Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen

thesaint225 · 19.06.2012, 21:49

Guten Tag,

ich habe Probleme mit den 3 oben genannten Trojanern die nicht zu entfernen sind. Antivir hat sie als erstes gefunden aber nicht entfernen können. Selbiges mit Anti-Maleware.
PC Probleme sind mir bisher nicht aufgefallen außer die ständigen warnungen von Avira. Woher die Trojaner kommen könnten weiss ich nicht.

Hoffe ihr könnt mir helfen. Hab laut der Anleitungen schon den ein oder anderen Scan gemacht und die Logfiles gespeichert. Zum anfang erstmal das Log von Anti-Malware.

MFG Danny

" Malwarebytes Anti-Malware (Test) 1.61.0.1400

Datenbank Version: v2012.06.19.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny ****** :: CELINE-LAPTOP [Administrator]

Schutz: Deaktiviert

19.06.2012 22:33:22
mbam-log-2012-06-19 (22-39-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218614
Laufzeit: 5 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
"

cosinus · 21.06.2012, 20:56

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

thesaint225 · 24.06.2012, 10:58

Hallo,

hier die Log´s, hat etwas gedauert bis die scans durch waren.

Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.21.10

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny ***** :: CELINE-LAPTOP [Administrator]

Schutz: Deaktiviert

21.06.2012 23:02:28
mbam-log-2012-06-22 (21-09-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 731109
Laufzeit: 14 Stunde(n), 30 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Esset Onlinescanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9b21a1a24617324daf805ebe8c31db0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-23 09:40:40
# local_time=2012-06-23 11:40:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 14947143 14947143 0 0
# compatibility_mode=5893 16776574 66 94 1317466 92110755 0 0
# compatibility_mode=8192 67108863 100 0 520 520 0 0
# scanned=524434
# found=4
# cleaned=0
# scan_time=8096
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n	Win32/Sirefef.EV trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@	a variant of Win32/Sirefef.FA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@	probably a variant of Win32/Agent.TEO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPSYG0AP\new-online-dating_net[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I

Danke vielmals

cosinus · 24.06.2012, 16:43

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

thesaint225 · 24.06.2012, 20:24

Dann hab ich den Satz doch falsch verstanden.
Nochmal zur Reihenfolge,

Malwarebytes Durchlaufen lassen im Vollsuchmodus, gefundene Viren in die Quarantäne, dann entfernen und danach den Esset online Scanner Durchlaufen lassen?

MFG

cosinus · 25.06.2012, 10:38

Ja genau, mit entfernen wird gemeint "in die Q schicken"
Du brauchst ESET aber nicht nochmal laufen zu lassen

thesaint225 · 26.06.2012, 08:24

So jetzt nochmal Malwarebytes, die Dinger sind sofort nach Computerstart wieder da!

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.25.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny ***** :: CELINE-LAPTOP [Administrator]

Schutz: Deaktiviert

25.06.2012 20:57:24
mbam-log-2012-06-25 (20-57-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 737328
Laufzeit: 4 Stunde(n), 36 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 26.06.2012, 12:28

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

thesaint225 · 26.06.2012, 20:34

Also der Normale Windows Modus funktioniert, hat er aber auch schon vorher, manchmal kommt er mir jedoch etwas langsam vor.
Das Startmenü macht auch einen normalen Eindruck, keine leeren ordner und vorhanden ist auch alles.

Einzig taucht hin und wieder ein seltsamer fehler zu einem Server? auf. Muss mir das nächste mal direkt ein Bildschirmfoto machen. Der Fehler kommt nicht immer, hat was mit Firefox zu, so kommt es mir zumindest vor hat aber sonst keinerlei weitere auswirkungen.

MFG und Danke für die Mühe

cosinus · 27.06.2012, 12:31

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

thesaint225 · 27.06.2012, 18:19

Hier der OTL log.

Code:

ATTFilter

OTL logfile created on: 27.06.2012 18:56:40 - Run 3
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Danny *****\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,36% Memory free
5,99 Gb Paging File | 4,72 Gb Available in Paging File | 78,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 33,59 Gb Free Space | 45,08% Space Free | Partition Type: NTFS
Drive D: | 204,03 Gb Total Space | 179,17 Gb Free Space | 87,82% Space Free | Partition Type: NTFS
Drive E: | 466,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,69 Gb Total Space | 2,41 Gb Free Space | 65,35% Space Free | Partition Type: FAT32
 
Computer Name: CELINE-LAPTOP | User Name: Danny ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 16:25:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Danny *****\Desktop\OTL.exe
PRC - [2012.06.25 23:10:17 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe
PRC - [2012.06.08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Kies\KiesTrayAgent.exe
PRC - [2012.05.08 20:29:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Avira\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:29:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Avira\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:29:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Avira\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:29:03 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Avira\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.22 10:51:22 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.22 10:50:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.04.16 17:26:10 | 001,271,088 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.22 07:46:40 | 000,090,624 | ---- | M] () -- C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe
PRC - [2009.05.12 06:35:28 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe
PRC - [2009.01.15 13:13:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.25 23:10:16 | 002,042,848 | ---- | M] () -- D:\Mozilla Firefox\mozjs.dll
MOD - [2012.06.16 20:00:33 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.06.16 19:59:58 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.16 19:59:49 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.09 20:30:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.05.09 18:36:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 18:35:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.09 18:35:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.09 18:35:34 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010.09.21 22:38:58 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.06.22 07:46:40 | 000,090,112 | ---- | M] () -- C:\Program Files\Belkin\Home Base Control Center\BkLocalBackup.dll
MOD - [2009.06.22 07:46:38 | 000,117,760 | ---- | M] () -- C:\Program Files\Belkin\Home Base Control Center\OSAL.dll
MOD - [2009.06.10 15:14:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.06.10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.25 23:10:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 20:29:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Avira\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:29:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Avira\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.17 23:57:59 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010.09.22 10:50:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.06.22 07:46:40 | 000,090,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2009.01.15 13:13:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe -- (Belkin Home Base Control Center Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012.05.08 20:29:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:29:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.17 18:11:56 | 000,125,456 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2011.08.17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.06.27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.09.24 21:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.09.22 11:21:42 | 006,471,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.22 10:14:26 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.29 18:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.08.19 08:23:28 | 000,119,408 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.07.24 00:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.06.22 09:49:00 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008.11.23 09:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD CC 9B 75 8D C8 CC 01  [binary data]
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Mozilla Firefox\components [2012.06.25 23:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Mozilla Firefox\plugins
 
