofCallDriver -> [0xfffffa800e7b8e10]
17:59:50.483    5 vsflt61.sys[fffff88000fa60fd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800d1a1680]
17:59:50.498    Scan finished successfully
18:00:02.573    Disk 1 MBR has been saved successfully to "C:\Users\Adrian *****\Desktop\MBR.dat"
18:00:02.573    The log file has been saved successfully to "C:\Users\Adrian *****\Desktop\aswMBR.txt"

cosinus · 03.06.2012, 18:00

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ambit01 · 03.06.2012, 19:09

Malwarebytes auch diesmal nichts gefunden:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Adrian ***** :: MY-PC [Administrator]

Schutz: Deaktiviert

03.06.2012 19:45:12
mbam-log-2012-06-03 (19-45-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 663443
Laufzeit: 13 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 03.06.2012, 19:21

Das doch schonmal

ambit01 · 03.06.2012, 22:43

SUPERAntiSpaware hat 900 Threats gefunden. 893 Cookies und 7 Files. Leider ist es beim Öffnen des Logs dann abgestürzt.

Habe mir die Files aber vorher angesehen. Alles Fehlalarme. So bezeichnete SUPERAntiSpyware zum Beispiel die Software für meine Panasonic-Objektive als Virus.

Lasse es später nochmals laufen. Dauert über 40 Minuten.

cosinus · 04.06.2012, 10:29

Ist das Log nicht mehr greifbar oder hat das einen anderen Grund, dass du SUPERAntiSpyware nochmal scannen lässt

ambit01 · 04.06.2012, 11:34

Das Logfile wurde nicht gespeichert!?

Hängt vielleicht damit zusammen, dass ich seit dem OTL-Fix einige Berechtigungen verloren habe.

03.06.2012, 18:00	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

03.06.2012, 19:21	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Das doch schonmal __________________ Logfiles bitte immer in CODE-Tags posten

04.06.2012, 10:29	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Ist das Log nicht mehr greifbar oder hat das einen anderen Grund, dass du SUPERAntiSpyware nochmal scannen lässt __________________ Logfiles bitte immer in CODE-Tags posten

Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein

Plagegeister aller Art und deren Bekämpfung: Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein