Neuer ukash virus GVL, bekomm ihn nicht weg

ysubmarine · 22.07.2012, 18:34

Hi,
ich hab heut meinen Rechner mit einer version des ukash/100€ virus infiziert.
Hab ne Menge gegoogelt und Entfernungsmöglichkeiten ausprobiert, bin aber den Virus nicht losgeworden. (Mir is ncihts in HKLM und HKCU ...\mircosoft\current version\run etc und nichts im NT shell aufgefallen, da steht die normale explorer exe drinn

Er zeigt, nicht wie die anderen dieser sorte gvU sonder gvL und meldet wie die anderen auch das ich 100 euro per peaysafecard überweisen soll blah blah.

Komm echt net weiter, wäre nett wenn mir jemand helfen könnte.

Hier mein OTL:

Zitat:

OTL logfile created on: 22.07.2012 20:14:23 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\ysubmarine\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 7,08 Gb Available Physical Memory | 89,61% Memory free
15,79 Gb Paging File | 14,98 Gb Available in Paging File | 94,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,00 Gb Total Space | 274,82 Gb Free Space | 40,47% Space Free | Partition Type: NTFS

Computer Name: YSUBMARINE-LAP | User Name: ysubmarine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ysubmarine\Desktop\OTL.exe (OldTimer Tools)

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (TurboBoost) Intel(R) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech )
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}
IE:64bit: - HKLM\..\SearchScopes\{79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}
IE - HKLM\..\SearchScopes\{79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=102869&gct=hp
IE - HKCU\..\SearchScopes,DefaultScope = {79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}
IE - HKCU\..\SearchScopes\{2FBC758F-800E-472C-AC3B-27366D0AC79D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=c913f1da-4fd0-429b-a4c3-13f8007a99d8&apn_sauid=2B80EED1-4A47-412A-B528-432213934868&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.28 16:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 11:35:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.03 08:41:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\ysubmarine\AppData\Roaming\Mozilla\Firefox\Profiles\6v9tugs8.default\extensions\mail@gutscheinrausch.de
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 11:35:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.12.02 13:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ysubmarine\AppData\Roaming\mozilla\Extensions
[2011.12.02 13:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ysubmarine\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.07.04 22:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ysubmarine\AppData\Roaming\mozilla\Firefox\Profiles\6v9tugs8.default\extensions
[2012.03.23 14:23:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ysubmarine\AppData\Roaming\mozilla\Firefox\Profiles\6v9tugs8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\ysubmarine\AppData\Roaming\Mozilla\Firefox\Profiles\6v9tugs8.default\searchplugins\askcom.xml
[2012.04.25 23:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.28 16:18:32 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.07.04 22:10:59 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\YSUBMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6V9TUGS8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.19 11:35:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.19 11:35:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.19 11:35:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 11:35:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 11:35:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 11:35:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 11:35:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120628151722.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628151722.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - Startup: C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ysubmarine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk = C:\Users\ysubmarine\AppData\Local\Temp\mor.exe ()
O4 - Startup: C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ysubmarine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ysubmarine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79E4C00E-A7B0-45B5-9A10-A67CFA318073}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBD091C9-FE3B-4C04-8F3E-962148C40070}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a55712cf-26fa-11e1-91dc-848f69b7ed38}\Shell - "" = AutoRun
O33 - MountPoints2\{a55712cf-26fa-11e1-91dc-848f69b7ed38}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.22 20:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.07.22 19:49:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ysubmarine\Desktop\OTL.exe
[2012.07.22 17:04:18 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Roaming\Malwarebytes
[2012.07.22 17:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 17:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.22 17:04:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.22 17:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 14:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.17 14:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.12 14:43:47 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\Desktop\Versuch 8
[2012.07.11 22:58:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 22:58:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 22:58:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 22:58:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 22:58:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 22:58:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 22:58:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 22:58:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 22:58:38 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 22:58:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 22:58:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 22:58:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 22:58:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 21:36:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 21:36:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 21:36:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 21:36:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 21:35:59 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 22:54:19 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Local\ElevatedDiagnostics
[2012.07.10 22:39:54 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Roaming\UAs
[2012.07.10 16:59:31 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Roaming\xmldm
[2012.07.10 16:59:29 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Roaming\kock
[2012.07.08 22:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ReaConverter
[2012.07.08 22:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReaConverter 6.7 Standard
[2012.07.08 22:17:44 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Roaming\RCP 6
[2012.07.08 22:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReaConverter 6.7 Standard
[2012.07.05 20:22:08 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.22 20:13:43 | 000,000,000 | ---- | M] () -- C:\Users\ysubmarine\defogger_reenable
[2012.07.22 20:07:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 20:07:26 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 20:05:49 | 000,000,904 | ---- | M] () -- C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk
[2012.07.22 19:49:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ysubmarine\Desktop\OTL.exe
[2012.07.22 17:04:53 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 16:49:21 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.07.22 10:05:45 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 10:05:45 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 09:58:15 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.07.22 02:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.07.14 11:30:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.14 11:30:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.13 10:32:39 | 000,000,206 | ---- | M] () -- C:\Users\ysubmarine\Desktop\Portal.url
[2012.07.13 10:32:39 | 000,000,206 | ---- | M] () -- C:\Users\ysubmarine\Desktop\Portal 2.url
[2012.07.12 10:24:16 | 004,907,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.09 15:45:49 | 000,071,685 | ---- | M] () -- C:\Users\ysubmarine\Desktop\Fluidisation_Daten.ods
[2012.07.08 14:40:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.08 14:40:47 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.08 14:40:47 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.08 14:40:47 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.08 14:40:47 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.08 11:56:14 | 000,109,360 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.07.08 11:56:14 | 000,015,664 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
[2012.07.03 18:14:46 | 000,140,416 | ---- | M] () -- C:\Users\ysubmarine\Desktop\Protokoll Pyrolyse.odt
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.22 20:13:43 | 000,000,000 | ---- | C] () -- C:\Users\ysubmarine\defogger_reenable
[2012.07.22 17:04:14 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 16:26:48 | 000,000,904 | ---- | C] () -- C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk
[2012.07.22 02:00:18 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.07.13 10:32:39 | 000,000,206 | ---- | C] () -- C:\Users\ysubmarine\Desktop\Portal.url
[2012.07.13 10:32:39 | 000,000,206 | ---- | C] () -- C:\Users\ysubmarine\Desktop\Portal 2.url
[2012.07.09 15:45:47 | 000,071,685 | ---- | C] () -- C:\Users\ysubmarine\Desktop\Fluidisation_Daten.ods
[2012.07.03 17:08:51 | 000,140,416 | ---- | C] () -- C:\Users\ysubmarine\Desktop\Protokoll Pyrolyse.odt
[2012.05.17 12:03:54 | 000,003,390 | ---- | C] () -- C:\Users\ysubmarine\.recently-used.xbel
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.02 22:51:12 | 000,044,032 | ---- | C] () -- C:\Users\ysubmarine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.02 22:17:26 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.11.29 14:34:11 | 000,007,605 | ---- | C] () -- C:\Users\ysubmarine\AppData\Local\Resmon.ResmonCfg
[2011.11.25 05:07:52 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.25 05:07:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.25 05:07:00 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.25 05:06:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.25 05:06:58 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.25 05:06:57 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.02.11 12:22:50 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011.12.03 00:35:27 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.12.15 13:33:13 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\DAEMON Tools Lite
[2011.12.01 16:47:18 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\Downloaded Installations
[2012.07.22 20:06:20 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\Dropbox
[2012.03.23 14:23:15 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\DVDVideoSoft
[2012.03.23 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.28 11:48:18 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\Fingertapps
[2012.04.28 18:32:32 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\gtk-2.0
[2012.04.03 12:21:52 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\Hi-Rez Studios
[2012.07.10 16:59:29 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\kock
[2011.11.28 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\LolClient
[2012.05.24 12:57:57 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\LolClient2
[2011.12.26 01:28:55 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\ManyCam
[2011.12.13 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\OpenOffice.org
[2011.12.03 13:18:14 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\PACE Anti-Piracy
[2011.11.30 12:45:39 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\PCDr
[2012.07.11 21:36:04 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\RCP 6
[2011.12.02 13:49:34 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\Songbird2
[2011.12.03 13:19:06 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.27 03:11:08 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\TerraTec
[2011.11.29 12:36:01 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\Thunderbird
[2011.12.16 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\ts3overlay
[2012.07.17 14:37:03 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\UAs
[2012.04.14 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\wargaming.net
[2012.07.17 14:37:03 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\xmldm
[2011.11.29 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\ZinioReader4
[2012.07.22 02:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.07.22 09:58:15 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.07.05 13:56:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.22 16:49:21 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6152D44C