[2012.01.01 16:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny *****\AppData\Roaming\mozilla\Extensions
[2012.05.24 20:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny *****\AppData\Roaming\mozilla\Firefox\Profiles\jfh1ill1.default\extensions
[2012.05.24 20:18:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Danny *****\AppData\Roaming\mozilla\Firefox\Profiles\jfh1ill1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.10 19:07:18 | 000,000,957 | ---- | M] () -- C:\Users\Danny *****\AppData\Roaming\Mozilla\Firefox\Profiles\jfh1ill1.default\searchplugins\conduit.xml
[2012.03.03 00:05:04 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000..\Run: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000..\Run: [KiesHelper] D:\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000..\Run: [KiesPDLR] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Celine Schrader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Home Base Control Center.lnk = C:\Program Files\Belkin\Home Base Control Center\Connect.exe (Belkin International, Inc.)
O4 - Startup: C:\Users\Danny *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Home Base Control Center.lnk = C:\Program Files\Belkin\Home Base Control Center\Connect.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9C6E4E3-65B2-41AB-A1BA-D206058A5B6F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED3F8635-A503-40E7-9E80-F0C7504C82AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.13 06:14:06 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2008.05.13 06:53:30 | 000,000,064 | R--- | M] () - E:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun\setup.exe -- [2008.08.13 06:13:38 | 000,159,804 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.27 16:25:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Danny *****\Desktop\OTL.exe
[2012.06.23 21:19:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.06.23 21:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.21 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\Documents\FFOutput
[2012.06.19 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien
[2012.06.18 20:07:15 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Local\Macromedia
[2012.06.17 23:27:39 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Roaming\Audacity
[2012.06.17 23:25:17 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.06.17 23:25:17 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.06.15 23:07:40 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Roaming\Temp
[2012.06.15 23:06:57 | 000,000,000 | ---D | C] -- C:\Temp
[2012.06.15 23:04:38 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Local\Samsung
[2012.06.15 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Roaming\Samsung
[2012.06.15 23:04:32 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\Documents\samsung
[2012.06.15 23:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.06.15 23:01:18 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.06.15 23:01:01 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.06.15 23:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012.06.15 23:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.06.15 22:56:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.15 22:54:47 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Local\Downloaded Installations
[2012.06.10 21:47:04 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Roaming\Malwarebytes
[2012.06.10 21:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.10 21:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 21:46:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.10 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.10 19:32:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.08 20:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential
[2012.06.07 18:51:20 | 000,000,000 | ---D | C] -- C:\Users\Danny *****\AppData\Local\World_of_AI
[2012.05.29 00:38:50 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012.04.20 20:34:20 | 000,021,504 | ---- | C] (deepxw) -- C:\Users\Danny *****\AppData\Local\Wtrmrk.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.27 16:25:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Danny *****\Desktop\OTL.exe
[2012.06.27 16:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.27 11:32:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 11:32:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 11:23:24 | 2414,206,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.26 21:27:57 | 000,001,225 | ---- | M] () -- C:\Users\Danny *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Home Base Control Center.lnk
[2012.06.26 09:28:02 | 000,653,598 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.26 09:28:02 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.26 09:28:02 | 000,130,256 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.26 09:28:02 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 20:24:22 | 000,001,406 | ---- | M] () -- C:\Users\Danny *****\Desktop\Musik - Verknüpfung.lnk
[2012.06.19 21:49:09 | 000,067,891 | ---- | M] () -- C:\Users\Danny *****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
[2012.06.19 21:48:35 | 000,302,592 | ---- | M] () -- C:\Users\Danny *****\Desktop\ytsdzzqs.exe
[2012.06.19 21:28:00 | 000,000,000 | ---- | M] () -- C:\Users\Danny *****\defogger_reenable
[2012.06.19 21:26:52 | 000,050,477 | ---- | M] () -- C:\Users\Danny *****\Desktop\Defogger.exe
[2012.06.16 19:56:53 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.15 23:01:25 | 000,000,585 | ---- | M] () -- C:\Users\Danny *****\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012.06.06 22:31:42 | 312,345,410 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.29 00:38:50 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.26 09:21:11 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\800000cb.@
[2012.06.26 09:21:11 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\80000000.@
[2012.06.26 09:21:11 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U\00000001.@
[2012.06.21 20:24:22 | 000,001,406 | ---- | C] () -- C:\Users\Danny *****\Desktop\Musik - Verknüpfung.lnk
[2012.06.19 21:49:08 | 000,067,891 | ---- | C] () -- C:\Users\Danny *****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
[2012.06.19 21:48:34 | 000,302,592 | ---- | C] () -- C:\Users\Danny *****\Desktop\ytsdzzqs.exe
[2012.06.19 21:28:00 | 000,000,000 | ---- | C] () -- C:\Users\Danny *****\defogger_reenable
[2012.06.19 21:26:50 | 000,050,477 | ---- | C] () -- C:\Users\Danny *****\Desktop\Defogger.exe
[2012.06.17 23:27:34 | 000,000,589 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.06.15 23:01:25 | 000,000,585 | ---- | C] () -- C:\Users\Danny *****\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.05.11 20:22:21 | 000,358,183 | ---- | C] () -- C:\Users\Danny *****\Umbauanleitung_komplett1.pdf
[2012.04.20 20:34:20 | 002,076,309 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\ntkrlICE.exe
[2012.04.20 20:34:20 | 000,570,073 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\gui.exe
[2012.04.20 20:34:20 | 000,397,900 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\4GB_GER.exe
[2012.04.20 20:34:20 | 000,397,900 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\4GB_EN.exe
[2012.04.20 20:34:20 | 000,000,518 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\UNAWAVE_EN.url
[2012.04.20 20:34:20 | 000,000,240 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\UPDATE.url
[2012.04.20 20:34:20 | 000,000,216 | ---- | C] () -- C:\Users\Danny *****\AppData\Local\UNAWAVE_GER.url
[2012.03.09 22:03:47 | 000,429,607 | ---- | C] () -- C:\Users\Danny *****\New Look Polstermöbel.pdf
[2012.02.06 19:50:18 | 000,031,910 | ---- | C] () -- C:\Windows\SSUMLT0G.INI
[2012.01.17 23:58:15 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012.01.11 18:35:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@
[2012.01.11 18:35:15 | 000,002,048 | -HS- | C] () -- C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@
[2012.01.06 19:56:17 | 000,000,033 | ---- | C] () -- C:\Windows\MEGAPFAD.INI
[2012.01.02 12:53:29 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2012.01.02 12:53:28 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2012.01.02 12:53:28 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2012.01.02 12:51:27 | 000,097,792 | ---- | C] () -- C:\Windows\nshe.sys
[2012.01.02 12:51:27 | 000,000,269 | ---- | C] () -- C:\Windows\ETKINST.INI
[2012.01.01 16:53:01 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.01 16:17:47 | 000,653,598 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.01.01 16:17:47 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.01.01 16:17:47 | 000,130,256 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.01.01 16:17:47 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.01.01 15:53:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2012.01.01 15:44:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.01 15:37:59 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.01.01 15:37:59 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== LOP Check ==========
 
[2012.05.24 22:45:50 | 000,000,000 | ---D | M] -- C:\Users\Celine Schrader\AppData\Roaming\Foxit Software
[2012.05.11 21:47:05 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Ashampoo
[2012.06.17 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Audacity
[2012.05.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Canneverbe Limited
[2012.01.06 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Foxit Software
[2012.04.20 13:00:49 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\HD Tune Pro
[2012.01.01 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\InterTrust
[2012.06.15 23:04:35 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Samsung
[2012.06.15 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Temp
[2012.06.05 20:39:39 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.02 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Adobe
[2012.01.08 19:58:38 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Apple Computer
[2012.05.11 21:47:05 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Ashampoo
[2012.01.01 15:45:49 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\ATI
[2012.06.17 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Audacity
[2012.01.02 22:32:46 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Avira
[2012.05.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Canneverbe Limited
[2012.01.06 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Foxit Software
[2012.04.20 13:00:49 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\HD Tune Pro
[2012.01.01 15:30:00 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Identities
[2012.01.01 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\InterTrust
[2012.01.02 22:05:01 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Macromedia
[2012.06.10 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Malwarebytes
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Media Center Programs
[2012.06.20 19:27:10 | 000,000,000 | --SD | M] -- C:\Users\Danny *****\AppData\Roaming\Microsoft
[2012.01.01 16:06:25 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Mozilla
[2012.06.15 23:04:35 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Samsung
[2012.06.15 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\Temp
[2012.01.02 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\vlc
[2012.01.01 15:49:10 | 000,000,000 | ---D | M] -- C:\Users\Danny *****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.24 15:27:51 | 000,010,134 | R--- | M] () -- C:\Users\Danny *****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

Meinen Nachnamen habe ich im Log mit "*****" untkenntlich gemacht

cosinus · 28.06.2012, 12:10

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481020
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD CC 9B 75 8D C8 CC 01  [binary data]
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=2&q="
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.13 06:14:06 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2008.05.13 06:53:30 | 000,000,064 | R--- | M] () - E:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun\setup.exe -- [2008.08.13 06:13:38 | 000,159,804 | R--- | M] ()
:Files
C:\Users\Danny Kemmerle\AppData\Local\Wtrmrk.exe
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@
C:\Users\Danny Kemmerle\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

thesaint225 · 28.06.2012, 14:34

Hier das Log vom OTL Fix

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5786d022-540e-4699-b350-b4be0ae94b79} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5786d022-540e-4699-b350-b4be0ae94b79}\ not found.
HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Ashampoo DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=2&q=" removed from keyword.URL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File move failed. E:\AutoRun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
File move failed. E:\AutoRun\setup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Danny *****\AppData\Local\Wtrmrk.exe moved successfully.
C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@ moved successfully.
File\Folder C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n not found.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U folder moved successfully.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Celine *****
->Temp folder emptied: 30717359 bytes
->Temporary Internet Files folder emptied: 10204661 bytes
->Java cache emptied: 16981 bytes
->FireFox cache emptied: 829195725 bytes
->Flash cache emptied: 30226 bytes
 
User: Danny *****
->Temp folder emptied: 48334919 bytes
->Temporary Internet Files folder emptied: 120326435 bytes
->Java cache emptied: 992070 bytes
->FireFox cache emptied: 840076725 bytes
->Flash cache emptied: 44913 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Neuer Ordner
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120018933 bytes
RecycleBin emptied: 846806 bytes
 
Total Files Cleaned = 1.908,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Celine *****
->Flash cache emptied: 0 bytes
 
User: Danny *****
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Neuer Ordner
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_152140

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRun\setup.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2008.05.13 06:53:30 | 000,000,064 | R--- | M] () E:\AutoRun.inf : MD5=8D8CAE97132183E97207968F3DB99C8B
[2008.08.13 06:13:38 | 000,159,804 | R--- | M] () E:\AutoRun\setup.exe : MD5=9E09E79D69E40FC4D6D154A99AFB9502
[2012.06.28 15:28:37 | 008,405,015 | ---- | M] () C:\Windows\temp\hlktmp : Unable to obtain MD5

Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-4183481831-3259313129-1071095697-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5786d022-540e-4699-b350-b4be0ae94b79} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5786d022-540e-4699-b350-b4be0ae94b79}\ not found.
HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4183481831-3259313129-1071095697-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Ashampoo DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481020&SearchSource=2&q=" removed from keyword.URL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File move failed. E:\AutoRun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7cb2691-347b-11e1-9b65-806e6f6e6963}\ not found.
File move failed. E:\AutoRun\setup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Danny *****\AppData\Local\Wtrmrk.exe moved successfully.
C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@ moved successfully.
File\Folder C:\Users\Danny *****\AppData\Local\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\n not found.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\U folder moved successfully.
C:\Windows\Installer\{e0e7ca75-6c14-93a3-456b-094d8dfff2e0}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Celine *****
->Temp folder emptied: 30717359 bytes
->Temporary Internet Files folder emptied: 10204661 bytes
->Java cache emptied: 16981 bytes
->FireFox cache emptied: 829195725 bytes
->Flash cache emptied: 30226 bytes
 
User: Danny *****
->Temp folder emptied: 48334919 bytes
->Temporary Internet Files folder emptied: 120326435 bytes
->Java cache emptied: 992070 bytes
->FireFox cache emptied: 840076725 bytes
->Flash cache emptied: 44913 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Neuer Ordner
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120018933 bytes
RecycleBin emptied: 846806 bytes
 
Total Files Cleaned = 1.908,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Celine *****
->Flash cache emptied: 0 bytes
 
User: Danny *****
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Neuer Ordner
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_152140

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRun\setup.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2008.05.13 06:53:30 | 000,000,064 | R--- | M] () E:\AutoRun.inf : MD5=8D8CAE97132183E97207968F3DB99C8B
[2008.08.13 06:13:38 | 000,159,804 | R--- | M] () E:\AutoRun\setup.exe : MD5=9E09E79D69E40FC4D6D154A99AFB9502
[2012.06.28 15:28:37 | 008,405,015 | ---- | M] () C:\Windows\temp\hlktmp : Unable to obtain MD5

Registry entries deleted on Reboot...

cosinus · 29.06.2012, 09:59

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

thesaint225 · 29.06.2012, 11:16

Hier der TDSS KIller Log:

Code:

ATTFilter

12:12:38.0570 5172	TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
12:12:38.0715 5172	============================================================
12:12:38.0715 5172	Current date / time: 2012/06/29 12:12:38.0715
12:12:38.0715 5172	SystemInfo:
12:12:38.0715 5172	
12:12:38.0715 5172	OS Version: 6.1.7600 ServicePack: 0.0
12:12:38.0715 5172	Product type: Workstation
12:12:38.0715 5172	ComputerName: CELINE-LAPTOP
12:12:38.0715 5172	UserName: Danny *****
12:12:38.0715 5172	Windows directory: C:\Windows
12:12:38.0715 5172	System windows directory: C:\Windows
12:12:38.0715 5172	Processor architecture: Intel x86
12:12:38.0715 5172	Number of processors: 2
12:12:38.0715 5172	Page size: 0x1000
12:12:38.0715 5172	Boot type: Normal boot
12:12:38.0715 5172	============================================================
12:12:41.0545 5172	Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
12:12:41.0565 5172	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:12:41.0565 5172	Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:12:41.0565 5172	============================================================
12:12:41.0565 5172	\Device\Harddisk1\DR1:
12:12:41.0565 5172	MBR partitions:
12:12:41.0565 5172	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
12:12:41.0565 5172	\Device\Harddisk0\DR0:
12:12:41.0565 5172	MBR partitions:
12:12:41.0565 5172	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2711637
12:12:41.0565 5172	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x950A408
12:12:41.0595 5172	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBC1C800, BlocksNum 0x19811800
12:12:41.0595 5172	\Device\Harddisk1\DR1:
12:12:41.0595 5172	MBR partitions:
12:12:41.0595 5172	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
12:12:41.0595 5172	============================================================
12:12:41.0675 5172	C: <-> \Device\Harddisk0\DR0\Partition1
12:12:41.0855 5172	D: <-> \Device\Harddisk0\DR0\Partition2
12:12:41.0865 5172	============================================================
12:12:41.0865 5172	Initialize success
12:12:41.0865 5172	============================================================
12:13:24.0956 5544	============================================================
12:13:24.0956 5544	Scan started
12:13:24.0956 5544	Mode: Manual; SigCheck; TDLFS; 
12:13:24.0956 5544	============================================================
12:13:26.0828 5544	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
12:13:26.0984 5544	1394ohci - ok
12:13:27.0062 5544	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
12:13:27.0093 5544	ACPI - ok
12:13:27.0140 5544	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
12:13:27.0202 5544	AcpiPmi - ok
12:13:27.0296 5544	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:13:27.0358 5544	adp94xx - ok
12:13:27.0421 5544	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:13:27.0467 5544	adpahci - ok
12:13:27.0514 5544	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:13:27.0545 5544	adpu320 - ok
12:13:27.0592 5544	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:13:27.0623 5544	AeLookupSvc - ok
12:13:27.0717 5544	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
12:13:27.0795 5544	AFD - ok
12:13:27.0842 5544	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
12:13:27.0857 5544	agp440 - ok
12:13:27.0904 5544	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:13:27.0935 5544	aic78xx - ok
12:13:27.0982 5544	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:13:28.0045 5544	ALG - ok
12:13:28.0091 5544	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
12:13:28.0123 5544	aliide - ok
12:13:28.0185 5544	AMD External Events Utility (af5cb8ec87a250c875deefb378b12c2d) C:\Windows\system32\atiesrxx.exe
12:13:28.0247 5544	AMD External Events Utility - ok
12:13:28.0263 5544	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
12:13:28.0294 5544	amdagp - ok
12:13:28.0325 5544	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
12:13:28.0357 5544	amdide - ok
12:13:28.0372 5544	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:13:28.0419 5544	AmdK8 - ok
12:13:28.0981 5544	amdkmdag        (a4130fd679dad70c1f8cc0c0b84d26be) C:\Windows\system32\DRIVERS\atikmdag.sys
12:13:29.0199 5544	amdkmdag - ok
12:13:29.0386 5544	amdkmdap        (e4ccbe2ff01badf1972c8a034b3d7c88) C:\Windows\system32\DRIVERS\atikmpag.sys
12:13:29.0433 5544	amdkmdap - ok
12:13:29.0480 5544	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:13:29.0542 5544	AmdPPM - ok
12:13:29.0573 5544	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
12:13:29.0605 5544	amdsata - ok
12:13:29.0651 5544	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:13:29.0683 5544	amdsbs - ok
12:13:29.0714 5544	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
12:13:29.0729 5544	amdxata - ok
12:13:29.0823 5544	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) D:\Avira\Avira\AntiVir Desktop\sched.exe
12:13:29.0854 5544	AntiVirSchedulerService - ok
12:13:29.0932 5544	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) D:\Avira\Avira\AntiVir Desktop\avguard.exe
12:13:29.0948 5544	AntiVirService - ok
12:13:29.0995 5544	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
12:13:30.0073 5544	AppID - ok
12:13:30.0119 5544	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:13:30.0275 5544	AppIDSvc - ok
12:13:30.0307 5544	Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
12:13:30.0369 5544	Appinfo - ok
12:13:30.0478 5544	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:13:30.0509 5544	Apple Mobile Device - ok
12:13:30.0556 5544	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:13:30.0619 5544	AppMgmt - ok
12:13:30.0681 5544	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:13:30.0697 5544	arc - ok
12:13:30.0712 5544	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:13:30.0743 5544	arcsas - ok
12:13:30.0759 5544	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:30.0915 5544	AsyncMac - ok
12:13:30.0931 5544	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
12:13:30.0946 5544	atapi - ok
12:13:31.0196 5544	athr            (31cb2740bfdbac1e48e2b7ead38f0d27) C:\Windows\system32\DRIVERS\athr.sys
12:13:31.0367 5544	athr - ok
12:13:31.0570 5544	AtiHDAudioService (c8b17ac82ad2ee9e0e58e3461008c5f7) C:\Windows\system32\drivers\AtihdW73.sys
12:13:31.0601 5544	AtiHDAudioService - ok
12:13:31.0664 5544	AtiHdmiService  (e2398389648b5d44dc63ca43fdd5b3f8) C:\Windows\system32\drivers\AtiHdmi.sys
12:13:31.0679 5544	AtiHdmiService - ok
12:13:31.0742 5544	AtiPcie         (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:13:31.0757 5544	AtiPcie - ok
12:13:31.0851 5544	AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:13:31.0960 5544	AudioEndpointBuilder - ok
12:13:31.0960 5544	Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:13:32.0007 5544	Audiosrv - ok
12:13:32.0038 5544	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
12:13:32.0069 5544	avgntflt - ok
12:13:32.0101 5544	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
12:13:32.0132 5544	avipbb - ok
12:13:32.0163 5544	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:13:32.0179 5544	avkmgr - ok
12:13:32.0241 5544	AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
12:13:32.0319 5544	AxInstSV - ok
12:13:32.0397 5544	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:13:32.0459 5544	b06bdrv - ok
12:13:32.0553 5544	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:13:32.0647 5544	b57nd60x - ok
12:13:32.0740 5544	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:13:32.0818 5544	BDESVC - ok
12:13:32.0849 5544	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:13:32.0927 5544	Beep - ok
12:13:33.0037 5544	Belkin Home Base Control Center Service (cd3e06541caa935c6c299a95d4e0f771) C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe
12:13:33.0052 5544	Belkin Home Base Control Center Service ( UnsignedFile.Multi.Generic ) - warning
12:13:33.0052 5544	Belkin Home Base Control Center Service - detected UnsignedFile.Multi.Generic (1)
12:13:33.0115 5544	Belkin Local Backup Service (2893c9132f539ff3f964efd38ead1755) C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe
12:13:33.0130 5544	Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
12:13:33.0130 5544	Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
12:13:33.0239 5544	BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
12:13:33.0349 5544	BITS - ok
12:13:33.0380 5544	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:13:33.0395 5544	blbdrive - ok
12:13:33.0520 5544	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:13:33.0551 5544	Bonjour Service - ok
12:13:33.0598 5544	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
12:13:33.0661 5544	bowser - ok
12:13:33.0676 5544	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:13:33.0723 5544	BrFiltLo - ok
12:13:33.0739 5544	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:13:33.0801 5544	BrFiltUp - ok
12:13:33.0848 5544	Browser         (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
12:13:33.0941 5544	Browser - ok
12:13:33.0988 5544	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:13:34.0066 5544	Brserid - ok
12:13:34.0097 5544	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:13:34.0144 5544	BrSerWdm - ok
12:13:34.0175 5544	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:13:34.0222 5544	BrUsbMdm - ok
12:13:34.0222 5544	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:13:34.0269 5544	BrUsbSer - ok
12:13:34.0300 5544	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:13:34.0347 5544	BTHMODEM - ok
12:13:34.0409 5544	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:13:34.0456 5544	bthserv - ok
12:13:34.0519 5544	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:13:34.0581 5544	cdfs - ok
12:13:34.0643 5544	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
12:13:34.0706 5544	cdrom - ok
12:13:34.0737 5544	CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:13:34.0815 5544	CertPropSvc - ok
12:13:34.0846 5544	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:13:34.0862 5544	circlass - ok
12:13:34.0909 5544	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:13:34.0940 5544	CLFS - ok
12:13:35.0049 5544	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:35.0065 5544	clr_optimization_v2.0.50727_32 - ok
12:13:35.0158 5544	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:35.0189 5544	clr_optimization_v4.0.30319_32 - ok
12:13:35.0221 5544	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:13:35.0252 5544	CmBatt - ok
12:13:35.0283 5544	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
12:13:35.0314 5544	cmdide - ok
12:13:35.0377 5544	CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
12:13:35.0470 5544	CNG - ok
12:13:35.0486 5544	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:13:35.0517 5544	Compbatt - ok
12:13:35.0548 5544	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:13:35.0579 5544	CompositeBus - ok
12:13:35.0611 5544	COMSysApp - ok
12:13:35.0626 5544	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:13:35.0642 5544	crcdisk - ok
12:13:35.0689 5544	CryptSvc        (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
12:13:35.0751 5544	CryptSvc - ok
12:13:35.0829 5544	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
12:13:35.0891 5544	CSC - ok
12:13:35.0969 5544	CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
12:13:36.0032 5544	CscService - ok
12:13:36.0110 5544	DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:13:36.0188 5544	DcomLaunch - ok
12:13:36.0235 5544	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:13:36.0313 5544	defragsvc - ok
12:13:36.0422 5544	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
12:13:36.0469 5544	DfsC - ok
12:13:36.0500 5544	dgderdrv - ok
12:13:36.0547 5544	dg_ssudbus      (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\Windows\system32\DRIVERS\ssudbus.sys
12:13:36.0578 5544	dg_ssudbus - ok
12:13:36.0656 5544	Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
12:13:36.0749 5544	Dhcp - ok
12:13:36.0781 5544	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:13:36.0859 5544	discache - ok
12:13:36.0874 5544	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:13:36.0890 5544	Disk - ok
12:13:36.0937 5544	Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
12:13:36.0999 5544	Dnscache - ok
12:13:37.0046 5544	dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
12:13:37.0139 5544	dot3svc - ok
12:13:37.0171 5544	DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
12:13:37.0233 5544	DPS - ok
12:13:37.0264 5544	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:13:37.0280 5544	drmkaud - ok
12:13:37.0389 5544	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
12:13:37.0451 5544	DXGKrnl - ok
12:13:37.0483 5544	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:13:37.0529 5544	EapHost - ok
12:13:37.0857 5544	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:13:38.0029 5544	ebdrv - ok
12:13:38.0169 5544	EFS             (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
12:13:38.0216 5544	EFS - ok
12:13:38.0325 5544	ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
12:13:38.0419 5544	ehRecvr - ok
12:13:38.0450 5544	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:13:38.0512 5544	ehSched - ok
12:13:38.0653 5544	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:13:38.0715 5544	elxstor - ok
12:13:38.0731 5544	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
12:13:38.0762 5544	ErrDev - ok
12:13:38.0824 5544	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:13:38.0887 5544	EventSystem - ok
12:13:38.0918 5544	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:13:38.0980 5544	exfat - ok
12:13:39.0011 5544	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:13:39.0058 5544	fastfat - ok
12:13:39.0167 5544	Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
12:13:39.0245 5544	Fax - ok
12:13:39.0277 5544	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:13:39.0308 5544	fdc - ok
12:13:39.0339 5544	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:13:39.0401 5544	fdPHost - ok
12:13:39.0417 5544	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:13:39.0464 5544	FDResPub - ok
12:13:39.0479 5544	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:13:39.0479 5544	FileInfo - ok
12:13:39.0511 5544	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:13:39.0573 5544	Filetrace - ok
12:13:39.0589 5544	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:13:39.0635 5544	flpydisk - ok
12:13:39.0682 5544	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:13:39.0713 5544	FltMgr - ok
12:13:39.0838 5544	FontCache       (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
12:13:39.0932 5544	FontCache - ok
12:13:39.0994 5544	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:13:40.0025 5544	FontCache3.0.0.0 - ok
12:13:40.0057 5544	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:13:40.0088 5544	FsDepends - ok
12:13:40.0119 5544	Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
12:13:40.0135 5544	Fs_Rec - ok
12:13:40.0197 5544	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
12:13:40.0244 5544	fvevol - ok
12:13:40.0275 5544	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:13:40.0291 5544	gagp30kx - ok
12:13:40.0306 5544	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:13:40.0322 5544	GEARAspiWDM - ok
12:13:40.0400 5544	gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
12:13:40.0478 5544	gpsvc - ok
12:13:40.0603 5544	Hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
12:13:40.0681 5544	Hardlock - ok
12:13:40.0712 5544	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:13:40.0774 5544	hcw85cir - ok
12:13:40.0837 5544	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
12:13:40.0899 5544	HdAudAddService - ok
12:13:40.0946 5544	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:13:40.0993 5544	HDAudBus - ok
12:13:41.0024 5544	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:13:41.0071 5544	HidBatt - ok
12:13:41.0102 5544	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:13:41.0149 5544	HidBth - ok
12:13:41.0195 5544	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:13:41.0242 5544	HidIr - ok
12:13:41.0289 5544	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
12:13:41.0351 5544	hidserv - ok
12:13:41.0398 5544	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
12:13:41.0429 5544	HidUsb - ok
12:13:41.0461 5544	hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
12:13:41.0539 5544	hkmsvc - ok
12:13:41.0570 5544	HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
12:13:41.0632 5544	HomeGroupListener - ok
12:13:41.0679 5544	HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
12:13:41.0710 5544	HomeGroupProvider - ok
12:13:41.0773 5544	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:13:41.0804 5544	HpSAMD - ok
12:13:41.0882 5544	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
12:13:41.0960 5544	HTTP - ok
12:13:41.0975 5544	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
12:13:41.0991 5544	hwpolicy - ok
12:13:42.0053 5544	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
12:13:42.0085 5544	i8042prt - ok
12:13:42.0147 5544	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
12:13:42.0209 5544	iaStorV - ok
12:13:42.0365 5544	idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:13:42.0428 5544	idsvc - ok
12:13:42.0475 5544	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:13:42.0490 5544	iirsp - ok
12:13:42.0599 5544	IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
12:13:42.0709 5544	IKEEXT - ok
12:13:43.0036 5544	IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\Windows\system32\drivers\RTKVHDA.sys
12:13:43.0114 5544	IntcAzAudAddService - ok
12:13:43.0286 5544	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
12:13:43.0317 5544	intelide - ok
12:13:43.0348 5544	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:13:43.0395 5544	intelppm - ok
12:13:43.0442 5544	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:13:43.0551 5544	IPBusEnum - ok
12:13:43.0567 5544	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:43.0645 5544	IpFilterDriver - ok
12:13:43.0676 5544	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:13:43.0723 5544	IPMIDRV - ok
12:13:43.0754 5544	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:13:43.0832 5544	IPNAT - ok
12:13:44.0003 5544	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:13:44.0050 5544	iPod Service - ok
12:13:44.0097 5544	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:13:44.0144 5544	IRENUM - ok
12:13:44.0159 5544	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
12:13:44.0175 5544	isapnp - ok
12:13:44.0206 5544	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
12:13:44.0237 5544	iScsiPrt - ok
12:13:44.0269 5544	JMCR            (2254a5e78c55fd8f68f9676590468531) C:\Windows\system32\DRIVERS\jmcr.sys
12:13:44.0284 5544	JMCR - ok
12:13:44.0347 5544	JME             (2f1ed2146f62b26a6136a96901feb492) C:\Windows\system32\DRIVERS\JME.sys
12:13:44.0362 5544	JME - ok
12:13:44.0409 5544	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:44.0440 5544	kbdclass - ok
12:13:44.0471 5544	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:44.0518 5544	kbdhid - ok
12:13:44.0549 5544	KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:13:44.0565 5544	KeyIso - ok
12:13:44.0596 5544	KMService       (4635935fc972c582632bf45c26bfcb0e) C:\Windows\system32\srvany.exe
12:13:44.0627 5544	KMService ( UnsignedFile.Multi.Generic ) - warning
12:13:44.0627 5544	KMService - detected UnsignedFile.Multi.Generic (1)
12:13:44.0659 5544	KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
12:13:44.0690 5544	KSecDD - ok
12:13:44.0705 5544	KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
12:13:44.0721 5544	KSecPkg - ok
12:13:44.0783 5544	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:13:44.0893 5544	KtmRm - ok
12:13:44.0955 5544	LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
12:13:45.0002 5544	LanmanServer - ok
12:13:45.0049 5544	LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
12:13:45.0111 5544	LanmanWorkstation - ok
12:13:45.0220 5544	LcSvrAdm        (2f5a3b202e772285e8f413b5138024e7) d:\ElsaWin\bin\LcSvrAdm.exe
12:13:45.0251 5544	LcSvrAdm ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0251 5544	LcSvrAdm - detected UnsignedFile.Multi.Generic (1)
12:13:45.0361 5544	LcSvrAuf        (b0020f2d5ca4da6d59522f22f84d4ce8) d:\ElsaWin\bin\LcSvrAuf.exe
12:13:45.0423 5544	LcSvrAuf ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0423 5544	LcSvrAuf - detected UnsignedFile.Multi.Generic (1)
12:13:45.0470 5544	LcSvrDba        (292cb3c3d00c7e4a17ccdd5920faa2bf) d:\ElsaWin\bin\LcSvrDba.exe
12:13:45.0517 5544	LcSvrDba ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0517 5544	LcSvrDba - detected UnsignedFile.Multi.Generic (1)
12:13:45.0563 5544	LcSvrHis        (1a634a6e80a436b53623757a4df9165a) d:\ElsaWin\bin\LcSvrHis.exe
12:13:45.0595 5544	LcSvrHis ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0595 5544	LcSvrHis - detected UnsignedFile.Multi.Generic (1)
12:13:45.0673 5544	LcSvrPAS        (b8a3f27cd1527f509da4c3e0e843299e) d:\ElsaWin\bin\LcSvrPas.exe
12:13:45.0704 5544	LcSvrPAS ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0704 5544	LcSvrPAS - detected UnsignedFile.Multi.Generic (1)
12:13:45.0782 5544	LcSvrSaz        (7b50d309bce57162a5e4383fc003e477) d:\ElsaWin\bin\LcSvrSaz.exe
12:13:45.0797 5544	LcSvrSaz ( UnsignedFile.Multi.Generic ) - warning
12:13:45.0797 5544	LcSvrSaz - detected UnsignedFile.Multi.Generic (1)
12:13:45.0860 5544	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:13:45.0938 5544	lltdio - ok
12:13:45.0969 5544	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:13:46.0016 5544	lltdsvc - ok
12:13:46.0031 5544	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:13:46.0109 5544	lmhosts - ok
12:13:46.0187 5544	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:13:46.0219 5544	LSI_FC - ok
12:13:46.0234 5544	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:13:46.0250 5544	LSI_SAS - ok
12:13:46.0265 5544	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:13:46.0281 5544	LSI_SAS2 - ok
12:13:46.0312 5544	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:13:46.0328 5544	LSI_SCSI - ok
12:13:46.0359 5544	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:13:46.0421 5544	luafv - ok
12:13:46.0484 5544	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:13:46.0515 5544	MBAMProtector - ok
12:13:46.0655 5544	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:13:46.0687 5544	MBAMService - ok
12:13:46.0718 5544	Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
12:13:46.0749 5544	Mcx2Svc - ok
12:13:46.0765 5544	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:13:46.0796 5544	megasas - ok
12:13:46.0874 5544	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:13:46.0905 5544	MegaSR - ok
12:13:46.0999 5544	Microsoft SharePoint Workspace Audit Service - ok
12:13:47.0045 5544	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:13:47.0108 5544	MMCSS - ok
12:13:47.0139 5544	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:13:47.0233 5544	Modem - ok
12:13:47.0264 5544	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:13:47.0295 5544	monitor - ok
12:13:47.0311 5544	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:13:47.0326 5544	mouclass - ok
12:13:47.0357 5544	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:13:47.0404 5544	mouhid - ok
12:13:47.0435 5544	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
12:13:47.0467 5544	mountmgr - ok
12:13:47.0591 5544	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:13:47.0623 5544	MozillaMaintenance - ok
12:13:47.0669 5544	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
12:13:47.0716 5544	mpio - ok
12:13:47.0732 5544	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:13:47.0810 5544	mpsdrv - ok
12:13:47.0825 5544	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
12:13:47.0872 5544	MRxDAV - ok
12:13:47.0919 5544	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:47.0966 5544	mrxsmb - ok
12:13:47.0997 5544	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:48.0059 5544	mrxsmb10 - ok
12:13:48.0091 5544	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:48.0137 5544	mrxsmb20 - ok
12:13:48.0184 5544	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
12:13:48.0200 5544	msahci - ok
12:13:48.0231 5544	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
12:13:48.0278 5544	msdsm - ok
12:13:48.0309 5544	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:13:48.0356 5544	MSDTC - ok
12:13:48.0387 5544	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:13:48.0434 5544	Msfs - ok
12:13:48.0449 5544	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:13:48.0496 5544	mshidkmdf - ok
12:13:48.0512 5544	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
12:13:48.0527 5544	msisadrv - ok
12:13:48.0574 5544	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:13:48.0621 5544	MSiSCSI - ok
12:13:48.0621 5544	msiserver - ok
12:13:48.0668 5544	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:13:48.0730 5544	MSKSSRV - ok
12:13:48.0761 5544	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:48.0824 5544	MSPCLOCK - ok
12:13:48.0839 5544	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:13:48.0886 5544	MSPQM - ok
12:13:48.0933 5544	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:13:48.0949 5544	MsRPC - ok
12:13:48.0964 5544	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:13:48.0980 5544	mssmbios - ok
12:13:48.0995 5544	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:13:49.0027 5544	MSTEE - ok
12:13:49.0058 5544	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:13:49.0073 5544	MTConfig - ok
12:13:49.0167 5544	MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
12:13:49.0214 5544	MTsensor - ok
12:13:49.0245 5544	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:13:49.0261 5544	Mup - ok
12:13:49.0354 5544	napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
12:13:49.0463 5544	napagent - ok
12:13:49.0541 5544	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:13:49.0604 5544	NativeWifiP - ok
12:13:49.0713 5544	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
12:13:49.0760 5544	NDIS - ok
12:13:49.0775 5544	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:13:49.0838 5544	NdisCap - ok
12:13:49.0869 5544	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:49.0916 5544	NdisTapi - ok
12:13:49.0947 5544	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:50.0025 5544	Ndisuio - ok
12:13:50.0041 5544	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:50.0087 5544	NdisWan - ok
12:13:50.0103 5544	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
12:13:50.0134 5544	NDProxy - ok
12:13:50.0150 5544	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:13:50.0181 5544	NetBIOS - ok
12:13:50.0212 5544	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
12:13:50.0259 5544	NetBT - ok
12:13:50.0290 5544	Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:13:50.0306 5544	Netlogon - ok
12:13:50.0368 5544	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:13:50.0446 5544	Netman - ok
12:13:50.0477 5544	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:13:50.0540 5544	netprofm - ok
12:13:50.0618 5544	NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:13:50.0649 5544	NetTcpPortSharing - ok
12:13:50.0696 5544	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:13:50.0727 5544	nfrd960 - ok
12:13:50.0774 5544	NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
12:13:50.0867 5544	NlaSvc - ok
12:13:50.0930 5544	nmwcdnsu        (4f0de685a96dc843ccc8a861b3fac12d) C:\Windows\system32\drivers\nmwcdnsu.sys
12:13:51.0008 5544	nmwcdnsu - ok
12:13:51.0023 5544	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:13:51.0070 5544	Npfs - ok
12:13:51.0148 5544	NSHE            (f8e396f5e703d7a8f37d90f59c776268) C:\Windows\system32\Drivers\NSHE.SYS
12:13:51.0179 5544	NSHE ( UnsignedFile.Multi.Generic ) - warning
12:13:51.0179 5544	NSHE - detected UnsignedFile.Multi.Generic (1)
12:13:51.0211 5544	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:13:51.0273 5544	nsi - ok
12:13:51.0304 5544	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:13:51.0367 5544	nsiproxy - ok
12:13:51.0507 5544	Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
12:13:51.0601 5544	Ntfs - ok
12:13:51.0616 5544	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:13:51.0679 5544	Null - ok
12:13:51.0725 5544	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
12:13:51.0741 5544	nvraid - ok
12:13:51.0772 5544	nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
12:13:51.0803 5544	nvstor - ok
12:13:51.0835 5544	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
12:13:51.0850 5544	nv_agp - ok
12:13:51.0881 5544	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
12:13:51.0913 5544	ohci1394 - ok
12:13:52.0022 5544	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:13:52.0053 5544	ose - ok
12:13:52.0521 5544	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:13:52.0724 5544	osppsvc - ok
12:13:52.0942 5544	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:13:53.0036 5544	p2pimsvc - ok
12:13:53.0114 5544	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:13:53.0161 5544	p2psvc - ok
12:13:53.0239 5544	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:13:53.0285 5544	Parport - ok
12:13:53.0317 5544	partmgr         (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
12:13:53.0348 5544	partmgr - ok
12:13:53.0363 5544	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:13:53.0395 5544	Parvdm - ok
12:13:53.0441 5544	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:13:53.0488 5544	PcaSvc - ok
12:13:53.0519 5544	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
12:13:53.0551 5544	pci - ok
12:13:53.0566 5544	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
12:13:53.0597 5544	pciide - ok
12:13:53.0644 5544	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:13:53.0691 5544	pcmcia - ok
12:13:53.0707 5544	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:13:53.0722 5544	pcw - ok
12:13:53.0816 5544	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:13:53.0894 5544	PEAUTH - ok
12:13:54.0050 5544	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:13:54.0112 5544	PeerDistSvc - ok
12:13:54.0315 5544	pla             (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
12:13:54.0455 5544	pla - ok
12:13:54.0658 5544	PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
12:13:54.0783 5544	PlugPlay - ok
12:13:54.0814 5544	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:13:54.0861 5544	PNRPAutoReg - ok
12:13:54.0908 5544	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:13:54.0955 5544	PNRPsvc - ok
12:13:55.0033 5544	PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
12:13:55.0111 5544	PolicyAgent - ok
12:13:55.0157 5544	Power           (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
12:13:55.0204 5544	Power - ok
12:13:55.0282 5544	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:13:55.0360 5544	PptpMiniport - ok
12:13:55.0360 5544	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:13:55.0391 5544	Processor - ok
12:13:55.0454 5544	ProfSvc         (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
12:13:55.0516 5544	ProfSvc - ok
12:13:55.0547 5544	ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:13:55.0579 5544	ProtectedStorage - ok