< End of report >

t'john · 22.07.2012, 18:51

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9} 
IE:64bit: - HKLM\..\SearchScopes\{79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9} 
IE - HKLM\..\SearchScopes\{79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=102869&gct=hp 
IE - HKCU\..\SearchScopes,DefaultScope = {79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9} 
IE - HKCU\..\SearchScopes\{2FBC758F-800E-472C-AC3B-27366D0AC79D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=c913f1da-4fd0-429b-a4c3-13f8007a99d8&apn_sauid=2B80EED1-4A47-412A-B528-432213934868& 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () 
O4 - Startup: C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk = C:\Users\ysubmarine\AppData\Local\Temp\mor.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{a55712cf-26fa-11e1-91dc-848f69b7ed38}\Shell - "" = AutoRun 
O33 - MountPoints2\{a55712cf-26fa-11e1-91dc-848f69b7ed38}\Shell\AutoRun\command - "" = E:\setup.exe 

[2012.07.22 20:05:49 | 000,000,904 | ---- | M] () -- C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk 

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6152D44C 
 

[2012.07.17 14:37:03 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\UAs 
[2012.07.17 14:37:03 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\xmldm 
[2012.07.10 22:39:54 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Roaming\UAs 
[2012.07.10 16:59:31 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Roaming\xmldm 
[2012.07.10 16:59:29 | 000,000,000 | ---D | C] -- C:\Users\ysubmarine\AppData\Roaming\kock 
[2012.07.10 16:59:29 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\kock 
[2012.07.22 20:05:49 | 000,000,904 | ---- | M] () -- C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk 
[2012.07.22 20:06:20 | 000,000,000 | ---D | M] -- C:\Users\ysubmarine\AppData\Roaming\Dropbox 
[2012.07.22 16:49:21 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job 
[2012.07.22 16:49:21 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job 
[2012.07.22 09:58:15 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job 
[2012.07.22 09:58:15 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 
[2012.07.22 02:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job 
[2012.07.22 02:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job 
[2012.07.22 16:26:48 | 000,000,904 | ---- | C] () -- C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk 
[2012.07.22 02:00:18 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job 
 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

ysubmarine · 22.07.2012, 19:05

Herzlichen Dank für die superschnelle Antwort. Hat wunderbar funktioniert. Werd mein System noch von den 2 von euch empfohlenen programmen scannen. lg

t'john · 22.07.2012, 19:59

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

ysubmarine · 22.07.2012, 20:56

ok hier die beiden loggs:

mbam:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ysubmarine :: YSUBMARINE-LAP [Administrator]

22.07.2012 20:06:50
mbam-log-2012-07-22 (20-06-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407463
Laufzeit: 1 Stunde(n), 36 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

adwc:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 21:51:46
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ysubmarine - YSUBMARINE-LAP
# Running from : C:\Users\ysubmarine\Desktop\ANTIVIR\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\ysubmarine\AppData\LocalLow\AskToolbar
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\ysubmarine\AppData\Roaming\Mozilla\Firefox\Profiles\6v9tugs8.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\ysubmarine\AppData\Roaming\Mozilla\Firefox\Profiles\6v9tugs8.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4419 octets] - [22/07/2012 21:51:46]

########## EOF - C:\AdwCleaner[R1].txt - [4547 octets] ##########

Herzlichen Dank nochmal!

t'john · 22.07.2012, 21:10

Poste mir bitte noch das Log von OTL nach dem Fix
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

ysubmarine · 22.07.2012, 23:51

_otl

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79FABADA-75E3-4FFD-BAA8-C1C3E980D7C9}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FBC758F-800E-472C-AC3B-27366D0AC79D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FBC758F-800E-472C-AC3B-27366D0AC79D}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: false removed from browser.search.update
Prefs.js: "about:home" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AccuWeatherWidget deleted successfully.
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe moved successfully.
C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk moved successfully.
C:\Users\ysubmarine\AppData\Local\Temp\mor.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a55712cf-26fa-11e1-91dc-848f69b7ed38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55712cf-26fa-11e1-91dc-848f69b7ed38}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a55712cf-26fa-11e1-91dc-848f69b7ed38}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55712cf-26fa-11e1-91dc-848f69b7ed38}\ not found.
File E:\setup.exe not found.
File C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk not found.
ADS C:\ProgramData\Temp:6152D44C deleted successfully.
C:\Users\ysubmarine\AppData\Roaming\UAs folder moved successfully.
C:\Users\ysubmarine\AppData\Roaming\xmldm folder moved successfully.
Folder C:\Users\ysubmarine\AppData\Roaming\UAs\ not found.
Folder C:\Users\ysubmarine\AppData\Roaming\xmldm\ not found.
C:\Users\ysubmarine\AppData\Roaming\kock folder moved successfully.
Folder C:\Users\ysubmarine\AppData\Roaming\kock\ not found.
File C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk not found.
Folder move failed. C:\Users\ysubmarine\AppData\Roaming\Dropbox\shellext\l scheduled to be moved on reboot.
C:\Users\ysubmarine\AppData\Roaming\Dropbox\shellext\dump folder moved successfully.
Folder move failed. C:\Users\ysubmarine\AppData\Roaming\Dropbox\shellext scheduled to be moved on reboot.
C:\Users\ysubmarine\AppData\Roaming\Dropbox\l folder moved successfully.
C:\Users\ysubmarine\AppData\Roaming\Dropbox\installer\l folder moved successfully.
C:\Users\ysubmarine\AppData\Roaming\Dropbox\installer folder moved successfully.
C:\Users\ysubmarine\AppData\Roaming\Dropbox\bin folder moved successfully.
Folder move failed. C:\Users\ysubmarine\AppData\Roaming\Dropbox scheduled to be moved on reboot.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
File C:\Windows\Tasks\SystemToolsDailyTest.job not found.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job moved successfully.
File C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job not found.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job moved successfully.
File C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job not found.
File C:\Users\ysubmarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mor.exe.lnk not found.
File C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\ysubmarine\Desktop\cmd.bat deleted successfully.
C:\Users\ysubmarine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: ysubmarine
->Temp folder emptied: 126512109 bytes
->Temporary Internet Files folder emptied: 245794687 bytes
->Java cache emptied: 994242 bytes
->FireFox cache emptied: 66965345 bytes
->Flash cache emptied: 56977 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 203207374 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 614,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
User: ysubmarine
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07222012_205801

Files\Folders moved on Reboot...
C:\Users\ysubmarine\AppData\Roaming\Dropbox\shellext\l folder moved successfully.
C:\Users\ysubmarine\AppData\Roaming\Dropbox\shellext folder moved successfully.
C:\Users\ysubmarine\AppData\Roaming\Dropbox folder moved successfully.
C:\Users\ysubmarine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\ysubmarine\AppData\Roaming\Dropbox\shellext\l not found!
File C:\Users\ysubmarine\AppData\Roaming\Dropbox\shellext not found!
File C:\Users\ysubmarine\AppData\Roaming\Dropbox not found!
File C:\Users\ysubmarine\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

adw:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 23:51:11
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ysubmarine - YSUBMARINE-LAP
# Running from : C:\Users\ysubmarine\Desktop\ANTIVIR\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\ysubmarine\AppData\LocalLow\AskToolbar
File Deleted : C:\Users\ysubmarine\AppData\Roaming\Mozilla\Firefox\Profiles\6v9tugs8.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\ysubmarine\AppData\Roaming\Mozilla\Firefox\Profiles\6v9tugs8.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4510 octets] - [22/07/2012 21:51:46]
AdwCleaner[S1].txt - [2040 octets] - [22/07/2012 23:51:11]

########## EOF - C:\AdwCleaner[S1].txt - [2168 octets] ##########

und emsosoft:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 22.07.2012 23:58:42

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	22.07.2012 23:58:54

c:\program files (x86)\secure banking\securebanking.dll 	gefunden: Virus.Win32.Malware!E2
C:\Spiele\WoW\WoW-2.1.1.6739-to-2.1.2.6803-deDE-downloader.exe 	gefunden: Gen.Malware.Heur!E2
C:\Spiele\WoW\WoW-2.2.0.7272-to-2.2.2.7318-deDE-downloader.exe 	gefunden: Gen.Malware.Heur!E2
C:\Spiele\WoW\WoW-2.1.2.6803-to-2.1.3.6898-deDE-downloader.exe 	gefunden: Gen.Malware.Heur!E2
C:\Spiele\WoW\WoW-2.2.2.7318-to-2.2.3.7359-deDE-downloader.exe 	gefunden: Gen.Malware.Heur!E2
C:\Spiele\WoW\WoW-2.1.3.6898-to-2.2.0.7272-deDE-downloader.exe 	gefunden: Gen.Malware.Heur!E2

Gescannt	686274
Gefunden	6

Scan Ende:	23.07.2012 00:47:39
Scan Zeit:	0:48:45

t'john · 22.07.2012, 23:53

Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

ysubmarine · 23.07.2012, 07:57

Code:

ATTFilter

[BESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1c0b172a3effa34f8acd4fd5e87a4900
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 01:08:21
# local_time=2012-07-23 03:08:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 5238668 5238668 0 0
# compatibility_mode=5121 16777213 100 75 30918 8224268 0 0
# compatibility_mode=5893 16776574 100 94 52680172 94628622 0 0
# compatibility_mode=8192 67108863 100 0 185 185 0 0
# scanned=218058
# found=0
# cleaned=0
# scan_time=6929[/B]

t'john · 23.07.2012, 09:55

Sehr gut!

TDSSKiller von Kaspersky

- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.

Hier findest Du eine ausführlichere TDSSKiller Anleitung.

ysubmarine · 24.07.2012, 19:44

Code:

ATTFilter

20:40:59.0899 5344	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:40:59.0915 5344	============================================================
20:40:59.0915 5344	Current date / time: 2012/07/24 20:40:59.0915
20:40:59.0915 5344	SystemInfo:
20:40:59.0915 5344	
20:40:59.0915 5344	OS Version: 6.1.7601 ServicePack: 1.0
20:40:59.0915 5344	Product type: Workstation
20:40:59.0915 5344	ComputerName: YSUBMARINE-LAP
20:40:59.0915 5344	UserName: ysubmarine
20:40:59.0915 5344	Windows directory: C:\Windows
20:40:59.0915 5344	System windows directory: C:\Windows
20:40:59.0915 5344	Running under WOW64
20:40:59.0915 5344	Processor architecture: Intel x64
20:40:59.0915 5344	Number of processors: 8
20:40:59.0915 5344	Page size: 0x1000
20:40:59.0915 5344	Boot type: Normal boot
20:40:59.0915 5344	============================================================
20:41:01.0054 5344	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:01.0054 5344	============================================================
20:41:01.0054 5344	\Device\Harddisk0\DR0:
20:41:01.0054 5344	MBR partitions:
20:41:01.0054 5344	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
20:41:01.0054 5344	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x54E01EF0
20:41:01.0054 5344	============================================================
20:41:01.0163 5344	C: <-> \Device\Harddisk0\DR0\Partition1
20:41:01.0163 5344	============================================================
20:41:01.0163 5344	Initialize success
20:41:01.0163 5344	============================================================
20:41:13.0284 3104	============================================================
20:41:13.0284 3104	Scan started
20:41:13.0284 3104	Mode: Manual; 
20:41:13.0284 3104	============================================================
20:41:15.0359 3104	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:41:15.0375 3104	1394ohci - ok
20:41:15.0421 3104	Acceler         (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
20:41:15.0421 3104	Acceler - ok
20:41:15.0453 3104	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:41:15.0468 3104	ACPI - ok
20:41:15.0484 3104	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:41:15.0484 3104	AcpiPmi - ok
20:41:15.0687 3104	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:41:15.0687 3104	AdobeARMservice - ok
20:41:15.0749 3104	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:41:15.0765 3104	adp94xx - ok
20:41:15.0796 3104	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:41:15.0796 3104	adpahci - ok
20:41:15.0827 3104	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:41:15.0843 3104	adpu320 - ok
20:41:15.0858 3104	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:41:15.0858 3104	AeLookupSvc - ok
20:41:15.0936 3104	AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:41:15.0936 3104	AERTFilters - ok
20:41:16.0045 3104	AF9035BDA       (0a0889d0b7afd2577d49f6799a26e05d) C:\Windows\system32\DRIVERS\AF15BDA.sys
20:41:16.0061 3104	AF9035BDA - ok
20:41:16.0123 3104	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:41:16.0139 3104	AFD - ok
20:41:16.0170 3104	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:41:16.0170 3104	agp440 - ok
20:41:16.0233 3104	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:41:16.0233 3104	ALG - ok
20:41:16.0248 3104	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:41:16.0248 3104	aliide - ok
20:41:16.0264 3104	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:41:16.0264 3104	amdide - ok
20:41:16.0264 3104	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:41:16.0264 3104	AmdK8 - ok
20:41:16.0279 3104	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:41:16.0279 3104	AmdPPM - ok
20:41:16.0295 3104	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:41:16.0295 3104	amdsata - ok
20:41:16.0311 3104	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:41:16.0311 3104	amdsbs - ok
20:41:16.0326 3104	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:41:16.0326 3104	amdxata - ok
20:41:16.0373 3104	AMPPAL          (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
20:41:16.0373 3104	AMPPAL - ok
20:41:16.0389 3104	AMPPALP         (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
20:41:16.0389 3104	AMPPALP - ok
20:41:16.0560 3104	AMPPALR3        (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:41:16.0560 3104	AMPPALR3 - ok
20:41:17.0059 3104	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:41:17.0075 3104	AppID - ok
20:41:17.0122 3104	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:41:17.0137 3104	AppIDSvc - ok
20:41:17.0371 3104	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:41:17.0465 3104	Appinfo - ok
20:41:17.0652 3104	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:41:17.0668 3104	arc - ok
20:41:17.0793 3104	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:41:17.0808 3104	arcsas - ok
20:41:17.0964 3104	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:41:18.0011 3104	aspnet_state - ok
20:41:18.0058 3104	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:41:18.0058 3104	AsyncMac - ok
20:41:18.0105 3104	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:41:18.0105 3104	atapi - ok
20:41:18.0167 3104	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:41:18.0167 3104	AudioEndpointBuilder - ok
20:41:18.0167 3104	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:41:18.0167 3104	AudioSrv - ok
20:41:18.0198 3104	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:41:18.0198 3104	AxInstSV - ok
20:41:18.0292 3104	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:41:18.0292 3104	b06bdrv - ok
20:41:18.0323 3104	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:41:18.0323 3104	b57nd60a - ok
20:41:18.0354 3104	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:41:18.0354 3104	BDESVC - ok
20:41:18.0370 3104	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:41:18.0370 3104	Beep - ok
20:41:18.0417 3104	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:41:18.0432 3104	BFE - ok
20:41:18.0947 3104	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:41:18.0978 3104	BITS - ok
20:41:19.0087 3104	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:41:19.0087 3104	blbdrive - ok
20:41:19.0212 3104	Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:41:19.0212 3104	Bonjour Service - ok
20:41:19.0243 3104	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:41:19.0243 3104	bowser - ok
20:41:19.0259 3104	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:41:19.0259 3104	BrFiltLo - ok
20:41:19.0275 3104	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:41:19.0275 3104	BrFiltUp - ok
20:41:19.0290 3104	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:41:19.0306 3104	Browser - ok
20:41:19.0368 3104	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:41:19.0368 3104	Brserid - ok
20:41:19.0415 3104	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:41:19.0415 3104	BrSerWdm - ok
20:41:19.0415 3104	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:41:19.0431 3104	BrUsbMdm - ok
20:41:19.0431 3104	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:41:19.0431 3104	BrUsbSer - ok
20:41:19.0446 3104	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:41:19.0446 3104	BTHMODEM - ok
20:41:19.0571 3104	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:41:19.0571 3104	bthserv - ok
20:41:19.0914 3104	BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:41:19.0914 3104	BTHSSecurityMgr - ok
20:41:19.0930 3104	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:41:19.0930 3104	cdfs - ok
20:41:19.0961 3104	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:41:19.0961 3104	cdrom - ok
20:41:20.0008 3104	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:41:20.0008 3104	CertPropSvc - ok
20:41:20.0039 3104	cfwids          (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
20:41:20.0039 3104	cfwids - ok
20:41:20.0055 3104	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:41:20.0070 3104	circlass - ok
20:41:20.0101 3104	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:41:20.0117 3104	CLFS - ok
20:41:20.0772 3104	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:41:20.0803 3104	clr_optimization_v2.0.50727_32 - ok
20:41:20.0881 3104	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:41:20.0881 3104	clr_optimization_v2.0.50727_64 - ok
20:41:21.0474 3104	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:41:21.0521 3104	clr_optimization_v4.0.30319_32 - ok
20:41:21.0615 3104	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:41:21.0693 3104	clr_optimization_v4.0.30319_64 - ok
20:41:21.0739 3104	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:41:21.0739 3104	CmBatt - ok
20:41:21.0755 3104	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:41:21.0786 3104	cmdide - ok
20:41:22.0005 3104	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:41:22.0020 3104	CNG - ok
20:41:22.0051 3104	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:41:22.0051 3104	Compbatt - ok
20:41:22.0067 3104	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:41:22.0067 3104	CompositeBus - ok
20:41:22.0083 3104	COMSysApp - ok
20:41:22.0192 3104	cpuz130 - ok
20:41:22.0207 3104	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:41:22.0207 3104	crcdisk - ok
20:41:22.0270 3104	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:41:22.0270 3104	CryptSvc - ok
20:41:22.0317 3104	CtClsFlt        (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:41:22.0317 3104	CtClsFlt - ok
20:41:22.0348 3104	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
20:41:22.0348 3104	CVirtA - ok
20:41:22.0395 3104	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:41:22.0410 3104	DcomLaunch - ok
20:41:22.0457 3104	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:41:22.0457 3104	defragsvc - ok
20:41:22.0488 3104	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:41:22.0488 3104	DfsC - ok
20:41:22.0519 3104	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:41:22.0519 3104	Dhcp - ok
20:41:22.0551 3104	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:41:22.0551 3104	discache - ok