12:13:55.0625 5544	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:13:55.0688 5544	Psched - ok
12:13:55.0844 5544	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:13:55.0937 5544	ql2300 - ok
12:13:56.0109 5544	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:13:56.0140 5544	ql40xx - ok
12:13:56.0203 5544	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:13:56.0265 5544	QWAVE - ok
12:13:56.0281 5544	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:13:56.0327 5544	QWAVEdrv - ok
12:13:56.0327 5544	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:13:56.0390 5544	RasAcd - ok
12:13:56.0437 5544	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:13:56.0499 5544	RasAgileVpn - ok
12:13:56.0530 5544	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:13:56.0577 5544	RasAuto - ok
12:13:56.0593 5544	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:13:56.0639 5544	Rasl2tp - ok
12:13:56.0686 5544	RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
12:13:56.0780 5544	RasMan - ok
12:13:56.0811 5544	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:13:56.0842 5544	RasPppoe - ok
12:13:56.0889 5544	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:13:56.0951 5544	RasSstp - ok
12:13:56.0983 5544	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
12:13:57.0045 5544	rdbss - ok
12:13:57.0061 5544	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:13:57.0107 5544	rdpbus - ok
12:13:57.0107 5544	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:13:57.0170 5544	RDPCDD - ok
12:13:57.0217 5544	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
12:13:57.0279 5544	RDPDR - ok
12:13:57.0310 5544	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:13:57.0388 5544	RDPENCDD - ok
12:13:57.0419 5544	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:13:57.0451 5544	RDPREFMP - ok
12:13:57.0513 5544	RDPWD           (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
12:13:57.0591 5544	RDPWD - ok
12:13:57.0638 5544	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
12:13:57.0669 5544	rdyboost - ok
12:13:57.0700 5544	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:13:57.0763 5544	RemoteAccess - ok
12:13:57.0809 5544	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:13:57.0856 5544	RemoteRegistry - ok
12:13:57.0887 5544	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:13:57.0934 5544	RpcEptMapper - ok
12:13:57.0965 5544	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:13:58.0012 5544	RpcLocator - ok
12:13:58.0059 5544	RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:13:58.0137 5544	RpcSs - ok
12:13:58.0168 5544	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:13:58.0246 5544	rspndr - ok
12:13:58.0277 5544	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
12:13:58.0340 5544	s3cap - ok
12:13:58.0371 5544	SamSs           (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:13:58.0387 5544	SamSs - ok
12:13:58.0433 5544	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
12:13:58.0465 5544	sbp2port - ok
12:13:58.0511 5544	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:13:58.0589 5544	SCardSvr - ok
12:13:58.0605 5544	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
12:13:58.0667 5544	scfilter - ok
12:13:58.0745 5544	Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
12:13:58.0839 5544	Schedule - ok
12:13:58.0870 5544	SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:13:58.0933 5544	SCPolicySvc - ok
12:13:58.0964 5544	sdbus           (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
12:13:58.0995 5544	sdbus - ok
12:13:59.0026 5544	SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
12:13:59.0073 5544	SDRSVC - ok
12:13:59.0120 5544	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:13:59.0182 5544	secdrv - ok
12:13:59.0198 5544	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:13:59.0245 5544	seclogon - ok
12:13:59.0276 5544	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
12:13:59.0323 5544	SENS - ok
12:13:59.0354 5544	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:13:59.0416 5544	SensrSvc - ok
12:13:59.0432 5544	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:13:59.0479 5544	Serenum - ok
12:13:59.0525 5544	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:13:59.0557 5544	Serial - ok
12:13:59.0588 5544	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:13:59.0619 5544	sermouse - ok
12:13:59.0666 5544	SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
12:13:59.0728 5544	SessionEnv - ok
12:13:59.0744 5544	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
12:13:59.0759 5544	sffdisk - ok
12:13:59.0759 5544	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:13:59.0791 5544	sffp_mmc - ok
12:13:59.0791 5544	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:13:59.0822 5544	sffp_sd - ok
12:13:59.0822 5544	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:13:59.0853 5544	sfloppy - ok
12:13:59.0915 5544	ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
12:13:59.0962 5544	ShellHWDetection - ok
12:13:59.0993 5544	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
12:14:00.0009 5544	sisagp - ok
12:14:00.0040 5544	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:14:00.0056 5544	SiSRaid2 - ok
12:14:00.0087 5544	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:14:00.0103 5544	SiSRaid4 - ok
12:14:00.0118 5544	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:14:00.0181 5544	Smb - ok
12:14:00.0212 5544	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:14:00.0243 5544	SNMPTRAP - ok
12:14:00.0274 5544	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:14:00.0290 5544	spldr - ok
12:14:00.0352 5544	Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
12:14:00.0430 5544	Spooler - ok
12:14:00.0758 5544	sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
12:14:00.0898 5544	sppsvc - ok
12:14:01.0070 5544	sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
12:14:01.0148 5544	sppuinotify - ok
12:14:01.0226 5544	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
12:14:01.0304 5544	srv - ok
12:14:01.0351 5544	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
12:14:01.0397 5544	srv2 - ok
12:14:01.0429 5544	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
12:14:01.0491 5544	srvnet - ok
12:14:01.0538 5544	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:14:01.0631 5544	SSDPSRV - ok
12:14:01.0663 5544	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:14:01.0678 5544	ssmdrv - ok
12:14:01.0709 5544	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:14:01.0756 5544	SstpSvc - ok
12:14:01.0819 5544	ssudmdm         (07318149e102fd9197ab444c27774372) C:\Windows\system32\DRIVERS\ssudmdm.sys
12:14:01.0850 5544	ssudmdm - ok
12:14:01.0865 5544	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:14:01.0897 5544	stexstor - ok
12:14:01.0990 5544	StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
12:14:02.0037 5544	StiSvc - ok
12:14:02.0084 5544	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:14:02.0099 5544	storflt - ok
12:14:02.0115 5544	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
12:14:02.0131 5544	storvsc - ok
12:14:02.0146 5544	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:14:02.0162 5544	swenum - ok
12:14:02.0224 5544	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:14:02.0302 5544	swprv - ok
12:14:02.0396 5544	sxuptp          (86083b04dc2b90397f4b47add6eaa407) C:\Windows\system32\DRIVERS\sxuptp.sys
12:14:02.0427 5544	sxuptp - ok
12:14:02.0583 5544	SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
12:14:02.0677 5544	SysMain - ok
12:14:02.0708 5544	TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
12:14:02.0723 5544	TabletInputService - ok
12:14:02.0755 5544	TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
12:14:02.0833 5544	TapiSrv - ok
12:14:02.0848 5544	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:14:02.0911 5544	TBS - ok
12:14:03.0113 5544	Tcpip           (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
12:14:03.0191 5544	Tcpip - ok
12:14:03.0223 5544	TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
12:14:03.0269 5544	TCPIP6 - ok
12:14:03.0301 5544	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
12:14:03.0347 5544	tcpipreg - ok
12:14:03.0379 5544	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
12:14:03.0441 5544	TDPIPE - ok
12:14:03.0472 5544	TDTCP           (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
12:14:03.0519 5544	TDTCP - ok
12:14:03.0566 5544	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
12:14:03.0644 5544	tdx - ok
12:14:03.0659 5544	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
12:14:03.0675 5544	TermDD - ok
12:14:03.0769 5544	TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
12:14:03.0862 5544	TermService - ok
12:14:03.0878 5544	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:14:03.0909 5544	Themes - ok
12:14:03.0940 5544	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:14:03.0971 5544	THREADORDER - ok
12:14:04.0003 5544	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:14:04.0065 5544	TrkWks - ok
12:14:04.0143 5544	TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
12:14:04.0174 5544	TrustedInstaller - ok
12:14:04.0205 5544	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:14:04.0252 5544	tssecsrv - ok
12:14:04.0315 5544	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
12:14:04.0377 5544	tunnel - ok
12:14:04.0408 5544	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:14:04.0424 5544	uagp35 - ok
12:14:04.0455 5544	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
12:14:04.0502 5544	udfs - ok
12:14:04.0549 5544	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:14:04.0595 5544	UI0Detect - ok
12:14:04.0627 5544	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:14:04.0658 5544	uliagpkx - ok
12:14:04.0689 5544	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
12:14:04.0736 5544	umbus - ok
12:14:04.0767 5544	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:14:04.0814 5544	UmPass - ok
12:14:04.0861 5544	UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
12:14:04.0923 5544	UmRdpService - ok
12:14:04.0970 5544	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:14:05.0063 5544	upnphost - ok
12:14:05.0126 5544	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
12:14:05.0157 5544	USBAAPL - ok
12:14:05.0188 5544	usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
12:14:05.0251 5544	usbccgp - ok
12:14:05.0297 5544	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:14:05.0344 5544	usbcir - ok