20:41:22.0582 3104	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:41:22.0582 3104	Disk - ok
20:41:22.0613 3104	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
20:41:22.0629 3104	DNE - ok
20:41:22.0675 3104	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:41:22.0675 3104	Dnscache - ok
20:41:22.0707 3104	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:41:22.0722 3104	dot3svc - ok
20:41:22.0753 3104	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:41:22.0769 3104	Dot4 - ok
20:41:22.0847 3104	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:41:22.0847 3104	Dot4Print - ok
20:41:22.0878 3104	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:41:22.0878 3104	dot4usb - ok
20:41:22.0925 3104	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:41:22.0925 3104	DPS - ok
20:41:22.0956 3104	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:41:22.0972 3104	drmkaud - ok
20:41:23.0003 3104	dtsoftbus01     (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:41:23.0003 3104	dtsoftbus01 - ok
20:41:23.0268 3104	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:41:23.0284 3104	DXGKrnl - ok
20:41:23.0549 3104	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:41:23.0549 3104	EapHost - ok
20:41:23.0736 3104	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:41:23.0799 3104	ebdrv - ok
20:41:23.0970 3104	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:41:23.0970 3104	EFS - ok
20:41:24.0095 3104	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:41:24.0111 3104	ehRecvr - ok
20:41:24.0126 3104	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:41:24.0126 3104	ehSched - ok
20:41:24.0204 3104	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:41:24.0220 3104	elxstor - ok
20:41:24.0220 3104	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:41:24.0220 3104	ErrDev - ok
20:41:24.0267 3104	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:41:24.0267 3104	EventSystem - ok
20:41:25.0078 3104	EvtEng          (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:41:25.0093 3104	EvtEng - ok
20:41:26.0061 3104	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:41:26.0061 3104	exfat - ok
20:41:26.0092 3104	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:41:26.0092 3104	fastfat - ok
20:41:26.0778 3104	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:41:26.0825 3104	Fax - ok
20:41:26.0841 3104	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:41:26.0841 3104	fdc - ok
20:41:26.0872 3104	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:41:26.0872 3104	fdPHost - ok
20:41:26.0887 3104	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:41:26.0887 3104	FDResPub - ok
20:41:26.0887 3104	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:41:26.0903 3104	FileInfo - ok
20:41:26.0903 3104	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:41:26.0919 3104	Filetrace - ok
20:41:26.0919 3104	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:41:26.0934 3104	flpydisk - ok
20:41:26.0950 3104	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:41:26.0950 3104	FltMgr - ok
20:41:27.0215 3104	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:41:27.0324 3104	FontCache - ok
20:41:27.0496 3104	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:41:27.0496 3104	FontCache3.0.0.0 - ok
20:41:27.0699 3104	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:41:27.0699 3104	FsDepends - ok
20:41:27.0714 3104	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:41:27.0714 3104	Fs_Rec - ok
20:41:27.0761 3104	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:41:27.0761 3104	fvevol - ok
20:41:27.0777 3104	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:41:27.0777 3104	gagp30kx - ok
20:41:27.0792 3104	GEARAspiWDM - ok
20:41:27.0839 3104	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:41:27.0870 3104	gpsvc - ok
20:41:27.0886 3104	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:41:27.0886 3104	hcw85cir - ok
20:41:27.0901 3104	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:41:27.0917 3104	HDAudBus - ok
20:41:27.0948 3104	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:41:27.0948 3104	HidBatt - ok
20:41:27.0964 3104	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:41:27.0964 3104	HidBth - ok
20:41:27.0979 3104	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:41:27.0995 3104	HidIr - ok
20:41:28.0011 3104	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:41:28.0011 3104	hidserv - ok
20:41:28.0042 3104	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:41:28.0042 3104	HidUsb - ok
20:41:28.0057 3104	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:41:28.0073 3104	hkmsvc - ok
20:41:28.0089 3104	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:41:28.0104 3104	HomeGroupListener - ok
20:41:28.0120 3104	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:41:28.0135 3104	HomeGroupProvider - ok
20:41:28.0167 3104	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:41:28.0167 3104	HpSAMD - ok
20:41:28.0198 3104	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:41:28.0213 3104	HTTP - ok
20:41:28.0229 3104	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:41:28.0229 3104	hwpolicy - ok
20:41:28.0245 3104	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:41:28.0260 3104	i8042prt - ok
20:41:28.0291 3104	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
20:41:28.0291 3104	iaStor - ok
20:41:28.0338 3104	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:41:28.0354 3104	iaStorV - ok
20:41:28.0947 3104	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:41:28.0978 3104	idsvc - ok
20:41:33.0486 3104	igfx            (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:41:33.0658 3104	igfx - ok
20:41:33.0907 3104	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:41:33.0907 3104	iirsp - ok
20:41:33.0970 3104	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:41:33.0985 3104	IKEEXT - ok
20:41:34.0017 3104	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
20:41:34.0032 3104	Impcd - ok
20:41:34.0141 3104	IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys
20:41:34.0157 3104	IntcAzAudAddService - ok
20:41:34.0516 3104	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:41:34.0531 3104	IntcDAud - ok
20:41:34.0547 3104	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:41:34.0547 3104	intelide - ok
20:41:34.0578 3104	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:41:34.0578 3104	intelppm - ok
20:41:34.0609 3104	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:41:34.0609 3104	IPBusEnum - ok
20:41:34.0625 3104	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:41:34.0625 3104	IpFilterDriver - ok
20:41:34.0687 3104	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:41:34.0687 3104	iphlpsvc - ok
20:41:34.0703 3104	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:41:34.0703 3104	IPMIDRV - ok
20:41:34.0719 3104	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:41:34.0719 3104	IPNAT - ok
20:41:34.0734 3104	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:41:34.0750 3104	IRENUM - ok
20:41:34.0750 3104	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:41:34.0750 3104	isapnp - ok
20:41:34.0765 3104	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:41:34.0765 3104	iScsiPrt - ok
20:41:34.0843 3104	JMCR            (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys
20:41:34.0843 3104	JMCR - ok
20:41:34.0875 3104	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:41:34.0875 3104	kbdclass - ok
20:41:34.0890 3104	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:41:34.0890 3104	kbdhid - ok
20:41:34.0906 3104	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:41:34.0906 3104	KeyIso - ok
20:41:34.0953 3104	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:41:34.0953 3104	KSecDD - ok
20:41:34.0968 3104	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:41:34.0968 3104	KSecPkg - ok
20:41:34.0984 3104	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:41:34.0984 3104	ksthunk - ok
20:41:35.0031 3104	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:41:35.0031 3104	KtmRm - ok
20:41:35.0077 3104	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:41:35.0093 3104	LanmanServer - ok
20:41:35.0124 3104	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:41:35.0124 3104	LanmanWorkstation - ok
20:41:35.0155 3104	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:41:35.0155 3104	lltdio - ok
20:41:35.0202 3104	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:41:35.0202 3104	lltdsvc - ok
20:41:35.0233 3104	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:41:35.0233 3104	lmhosts - ok
20:41:35.0311 3104	LMS             (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:41:35.0327 3104	LMS - ok
20:41:35.0343 3104	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:41:35.0358 3104	LSI_FC - ok
20:41:35.0374 3104	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:41:35.0374 3104	LSI_SAS - ok
20:41:35.0374 3104	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:41:35.0374 3104	LSI_SAS2 - ok
20:41:35.0389 3104	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:41:35.0389 3104	LSI_SCSI - ok
20:41:35.0421 3104	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:41:35.0421 3104	luafv - ok
20:41:35.0483 3104	ManyCam         (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
20:41:35.0483 3104	ManyCam - ok
20:41:35.0655 3104	McAWFwk         (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
20:41:35.0655 3104	McAWFwk - ok
20:41:35.0686 3104	McMPFSvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:41:35.0701 3104	McMPFSvc - ok
20:41:35.0701 3104	mcmscsvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:41:35.0701 3104	mcmscsvc - ok
20:41:35.0717 3104	McNaiAnn        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:41:35.0717 3104	McNaiAnn - ok
20:41:35.0717 3104	McNASvc         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:41:35.0717 3104	McNASvc - ok
20:41:36.0045 3104	McODS           (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe
20:41:36.0060 3104	McODS - ok
20:41:36.0060 3104	McOobeSv        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:41:36.0060 3104	McOobeSv - ok
20:41:36.0060 3104	McProxy         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:41:36.0076 3104	McProxy - ok
20:41:36.0107 3104	McShield        (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:41:36.0123 3104	McShield - ok
20:41:36.0138 3104	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:41:36.0138 3104	Mcx2Svc - ok
20:41:36.0169 3104	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:41:36.0169 3104	megasas - ok
20:41:36.0216 3104	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:41:36.0232 3104	MegaSR - ok
20:41:36.0263 3104	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:41:36.0263 3104	MEIx64 - ok
20:41:36.0294 3104	mfeapfk         (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
20:41:36.0294 3104	mfeapfk - ok
20:41:36.0325 3104	mfeavfk         (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
20:41:36.0325 3104	mfeavfk - ok
20:41:36.0357 3104	mfeavfk01 - ok
20:41:36.0419 3104	mfefire         (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:41:36.0419 3104	mfefire - ok
20:41:36.0559 3104	mfefirek        (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
20:41:36.0575 3104	mfefirek - ok
20:41:36.0653 3104	mfehidk         (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
20:41:36.0653 3104	mfehidk - ok
20:41:36.0684 3104	mfenlfk         (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:41:36.0684 3104	mfenlfk - ok
20:41:36.0700 3104	mferkdet        (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
20:41:36.0715 3104	mferkdet - ok
20:41:36.0731 3104	mfevtp          (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
20:41:36.0731 3104	mfevtp - ok
20:41:37.0059 3104	mfewfpk         (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
20:41:37.0059 3104	mfewfpk - ok
20:41:37.0074 3104	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:41:37.0090 3104	MMCSS - ok
20:41:37.0105 3104	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:41:37.0105 3104	Modem - ok
20:41:37.0121 3104	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:41:37.0121 3104	monitor - ok
20:41:37.0137 3104	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:41:37.0137 3104	mouclass - ok
20:41:37.0168 3104	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:41:37.0168 3104	mouhid - ok
20:41:37.0183 3104	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:41:37.0183 3104	mountmgr - ok
20:41:37.0308 3104	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:41:37.0308 3104	MozillaMaintenance - ok
20:41:37.0324 3104	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:41:37.0324 3104	mpio - ok
20:41:37.0339 3104	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:41:37.0355 3104	mpsdrv - ok
20:41:37.0402 3104	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:41:37.0417 3104	MpsSvc - ok
20:41:37.0433 3104	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:41:37.0449 3104	MRxDAV - ok
20:41:37.0464 3104	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:41:37.0480 3104	mrxsmb - ok
20:41:37.0495 3104	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:41:37.0511 3104	mrxsmb10 - ok
20:41:37.0511 3104	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:41:37.0527 3104	mrxsmb20 - ok
20:41:37.0542 3104	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:41:37.0542 3104	msahci - ok
20:41:37.0573 3104	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:41:37.0573 3104	msdsm - ok
20:41:37.0620 3104	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:41:37.0620 3104	MSDTC - ok
20:41:37.0636 3104	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:41:37.0636 3104	Msfs - ok
20:41:37.0651 3104	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:41:37.0651 3104	mshidkmdf - ok
20:41:37.0667 3104	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:41:37.0667 3104	msisadrv - ok
20:41:37.0698 3104	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:41:37.0698 3104	MSiSCSI - ok
20:41:37.0698 3104	msiserver - ok
20:41:37.0761 3104	MSK80Service    (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:41:37.0761 3104	MSK80Service - ok
20:41:37.0776 3104	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:41:37.0792 3104	MSKSSRV - ok
20:41:37.0792 3104	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:41:37.0807 3104	MSPCLOCK - ok
20:41:37.0807 3104	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:41:37.0823 3104	MSPQM - ok
20:41:37.0839 3104	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:41:37.0839 3104	MsRPC - ok
20:41:37.0854 3104	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:41:37.0854 3104	mssmbios - ok
20:41:37.0870 3104	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:41:37.0870 3104	MSTEE - ok
20:41:37.0885 3104	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:41:37.0885 3104	MTConfig - ok
20:41:37.0885 3104	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:41:37.0885 3104	Mup - ok
20:41:38.0057 3104	MyWiFiDHCPDNS   (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:41:38.0073 3104	MyWiFiDHCPDNS - ok
20:41:38.0151 3104	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:41:38.0182 3104	napagent - ok
20:41:38.0229 3104	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:41:38.0229 3104	NativeWifiP - ok
20:41:38.0322 3104	NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
20:41:38.0322 3104	NAUpdate - ok
20:41:38.0416 3104	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:41:38.0431 3104	NDIS - ok
20:41:38.0463 3104	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:41:38.0463 3104	NdisCap - ok
20:41:38.0478 3104	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:41:38.0478 3104	NdisTapi - ok
20:41:38.0494 3104	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:41:38.0494 3104	Ndisuio - ok
20:41:38.0525 3104	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:41:38.0525 3104	NdisWan - ok
20:41:38.0541 3104	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:41:38.0541 3104	NDProxy - ok
20:41:38.0556 3104	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:41:38.0556 3104	NetBIOS - ok
20:41:38.0572 3104	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:41:38.0587 3104	NetBT - ok
20:41:38.0603 3104	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:41:38.0603 3104	Netlogon - ok
20:41:38.0650 3104	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:41:38.0665 3104	Netman - ok
20:41:38.0743 3104	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:41:38.0743 3104	NetMsmqActivator - ok
20:41:38.0759 3104	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:41:38.0759 3104	NetPipeActivator - ok
20:41:38.0790 3104	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:41:38.0790 3104	netprofm - ok
20:41:38.0790 3104	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:41:38.0790 3104	NetTcpActivator - ok
20:41:38.0790 3104	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:41:38.0806 3104	NetTcpPortSharing - ok
20:41:41.0130 3104	NETwNs64        (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
20:41:41.0239 3104	NETwNs64 - ok
20:41:41.0395 3104	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:41:41.0411 3104	nfrd960 - ok
20:41:41.0458 3104	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:41:41.0458 3104	NlaSvc - ok
20:41:41.0489 3104	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:41:41.0489 3104	Npfs - ok
20:41:41.0505 3104	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:41:41.0505 3104	nsi - ok
20:41:41.0520 3104	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:41:41.0520 3104	nsiproxy - ok
20:41:41.0598 3104	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:41:41.0645 3104	Ntfs - ok
20:41:41.0848 3104	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:41:41.0848 3104	Null - ok
20:41:41.0910 3104	nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:41:41.0910 3104	nusb3hub - ok
20:41:41.0973 3104	nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:41:41.0973 3104	nusb3xhc - ok
20:41:42.0004 3104	NVHDA           (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
20:41:42.0004 3104	NVHDA - ok
20:41:42.0253 3104	nvkflt          (f8219cd9792008144a19691b17ea2993) C:\Windows\system32\DRIVERS\nvkflt.sys
20:41:42.0253 3104	nvkflt - ok
20:41:43.0299 3104	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:41:43.0361 3104	nvlddmkm - ok
20:41:43.0455 3104	nvpciflt        (715d45ed30003fc70cfa0d9c6dd0b538) C:\Windows\system32\DRIVERS\nvpciflt.sys
20:41:43.0455 3104	nvpciflt - ok
20:41:43.0486 3104	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:41:43.0501 3104	nvraid - ok
20:41:43.0517 3104	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:41:43.0517 3104	nvstor - ok
20:41:43.0564 3104	NvStUSB         (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\drivers\nvstusb.sys
20:41:43.0564 3104	NvStUSB - ok
20:41:43.0657 3104	nvsvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
20:41:43.0673 3104	nvsvc - ok
20:41:44.0063 3104	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:41:44.0063 3104	nvUpdatusService - ok
20:41:44.0281 3104	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:41:44.0297 3104	nv_agp - ok
20:41:44.0313 3104	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:41:44.0313 3104	ohci1394 - ok
20:41:44.0344 3104	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:41:44.0344 3104	p2pimsvc - ok
20:41:44.0391 3104	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:41:44.0391 3104	p2psvc - ok
20:41:44.0406 3104	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:41:44.0406 3104	Parport - ok
20:41:44.0453 3104	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:41:44.0453 3104	partmgr - ok
20:41:44.0469 3104	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:41:44.0469 3104	PcaSvc - ok
20:41:44.0562 3104	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
20:41:44.0562 3104	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
20:41:44.0593 3104	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:41:44.0593 3104	pci - ok
20:41:44.0609 3104	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:41:44.0609 3104	pciide - ok
20:41:44.0640 3104	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:41:44.0640 3104	pcmcia - ok
20:41:44.0656 3104	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:41:44.0656 3104	pcw - ok
20:41:44.0703 3104	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:41:44.0718 3104	PEAUTH - ok
20:41:44.0781 3104	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:41:44.0781 3104	PerfHost - ok
20:41:44.0874 3104	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:41:44.0905 3104	pla - ok
20:41:44.0952 3104	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:41:44.0968 3104	PlugPlay - ok
20:41:44.0983 3104	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:41:44.0983 3104	PNRPAutoReg - ok
20:41:45.0015 3104	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:41:45.0015 3104	PNRPsvc - ok
20:41:45.0061 3104	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:41:45.0061 3104	PolicyAgent - ok
20:41:45.0093 3104	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:41:45.0093 3104	Power - ok
20:41:45.0155 3104	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:41:45.0155 3104	PptpMiniport - ok
20:41:45.0171 3104	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:41:45.0171 3104	Processor - ok
20:41:45.0217 3104	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:41:45.0233 3104	ProfSvc - ok
20:41:45.0233 3104	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:41:45.0233 3104	ProtectedStorage - ok
20:41:45.0264 3104	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:41:45.0264 3104	Psched - ok
20:41:45.0280 3104	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:41:45.0280 3104	PxHlpa64 - ok
20:41:45.0311 3104	qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
20:41:45.0311 3104	qicflt - ok
20:41:45.0405 3104	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:41:45.0436 3104	ql2300 - ok
20:41:45.0623 3104	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:41:45.0639 3104	ql40xx - ok
20:41:45.0670 3104	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:41:45.0670 3104	QWAVE - ok
20:41:45.0670 3104	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:41:45.0685 3104	QWAVEdrv - ok
20:41:45.0685 3104	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:41:45.0685 3104	RasAcd - ok
20:41:45.0717 3104	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:41:45.0717 3104	RasAgileVpn - ok
20:41:45.0732 3104	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:41:45.0732 3104	RasAuto - ok
20:41:45.0748 3104	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:41:45.0763 3104	Rasl2tp - ok
20:41:45.0795 3104	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:41:45.0795 3104	RasMan - ok
20:41:45.0810 3104	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:41:45.0810 3104	RasPppoe - ok
20:41:45.0826 3104	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:41:45.0826 3104	RasSstp - ok
20:41:45.0857 3104	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:41:45.0873 3104	rdbss - ok
20:41:45.0888 3104	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:41:45.0888 3104	rdpbus - ok
20:41:45.0904 3104	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:41:45.0904 3104	RDPCDD - ok
20:41:45.0919 3104	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:41:45.0919 3104	RDPENCDD - ok
20:41:45.0935 3104	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:41:45.0935 3104	RDPREFMP - ok
20:41:45.0997 3104	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:41:45.0997 3104	RDPWD - ok
20:41:46.0044 3104	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:41:46.0060 3104	rdyboost - ok
20:41:47.0401 3104	RegSrvc         (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:41:47.0417 3104	RegSrvc - ok
20:41:47.0604 3104	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:41:47.0620 3104	RemoteAccess - ok
20:41:47.0651 3104	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:41:47.0651 3104	RemoteRegistry - ok
20:41:47.0807 3104	RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:41:47.0823 3104	RoxMediaDB12OEM - ok
20:41:47.0854 3104	RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:41:47.0854 3104	RoxWatch12 - ok
20:41:47.0932 3104	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:41:47.0932 3104	RpcEptMapper - ok
20:41:47.0963 3104	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:41:47.0963 3104	RpcLocator - ok
20:41:47.0994 3104	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:41:47.0994 3104	RpcSs - ok
20:41:48.0041 3104	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:41:48.0057 3104	rspndr - ok
20:41:48.0103 3104	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:41:48.0103 3104	RTL8167 - ok
20:41:48.0135 3104	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:41:48.0135 3104	SamSs - ok
20:41:48.0150 3104	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:41:48.0150 3104	sbp2port - ok
20:41:48.0213 3104	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:41:48.0213 3104	SCardSvr - ok
20:41:48.0228 3104	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:41:48.0228 3104	scfilter - ok
20:41:48.0275 3104	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:41:48.0306 3104	Schedule - ok
20:41:48.0337 3104	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:41:48.0337 3104	SCPolicySvc - ok
20:41:48.0400 3104	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
20:41:48.0400 3104	sdbus - ok
20:41:48.0431 3104	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:41:48.0431 3104	SDRSVC - ok
20:41:48.0462 3104	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:41:48.0462 3104	secdrv - ok
20:41:48.0478 3104	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:41:48.0478 3104	seclogon - ok
20:41:48.0493 3104	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:41:48.0493 3104	SENS - ok
20:41:48.0509 3104	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:41:48.0509 3104	SensrSvc - ok
20:41:48.0540 3104	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:41:48.0540 3104	Serenum - ok
20:41:48.0556 3104	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:41:48.0556 3104	Serial - ok
20:41:48.0587 3104	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:41:48.0587 3104	sermouse - ok
20:41:48.0618 3104	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:41:48.0618 3104	SessionEnv - ok
20:41:48.0634 3104	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:41:48.0634 3104	sffdisk - ok
20:41:48.0649 3104	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:41:48.0649 3104	sffp_mmc - ok
20:41:48.0665 3104	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:41:48.0665 3104	sffp_sd - ok
20:41:48.0665 3104	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:41:48.0665 3104	sfloppy - ok
20:41:48.0915 3104	SftService      (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:41:48.0946 3104	SftService - ok
20:41:49.0180 3104	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:41:49.0180 3104	SharedAccess - ok
20:41:49.0227 3104	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:41:49.0242 3104	ShellHWDetection - ok
20:41:49.0305 3104	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:41:49.0305 3104	SiSRaid2 - ok
20:41:49.0336 3104	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:41:49.0336 3104	SiSRaid4 - ok
20:41:49.0445 3104	SkypeUpdate     (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:41:49.0461 3104	SkypeUpdate - ok
20:41:49.0492 3104	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:41:49.0492 3104	Smb - ok
20:41:49.0523 3104	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:41:49.0523 3104	SNMPTRAP - ok
20:41:49.0539 3104	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:41:49.0539 3104	spldr - ok
20:41:49.0570 3104	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:41:49.0570 3104	Spooler - ok
20:41:49.0695 3104	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:41:49.0710 3104	sppsvc - ok
20:41:50.0194 3104	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:41:50.0225 3104	sppuinotify - ok
20:41:50.0287 3104	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:41:50.0303 3104	srv - ok
20:41:50.0319 3104	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:41:50.0319 3104	srv2 - ok
20:41:50.0365 3104	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:41:50.0365 3104	srvnet - ok
20:41:50.0397 3104	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:41:50.0412 3104	SSDPSRV - ok
20:41:50.0428 3104	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:41:50.0428 3104	SstpSvc - ok
20:41:50.0459 3104	stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
20:41:50.0475 3104	stdcfltn - ok
20:41:50.0537 3104	Steam Client Service - ok
20:41:50.0662 3104	Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:41:50.0677 3104	Stereo Service - ok
20:41:50.0709 3104	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:41:50.0709 3104	stexstor - ok
20:41:50.0771 3104	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:41:50.0787 3104	stisvc - ok
20:41:50.0818 3104	stllssvr        (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:41:50.0818 3104	stllssvr - ok
20:41:50.0849 3104	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:41:50.0849 3104	swenum - ok
20:41:50.0927 3104	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:41:50.0943 3104	SwitchBoard - ok
20:41:50.0989 3104	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:41:51.0005 3104	swprv - ok
20:41:51.0114 3104	SynTP           (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
20:41:51.0130 3104	SynTP - ok
20:41:52.0113 3104	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:41:52.0144 3104	SysMain - ok
20:41:52.0737 3104	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:41:52.0752 3104	TabletInputService - ok
20:41:52.0768 3104	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:41:52.0783 3104	TapiSrv - ok
20:41:52.0799 3104	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:41:52.0799 3104	TBS - ok
20:41:53.0517 3104	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:41:53.0563 3104	Tcpip - ok
20:41:54.0796 3104	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:41:54.0796 3104	TCPIP6 - ok
20:41:55.0014 3104	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:41:55.0014 3104	tcpipreg - ok
20:41:55.0030 3104	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:41:55.0030 3104	TDPIPE - ok
20:41:55.0077 3104	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:41:55.0077 3104	TDTCP - ok
20:41:55.0092 3104	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:41:55.0092 3104	tdx - ok
20:41:55.0123 3104	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:41:55.0123 3104	TermDD - ok
20:41:55.0170 3104	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:41:55.0186 3104	TermService - ok
20:41:55.0201 3104	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:41:55.0201 3104	Themes - ok
20:41:55.0233 3104	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:41:55.0233 3104	THREADORDER - ok
20:41:55.0248 3104	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:41:55.0248 3104	TrkWks - ok
20:41:55.0295 3104	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:41:55.0295 3104	TrustedInstaller - ok
20:41:55.0311 3104	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:41:55.0311 3104	tssecsrv - ok
20:41:55.0342 3104	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:41:55.0342 3104	TsUsbFlt - ok
20:41:55.0373 3104	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:41:55.0373 3104	TsUsbGD - ok
20:41:55.0404 3104	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:41:55.0404 3104	tunnel - ok
20:41:55.0435 3104	TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
20:41:55.0435 3104	TurboB - ok
20:41:55.0513 3104	TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:41:55.0513 3104	TurboBoost - ok
20:41:55.0529 3104	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:41:55.0529 3104	uagp35 - ok
20:41:55.0560 3104	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:41:55.0560 3104	udfs - ok
20:41:55.0591 3104	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:41:55.0591 3104	UI0Detect - ok
20:41:55.0623 3104	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:41:55.0623 3104	uliagpkx - ok
20:41:55.0638 3104	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:41:55.0654 3104	umbus - ok
20:41:55.0669 3104	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:41:55.0669 3104	UmPass - ok
20:41:57.0058 3104	UNS             (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:41:57.0073 3104	UNS - ok
20:41:57.0651 3104	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:41:57.0666 3104	upnphost - ok
20:41:57.0729 3104	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:41:57.0729 3104	usbaudio - ok
20:41:57.0760 3104	usbccgp         (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
20:41:57.0775 3104	usbccgp - ok
20:41:57.0822 3104	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:41:57.0838 3104	usbcir - ok
20:41:57.0853 3104	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:41:57.0853 3104	usbehci - ok
20:41:57.0885 3104	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:41:57.0885 3104	usbhub - ok
20:41:57.0916 3104	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:41:57.0916 3104	usbohci - ok
20:41:57.0931 3104	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:41:57.0931 3104	usbprint - ok
20:41:57.0947 3104	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:41:57.0947 3104	USBSTOR - ok
20:41:57.0978 3104	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:41:57.0978 3104	usbuhci - ok
20:41:58.0025 3104	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:41:58.0025 3104	usbvideo - ok
20:41:58.0041 3104	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:41:58.0056 3104	UxSms - ok
20:41:58.0072 3104	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:41:58.0072 3104	VaultSvc - ok
20:41:58.0103 3104	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:41:58.0103 3104	vdrvroot - ok
20:41:58.0150 3104	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:41:58.0165 3104	vds - ok
20:41:58.0197 3104	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:41:58.0197 3104	vga - ok
20:41:58.0212 3104	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:41:58.0212 3104	VgaSave - ok
20:41:58.0243 3104	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:41:58.0243 3104	vhdmp - ok
20:41:58.0275 3104	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:41:58.0275 3104	viaide - ok
20:41:58.0306 3104	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:41:58.0306 3104	volmgr - ok
20:41:58.0321 3104	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:41:58.0337 3104	volmgrx - ok
20:41:58.0353 3104	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:41:58.0368 3104	volsnap - ok
20:41:58.0446 3104	vpnagent        (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
20:41:58.0446 3104	vpnagent - ok
20:41:58.0477 3104	vpnva           (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys
20:41:58.0477 3104	vpnva - ok
20:41:58.0524 3104	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:41:58.0524 3104	vsmraid - ok
20:41:58.0602 3104	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:41:58.0633 3104	VSS - ok
20:41:59.0086 3104	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:41:59.0086 3104	vwifibus - ok
20:41:59.0101 3104	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:41:59.0101 3104	vwififlt - ok
20:41:59.0117 3104	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:41:59.0117 3104	vwifimp - ok
20:41:59.0164 3104	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:41:59.0164 3104	W32Time - ok
20:41:59.0211 3104	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:41:59.0211 3104	WacomPen - ok
20:41:59.0226 3104	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:41:59.0226 3104	WANARP - ok
20:41:59.0242 3104	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:41:59.0242 3104	Wanarpv6 - ok
20:41:59.0679 3104	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:41:59.0725 3104	WatAdminSvc - ok
20:42:00.0053 3104	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:42:00.0084 3104	wbengine - ok
20:42:00.0864 3104	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:42:00.0895 3104	WbioSrvc - ok
20:42:00.0927 3104	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:42:00.0927 3104	wcncsvc - ok
20:42:00.0942 3104	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:42:00.0942 3104	WcsPlugInService - ok
20:42:00.0973 3104	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:42:00.0973 3104	Wd - ok
20:42:01.0005 3104	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:42:01.0005 3104	Wdf01000 - ok
20:42:01.0020 3104	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:42:01.0020 3104	WdiServiceHost - ok
20:42:01.0036 3104	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:42:01.0036 3104	WdiSystemHost - ok
20:42:01.0051 3104	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:42:01.0051 3104	WebClient - ok
20:42:01.0207 3104	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:42:01.0223 3104	Wecsvc - ok
20:42:01.0239 3104	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:42:01.0239 3104	wercplsupport - ok
20:42:01.0270 3104	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:42:01.0270 3104	WerSvc - ok
20:42:01.0301 3104	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:42:01.0301 3104	WfpLwf - ok
20:42:01.0348 3104	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:42:01.0348 3104	WimFltr - ok
20:42:01.0363 3104	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:42:01.0363 3104	WIMMount - ok
20:42:01.0379 3104	WinDefend - ok
20:42:01.0395 3104	WinHttpAutoProxySvc - ok
20:42:01.0660 3104	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:42:01.0660 3104	Winmgmt - ok
20:42:02.0112 3104	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:42:02.0159 3104	WinRM - ok
20:42:03.0079 3104	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:42:03.0111 3104	Wlansvc - ok
20:42:03.0220 3104	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:42:03.0220 3104	wlcrasvc - ok
20:42:04.0093 3104	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:42:04.0093 3104	wlidsvc - ok
20:42:04.0343 3104	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:42:04.0343 3104	WmiAcpi - ok
20:42:04.0858 3104	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:42:04.0889 3104	wmiApSrv - ok
20:42:04.0920 3104	WMPNetworkSvc - ok
20:42:04.0936 3104	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:42:04.0951 3104	WPCSvc - ok
20:42:04.0967 3104	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:42:04.0967 3104	WPDBusEnum - ok
20:42:04.0983 3104	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:42:04.0983 3104	ws2ifsl - ok
20:42:04.0998 3104	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:42:04.0998 3104	wscsvc - ok
20:42:04.0998 3104	WSearch - ok
20:42:05.0669 3104	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:42:05.0716 3104	wuauserv - ok
20:42:06.0324 3104	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:42:06.0355 3104	WudfPf - ok
20:42:06.0387 3104	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:42:06.0387 3104	WUDFRd - ok
20:42:06.0418 3104	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:42:06.0418 3104	wudfsvc - ok
20:42:06.0433 3104	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:42:06.0449 3104	WwanSvc - ok
20:42:06.0480 3104	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:42:07.0681 3104	\Device\Harddisk0\DR0 - ok
20:42:07.0697 3104	Boot (0x1200)   (d4f680bbe35bb824047e1002007b0c02) \Device\Harddisk0\DR0\Partition0
20:42:07.0697 3104	\Device\Harddisk0\DR0\Partition0 - ok
20:42:07.0728 3104	Boot (0x1200)   (4f06091d0b832dbb262dc98511c5db6e) \Device\Harddisk0\DR0\Partition1
20:42:07.0728 3104	\Device\Harddisk0\DR0\Partition1 - ok
20:42:07.0728 3104	============================================================
20:42:07.0728 3104	Scan finished
20:42:07.0728 3104	============================================================
20:42:07.0744 3096	Detected object count: 0
20:42:07.0744 3096	Actual detected object count: 0

t'john · 24.07.2012, 21:27

Sehr gut!

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

t'john · 07.08.2012, 16:24

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Neuer ukash virus GVL, bekomm ihn nicht weg

Log-Analyse und Auswertung: Neuer ukash virus GVL, bekomm ihn nicht weg