12:14:05.0360 5544	usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
12:14:05.0391 5544	usbehci - ok
12:14:05.0438 5544	usbfilter       (fb0e8b624d1f7e214edb3d6e56b4ec88) C:\Windows\system32\DRIVERS\usbfilter.sys
12:14:05.0469 5544	usbfilter - ok
12:14:05.0531 5544	usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
12:14:05.0563 5544	usbhub - ok
12:14:05.0594 5544	usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
12:14:05.0625 5544	usbohci - ok
12:14:05.0672 5544	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:14:05.0734 5544	usbprint - ok
12:14:05.0765 5544	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:14:05.0812 5544	usbscan - ok
12:14:05.0859 5544	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:14:05.0921 5544	USBSTOR - ok
12:14:05.0937 5544	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
12:14:05.0968 5544	usbuhci - ok
12:14:06.0031 5544	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
12:14:06.0093 5544	usbvideo - ok
12:14:06.0124 5544	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:14:06.0202 5544	UxSms - ok
12:14:06.0233 5544	VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:14:06.0249 5544	VaultSvc - ok
12:14:06.0280 5544	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:14:06.0296 5544	vdrvroot - ok
12:14:06.0374 5544	vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
12:14:06.0436 5544	vds - ok
12:14:06.0467 5544	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:14:06.0514 5544	vga - ok
12:14:06.0530 5544	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:14:06.0561 5544	VgaSave - ok
12:14:06.0592 5544	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
12:14:06.0623 5544	vhdmp - ok
12:14:06.0655 5544	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
12:14:06.0686 5544	viaagp - ok
12:14:06.0717 5544	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:14:06.0748 5544	ViaC7 - ok
12:14:06.0764 5544	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
12:14:06.0779 5544	viaide - ok
12:14:06.0826 5544	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
12:14:06.0857 5544	vmbus - ok
12:14:06.0873 5544	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:14:06.0904 5544	VMBusHID - ok
12:14:06.0920 5544	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
12:14:06.0951 5544	volmgr - ok
12:14:07.0013 5544	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:14:07.0045 5544	volmgrx - ok
12:14:07.0107 5544	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
12:14:07.0138 5544	volsnap - ok
12:14:07.0201 5544	vpcbus          (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
12:14:07.0247 5544	vpcbus - ok
12:14:07.0279 5544	vpcnfltr        (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:14:07.0294 5544	vpcnfltr - ok
12:14:07.0341 5544	vpcusb          (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
12:14:07.0388 5544	vpcusb - ok
12:14:07.0497 5544	vpcvmm          (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys
12:14:07.0544 5544	vpcvmm - ok
12:14:07.0591 5544	VSGate          (dfcce776e721854f368046c5a6454a84) d:\ElsaWin\bin\VSgate.exe
12:14:07.0591 5544	VSGate ( UnsignedFile.Multi.Generic ) - warning
12:14:07.0591 5544	VSGate - detected UnsignedFile.Multi.Generic (1)
12:14:07.0653 5544	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:14:07.0684 5544	vsmraid - ok
12:14:07.0871 5544	VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
12:14:07.0949 5544	VSS - ok
12:14:07.0996 5544	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:14:08.0027 5544	vwifibus - ok
12:14:08.0059 5544	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:14:08.0105 5544	vwififlt - ok
12:14:08.0137 5544	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
12:14:08.0199 5544	vwifimp - ok
12:14:08.0246 5544	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:14:08.0324 5544	W32Time - ok
12:14:08.0371 5544	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:14:08.0386 5544	WacomPen - ok
12:14:08.0417 5544	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:08.0449 5544	WANARP - ok
12:14:08.0449 5544	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:08.0495 5544	Wanarpv6 - ok
12:14:08.0667 5544	wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
12:14:08.0761 5544	wbengine - ok
12:14:08.0792 5544	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:14:08.0854 5544	WbioSrvc - ok
12:14:08.0917 5544	wcncsvc         (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
12:14:08.0995 5544	wcncsvc - ok
12:14:09.0010 5544	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:14:09.0057 5544	WcsPlugInService - ok
12:14:09.0119 5544	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:14:09.0151 5544	Wd - ok
12:14:09.0213 5544	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:14:09.0260 5544	Wdf01000 - ok
12:14:09.0291 5544	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:14:09.0338 5544	WdiServiceHost - ok
12:14:09.0353 5544	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:14:09.0385 5544	WdiSystemHost - ok
12:14:09.0447 5544	WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
12:14:09.0494 5544	WebClient - ok
12:14:09.0541 5544	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:14:09.0634 5544	Wecsvc - ok
12:14:09.0650 5544	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:14:09.0681 5544	wercplsupport - ok
12:14:09.0697 5544	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:14:09.0743 5544	WerSvc - ok
12:14:09.0775 5544	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:14:09.0853 5544	WfpLwf - ok
12:14:09.0868 5544	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:14:09.0884 5544	WIMMount - ok
12:14:09.0899 5544	WinHttpAutoProxySvc - ok
12:14:09.0977 5544	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:14:10.0040 5544	Winmgmt - ok
12:14:10.0211 5544	WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
12:14:10.0321 5544	WinRM - ok
12:14:10.0430 5544	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
12:14:10.0461 5544	WinUsb - ok
12:14:10.0570 5544	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:14:10.0664 5544	Wlansvc - ok
12:14:10.0695 5544	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:14:10.0742 5544	WmiAcpi - ok
12:14:10.0804 5544	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:14:10.0851 5544	wmiApSrv - ok
12:14:11.0038 5544	WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:14:11.0116 5544	WMPNetworkSvc - ok
12:14:11.0163 5544	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:14:11.0194 5544	WPCSvc - ok
12:14:11.0225 5544	WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
12:14:11.0257 5544	WPDBusEnum - ok
12:14:11.0319 5544	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:14:11.0397 5544	ws2ifsl - ok
12:14:11.0413 5544	WSearch - ok
12:14:11.0631 5544	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:14:11.0740 5544	wuauserv - ok
12:14:11.0896 5544	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
12:14:11.0990 5544	WudfPf - ok
12:14:12.0021 5544	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:14:12.0083 5544	WUDFRd - ok
12:14:12.0115 5544	wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
12:14:12.0177 5544	wudfsvc - ok
12:14:12.0208 5544	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:14:12.0271 5544	WwanSvc - ok
12:14:12.0302 5544	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:14:12.0427 5544	\Device\Harddisk1\DR1 - ok
12:14:12.0442 5544	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:14:19.0119 5544	\Device\Harddisk0\DR0 - ok
12:14:19.0135 5544	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:14:19.0275 5544	\Device\Harddisk1\DR1 - ok
12:14:19.0275 5544	Boot (0x1200)   (177e814635b40f0183c1ccc9f1d8c7ad) \Device\Harddisk1\DR1\Partition0
12:14:19.0275 5544	\Device\Harddisk1\DR1\Partition0 - ok
12:14:19.0291 5544	Boot (0x1200)   (3c9e960c8d7adfa818e31e45fe23940f) \Device\Harddisk0\DR0\Partition0
12:14:19.0291 5544	\Device\Harddisk0\DR0\Partition0 - ok
12:14:19.0306 5544	Boot (0x1200)   (9dc4b93cbde9de596c7a945430ce265e) \Device\Harddisk0\DR0\Partition1
12:14:19.0306 5544	\Device\Harddisk0\DR0\Partition1 - ok
12:14:19.0337 5544	Boot (0x1200)   (eb8153a484bdd9646e76a6402778e947) \Device\Harddisk0\DR0\Partition2
12:14:19.0337 5544	\Device\Harddisk0\DR0\Partition2 - ok
12:14:19.0337 5544	Boot (0x1200)   (177e814635b40f0183c1ccc9f1d8c7ad) \Device\Harddisk1\DR1\Partition0
12:14:19.0337 5544	\Device\Harddisk1\DR1\Partition0 - ok
12:14:19.0353 5544	============================================================
12:14:19.0353 5544	Scan finished
12:14:19.0353 5544	============================================================
12:14:19.0384 5536	Detected object count: 11
12:14:19.0384 5536	Actual detected object count: 11
12:14:39.0009 5536	Belkin Home Base Control Center Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0009 5536	Belkin Home Base Control Center Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0025 5536	Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0025 5536	Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0025 5536	KMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0025 5536	KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0025 5536	LcSvrAdm ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0025 5536	LcSvrAdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0025 5536	LcSvrAuf ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0025 5536	LcSvrAuf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0040 5536	LcSvrDba ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0040 5536	LcSvrDba ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0040 5536	LcSvrHis ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0040 5536	LcSvrHis ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0040 5536	LcSvrPAS ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0040 5536	LcSvrPAS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0040 5536	LcSvrSaz ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0040 5536	LcSvrSaz ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0056 5536	NSHE ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0056 5536	NSHE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:14:39.0056 5536	VSGate ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:39.0056 5536	VSGate ( UnsignedFile.Multi.Generic ) - User select action: Skip

Weiterhin vielen Dank

Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen

Log-Analyse und Auswertung: Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen