Heuristics.Shuriken mit Malewarebytes entdeckt

Tobbo · 19.09.2012, 21:17

Hi!
habe folgendes auf meinem Rechner:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.19.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Tobias Baumann :: TOBIASBAUMANN [Administrator]

19.09.2012 18:44:57
mbam-log-2012-09-19 (22-16-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 680252
Laufzeit: 3 Stunde(n), 23 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Tobias Baumann\AppData\Roaming\Zuasy\ebzo.exe (Heuristics.Shuriken) -> 3912 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Epysbaelki (Heuristics.Shuriken) -> Daten: "C:\Users\Tobias Baumann\AppData\Roaming\Zuasy\ebzo.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Tobias Baumann\AppData\Roaming\Zuasy\ebzo.exe (Heuristics.Shuriken) -> Keine Aktion durchgeführt.

(Ende)

Was ist das genau? Wie bekomme ich meinen Rechner wieder clean?

Infizierte Dateien liegen bereits im Malwarebytes Quarantäne. Was muss ich jetzt noch tun? Löschen? Kann ich weiterhin meinen Rechner ohne Gefahr nutzen? Banking? Online-Shops?

Psychotic · 20.09.2012, 08:22

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Schritt 2: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Schritt 3: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Tobbo · 20.09.2012, 09:03

Code:

ATTFilter

OTL logfile created on: 20.09.2012 09:46:55 - Run 3
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\Tobias Baumann\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,27% Memory free
7,93 Gb Paging File | 5,93 Gb Available in Paging File | 74,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228,43 Gb Total Space | 132,00 Gb Free Space | 57,79% Space Free | Partition Type: NTFS
Drive E: | 111,32 Gb Total Space | 48,23 Gb Free Space | 43,32% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 19,31 Gb Free Space | 98,86% Space Free | Partition Type: NTFS
Drive H: | 91,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
 
Computer Name: TOBIASBAUMANN | User Name: Tobias Baumann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias Baumann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Users\Tobias Baumann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes)
PRC - C:\Program Files (x86)\Greenshot\Greenshot.exe ()
PRC - C:\Program Files (x86)\DeskTask\DeskTask.exe (Carthago Software)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll ()
MOD - C:\Program Files (x86)\Greenshot\Greenshot.exe ()
MOD - C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe (SoftThinks)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (BBDemon) -- C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.)
DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CryptOSD) -- C:\Windows\SysNative\drivers\CryptOSD.sys (Phoenix Technologies)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {51863739-EC1B-416C-80D3-FF99BAE682BA}
IE:64bit: - HKLM\..\SearchScopes\{51863739-EC1B-416C-80D3-FF99BAE682BA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0BEE3C6F-9AA9-4645-9F40-439D815E480A}
IE - HKLM\..\SearchScopes\{0BEE3C6F-9AA9-4645-9F40-439D815E480A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0BEE3C6F-9AA9-4645-9F40-439D815E480A}
IE - HKCU\..\SearchScopes\{84A708EF-E395-47EE-B5A8-CB467C9E5659}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://wwwproxy.ba-stuttgart.de/proxy.pac"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.10 17:47:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.10 17:47:17 | 000,000,000 | ---D | M]
 
[2009.11.22 14:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Baumann\AppData\Roaming\mozilla\Extensions
[2012.09.01 13:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Baumann\AppData\Roaming\mozilla\Firefox\Profiles\lu7fip6o.default\extensions
[2011.02.17 13:20:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tobias Baumann\AppData\Roaming\mozilla\Firefox\Profiles\lu7fip6o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.27 20:32:48 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Tobias Baumann\AppData\Roaming\mozilla\Firefox\Profiles\lu7fip6o.default\extensions\2020Player_IKEA@2020Technologies.com
[2011.11.09 19:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.28 09:09:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.28 09:30:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 16:14:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.15 10:19:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 10:19:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.12 16:11:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.09 19:51:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010.11.21 16:22:30 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2010.11.21 16:22:30 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npstrlnk.dll
[2010.09.27 12:36:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.27 12:36:37 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.27 12:36:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.27 12:36:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.27 12:36:37 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Tobias Baumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Tobias Baumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskTask.lnk = C:\Program Files (x86)\DeskTask\DeskTask.exe (Carthago Software)
O4 - Startup: C:\Users\Tobias Baumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobias Baumann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Tobias Baumann\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Tobias Baumann\Desktop\PartyPoker.lnk File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09D99D34-99A5-4A21-A587-C5226031A037}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90334FBC-CC60-4E2D-A8F1-683AF1BEDA54}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02c7936d-d84e-11de-ab65-0026b90fe0d0}\Shell - "" = AutoRun
O33 - MountPoints2\{02c7936d-d84e-11de-ab65-0026b90fe0d0}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{3ce61d4e-64a4-11df-9e26-0026b90fe0d0}\Shell - "" = AutoRun
O33 - MountPoints2\{3ce61d4e-64a4-11df-9e26-0026b90fe0d0}\Shell\AutoRun\command - "" = I:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.20 09:47:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tobias Baumann\Desktop\aswMBR.exe
[2012.09.20 09:47:35 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tobias Baumann\Desktop\tdsskiller.exe
[2012.09.20 09:45:27 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias Baumann\Desktop\OTL.exe
[2012.09.18 17:13:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Baumann\AppData\Roaming\Zuasy
[2012.09.18 17:13:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Baumann\AppData\Roaming\Ymryf
[2012.09.18 17:13:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Baumann\AppData\Roaming\Idpo
[2012.09.13 22:57:50 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.09.13 22:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.13 22:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.09.12 23:06:55 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.05.01 16:25:34 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Tobias Baumann\AppData\Roaming\SetupGFD.exe
[2012.05.01 16:25:14 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Tobias Baumann\AppData\Roaming\Imgburn.exe
[2012.05.01 16:25:07 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Tobias Baumann\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 09:48:04 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tobias Baumann\Desktop\aswMBR.exe
[2012.09.20 09:47:35 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tobias Baumann\Desktop\tdsskiller.exe
[2012.09.20 09:45:27 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias Baumann\Desktop\OTL.exe
[2012.09.20 09:43:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.20 09:05:20 | 000,258,149 | ---- | M] () -- C:\Users\Tobias Baumann\Desktop\Malwarebytes Anti-Malware_2012-09-20_09-04-57.jpg
[2012.09.20 09:02:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.20 09:01:49 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 09:01:49 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 08:54:49 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.20 08:53:57 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 19:38:11 | 000,007,481 | ---- | M] () -- C:\Users\Tobias Baumann\AppData\Local\recently-used.xbel
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.28 19:19:13 | 001,808,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.28 19:19:13 | 000,766,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.28 19:19:13 | 000,721,362 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.28 19:19:13 | 000,174,544 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.28 19:19:13 | 000,147,324 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2012.09.20 09:05:20 | 000,258,149 | ---- | C] () -- C:\Users\Tobias Baumann\Desktop\Malwarebytes Anti-Malware_2012-09-20_09-04-57.jpg
[2012.09.19 19:38:11 | 000,007,481 | ---- | C] () -- C:\Users\Tobias Baumann\AppData\Local\recently-used.xbel
[2012.05.01 16:28:07 | 000,034,936 | ---- | C] () -- C:\Windows\SysWow64\uninstHelixYUV.exe
[2012.05.01 16:25:25 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Tobias Baumann\AppData\Roaming\AvsP.exe
[2012.05.01 16:25:23 | 001,357,348 | ---- | C] () -- C:\Users\Tobias Baumann\AppData\Roaming\MatroskaSplitter.exe
[2012.05.01 16:25:23 | 000,117,723 | ---- | C] () -- C:\Users\Tobias Baumann\AppData\Roaming\yuvcodecs-1.3.exe
[2011.05.02 11:02:49 | 000,065,536 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.esav
[2011.05.02 11:02:22 | 000,002,127 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.BCS
[2011.05.02 11:02:22 | 000,000,146 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.stat
[2011.05.02 11:02:22 | 000,000,067 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.PVTS
[2011.05.02 11:02:20 | 000,589,824 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.rth
[2011.05.02 11:02:20 | 000,131,072 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.full
[2011.05.02 11:02:20 | 000,000,732 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.mntr
[2011.05.02 11:01:57 | 002,686,976 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.dbb
[2011.05.02 11:01:57 | 001,966,080 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.db
[2011.05.02 10:59:31 | 000,000,439 | ---- | C] () -- C:\Users\Tobias Baumann\Ansys_Klausuraufgabe.err
[2011.04.29 13:06:01 | 000,065,536 | ---- | C] () -- C:\Users\Tobias Baumann\file.esav
[2011.04.29 13:04:49 | 000,002,127 | ---- | C] () -- C:\Users\Tobias Baumann\file.BCS
[2011.04.29 13:04:49 | 000,000,146 | ---- | C] () -- C:\Users\Tobias Baumann\file.stat
[2011.04.29 13:04:48 | 000,589,824 | ---- | C] () -- C:\Users\Tobias Baumann\file.rth
[2011.04.29 13:04:48 | 000,131,072 | ---- | C] () -- C:\Users\Tobias Baumann\file.full
[2011.04.29 13:04:48 | 000,000,732 | ---- | C] () -- C:\Users\Tobias Baumann\file.mntr
[2011.04.29 13:04:48 | 000,000,067 | ---- | C] () -- C:\Users\Tobias Baumann\file.PVTS
[2011.04.29 12:20:48 | 002,686,976 | ---- | C] () -- C:\Users\Tobias Baumann\file.dbb
[2011.04.29 12:20:48 | 002,686,976 | ---- | C] () -- C:\Users\Tobias Baumann\file.db
[2011.04.29 12:14:31 | 000,002,243 | ---- | C] () -- C:\Users\Tobias Baumann\file.err
[2011.03.17 12:55:28 | 000,024,576 | ---- | C] () -- C:\Users\Tobias Baumann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 11:49:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.11.20 00:22:57 | 000,000,279 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

< End of report >

Tobbo · 20.09.2012, 09:06

Extra Logfile ist zu lang. Deshalb als 7z.

Tobbo · 20.09.2012, 09:10

Code:

ATTFilter

10:07:09.0599 1796  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:07:09.0803 1796  ============================================================
10:07:09.0803 1796  Current date / time: 2012/09/20 10:07:09.0803
10:07:09.0803 1796  SystemInfo:
10:07:09.0803 1796  
10:07:09.0803 1796  OS Version: 6.1.7600 ServicePack: 0.0
10:07:09.0803 1796  Product type: Workstation
10:07:09.0803 1796  ComputerName: TOBIASBAUMANN
10:07:09.0804 1796  UserName: Tobias Baumann
10:07:09.0804 1796  Windows directory: C:\Windows
10:07:09.0804 1796  System windows directory: C:\Windows
10:07:09.0804 1796  Running under WOW64
10:07:09.0804 1796  Processor architecture: Intel x64
10:07:09.0804 1796  Number of processors: 2
10:07:09.0804 1796  Page size: 0x1000
10:07:09.0804 1796  Boot type: Normal boot
10:07:09.0804 1796  ============================================================
10:07:11.0184 1796  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:07:11.0196 1796  ============================================================
10:07:11.0196 1796  \Device\Harddisk0\DR0:
10:07:11.0196 1796  MBR partitions:
10:07:11.0197 1796  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
10:07:11.0197 1796  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1C8DC66B
10:07:11.0216 1796  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E63D000, BlocksNum 0xDEA4800
10:07:11.0238 1796  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2C4E2000, BlocksNum 0x2710000
10:07:11.0254 1796  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2EBF2800, BlocksNum 0xB793000
10:07:11.0254 1796  ============================================================
10:07:11.0290 1796  C: <-> \Device\Harddisk0\DR0\Partition2
10:07:11.0343 1796  E: <-> \Device\Harddisk0\DR0\Partition3
10:07:11.0373 1796  F: <-> \Device\Harddisk0\DR0\Partition4
10:07:11.0412 1796  H: <-> \Device\Harddisk0\DR0\Partition5
10:07:11.0413 1796  ============================================================
10:07:11.0413 1796  Initialize success
10:07:11.0413 1796  ============================================================
10:07:40.0115 4668  ============================================================
10:07:40.0115 4668  Scan started
10:07:40.0115 4668  Mode: Manual; TDLFS; 
10:07:40.0115 4668  ============================================================
10:07:40.0725 4668  ================ Scan system memory ========================
10:07:40.0725 4668  System memory - ok
10:07:40.0726 4668  ================ Scan services =============================
10:07:40.0883 4668  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
10:07:40.0887 4668  1394ohci - ok
10:07:40.0910 4668  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
10:07:40.0915 4668  ACPI - ok
10:07:40.0956 4668  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
10:07:40.0957 4668  AcpiPmi - ok
10:07:41.0086 4668  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:07:41.0087 4668  AdobeARMservice - ok
10:07:41.0133 4668  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:07:41.0140 4668  adp94xx - ok
10:07:41.0189 4668  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:07:41.0194 4668  adpahci - ok
10:07:41.0215 4668  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:07:41.0217 4668  adpu320 - ok
10:07:41.0252 4668  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:07:41.0253 4668  AeLookupSvc - ok
10:07:41.0306 4668  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
10:07:41.0312 4668  AFD - ok
10:07:41.0352 4668  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
10:07:41.0353 4668  agp440 - ok
10:07:41.0392 4668  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:07:41.0393 4668  ALG - ok
10:07:41.0429 4668  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
10:07:41.0430 4668  aliide - ok
10:07:41.0473 4668  [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:07:41.0476 4668  AMD External Events Utility - ok
10:07:41.0484 4668  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
10:07:41.0485 4668  amdide - ok
10:07:41.0526 4668  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:07:41.0527 4668  AmdK8 - ok
10:07:41.0551 4668  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:07:41.0552 4668  AmdPPM - ok
10:07:41.0600 4668  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:07:41.0601 4668  amdsata - ok
10:07:41.0644 4668  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:07:41.0647 4668  amdsbs - ok
10:07:41.0669 4668  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:07:41.0670 4668  amdxata - ok
10:07:41.0756 4668  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:07:41.0758 4668  AntiVirSchedulerService - ok
10:07:41.0808 4668  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:07:41.0810 4668  AntiVirService - ok
10:07:41.0848 4668  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
10:07:41.0849 4668  AppID - ok
10:07:41.0882 4668  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:07:41.0883 4668  AppIDSvc - ok
10:07:41.0908 4668  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
10:07:41.0910 4668  Appinfo - ok
10:07:41.0948 4668  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:07:41.0950 4668  arc - ok
10:07:41.0977 4668  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:07:41.0979 4668  arcsas - ok
10:07:42.0106 4668  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:07:42.0107 4668  aspnet_state - ok
10:07:42.0145 4668  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:07:42.0146 4668  AsyncMac - ok
10:07:42.0160 4668  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
10:07:42.0161 4668  atapi - ok
10:07:42.0205 4668  [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
10:07:42.0207 4668  AtiHdmiService - ok
10:07:42.0396 4668  [ A08339AE90972E268B9622C668F450E8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:07:42.0544 4668  atikmdag - ok
10:07:42.0589 4668  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:07:42.0600 4668  AudioEndpointBuilder - ok
10:07:42.0615 4668  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:07:42.0623 4668  AudioSrv - ok
10:07:42.0684 4668  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:07:42.0686 4668  avgntflt - ok
10:07:42.0721 4668  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:07:42.0722 4668  avipbb - ok
10:07:42.0793 4668  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:07:42.0794 4668  avkmgr - ok
10:07:42.0831 4668  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:07:42.0833 4668  AxInstSV - ok
10:07:42.0882 4668  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:07:42.0888 4668  b06bdrv - ok
10:07:42.0926 4668  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:07:42.0929 4668  b57nd60a - ok
10:07:43.0055 4668  [ B68B7EB9C8652E51654396AED5078E49 ] BBDemon         C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
10:07:45.0387 4668  BBDemon - ok
10:07:45.0466 4668  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:07:45.0468 4668  BBSvc - ok
10:07:45.0515 4668  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:07:45.0518 4668  BBUpdate - ok
10:07:45.0626 4668  [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
10:07:45.0627 4668  BCM42RLY - ok
10:07:45.0726 4668  [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
10:07:45.0795 4668  BCM43XX - ok
10:07:45.0848 4668  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:07:45.0849 4668  BDESVC - ok
10:07:45.0888 4668  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:07:45.0889 4668  Beep - ok
10:07:45.0954 4668  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
10:07:45.0964 4668  BFE - ok
10:07:46.0010 4668  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
10:07:46.0024 4668  BITS - ok
10:07:46.0065 4668  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:07:46.0066 4668  blbdrive - ok
10:07:46.0114 4668  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:07:46.0116 4668  bowser - ok
10:07:46.0138 4668  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:07:46.0139 4668  BrFiltLo - ok
10:07:46.0170 4668  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:07:46.0171 4668  BrFiltUp - ok
10:07:46.0206 4668  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
10:07:46.0209 4668  Browser - ok
10:07:46.0239 4668  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:07:46.0242 4668  Brserid - ok
10:07:46.0258 4668  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:07:46.0259 4668  BrSerWdm - ok
10:07:46.0293 4668  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:07:46.0294 4668  BrUsbMdm - ok
10:07:46.0304 4668  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:07:46.0305 4668  BrUsbSer - ok
10:07:46.0361 4668  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:07:46.0362 4668  BthEnum - ok
10:07:46.0391 4668  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:07:46.0392 4668  BTHMODEM - ok
10:07:46.0455 4668  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:07:46.0457 4668  BthPan - ok
10:07:46.0524 4668  [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:07:46.0532 4668  BTHPORT - ok
10:07:46.0574 4668  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:07:46.0576 4668  bthserv - ok
10:07:46.0621 4668  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:07:46.0622 4668  BTHUSB - ok
10:07:46.0660 4668  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:07:46.0662 4668  cdfs - ok
10:07:46.0695 4668  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:07:46.0697 4668  cdrom - ok
10:07:46.0736 4668  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:07:46.0738 4668  CertPropSvc - ok
10:07:46.0777 4668  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:07:46.0778 4668  circlass - ok
10:07:46.0806 4668  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:07:46.0811 4668  CLFS - ok
10:07:46.0875 4668  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:07:46.0877 4668  clr_optimization_v2.0.50727_32 - ok
10:07:46.0916 4668  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:07:46.0918 4668  clr_optimization_v2.0.50727_64 - ok
10:07:47.0039 4668  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:07:47.0041 4668  clr_optimization_v4.0.30319_32 - ok
10:07:47.0135 4668  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:07:47.0137 4668  clr_optimization_v4.0.30319_64 - ok
10:07:47.0178 4668  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:07:47.0178 4668  CmBatt - ok
10:07:47.0202 4668  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
10:07:47.0203 4668  cmdide - ok
10:07:47.0253 4668  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
10:07:47.0260 4668  CNG - ok
10:07:47.0300 4668  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:07:47.0301 4668  Compbatt - ok
10:07:47.0326 4668  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:07:47.0327 4668  CompositeBus - ok
10:07:47.0339 4668  COMSysApp - ok
10:07:47.0368 4668  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:07:47.0369 4668  crcdisk - ok
10:07:47.0436 4668  [ 0D7F96AF026D7C1AFDE2A83980A65018 ] CryptOSD        C:\Windows\system32\DRIVERS\CryptOSD.sys
10:07:47.0442 4668  CryptOSD - ok
10:07:47.0493 4668  [ F02786B66375292E58C8777082D4396D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:07:47.0497 4668  CryptSvc - ok
10:07:47.0537 4668  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:07:47.0539 4668  CtClsFlt - ok
10:07:47.0595 4668  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:07:47.0606 4668  DcomLaunch - ok
10:07:47.0640 4668  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:07:47.0645 4668  defragsvc - ok
10:07:47.0687 4668  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:07:47.0689 4668  DfsC - ok
10:07:47.0746 4668  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:07:47.0752 4668  Dhcp - ok
10:07:47.0781 4668  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:07:47.0782 4668  discache - ok
10:07:47.0822 4668  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:07:47.0823 4668  Disk - ok
10:07:47.0869 4668  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:07:47.0873 4668  Dnscache - ok
10:07:47.0960 4668  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
10:07:47.0962 4668  DockLoginService - ok
10:07:48.0011 4668  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
10:07:48.0015 4668  dot3svc - ok
10:07:48.0044 4668  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
10:07:48.0047 4668  DPS - ok
10:07:48.0072 4668  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:07:48.0073 4668  drmkaud - ok
10:07:48.0144 4668  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:07:48.0157 4668  DXGKrnl - ok
10:07:48.0199 4668  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:07:48.0202 4668  EapHost - ok
10:07:48.0346 4668  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:07:48.0398 4668  ebdrv - ok
10:07:48.0433 4668  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
10:07:48.0436 4668  EFS - ok
10:07:48.0509 4668  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:07:48.0518 4668  ehRecvr - ok
10:07:48.0556 4668  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:07:48.0558 4668  ehSched - ok
10:07:48.0607 4668  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:07:48.0614 4668  elxstor - ok
10:07:48.0710 4668  [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
10:07:48.0712 4668  EPSON_PM_RPCV4_01 - ok
10:07:48.0736 4668  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
10:07:48.0737 4668  ErrDev - ok
10:07:48.0800 4668  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:07:48.0807 4668  EventSystem - ok
10:07:48.0832 4668  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:07:48.0835 4668  exfat - ok
10:07:48.0869 4668  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:07:48.0872 4668  fastfat - ok
10:07:48.0912 4668  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
10:07:48.0922 4668  Fax - ok
10:07:48.0940 4668  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:07:48.0941 4668  fdc - ok
10:07:48.0984 4668  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:07:48.0986 4668  fdPHost - ok
10:07:49.0007 4668  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:07:49.0009 4668  FDResPub - ok
10:07:49.0041 4668  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:07:49.0042 4668  FileInfo - ok
10:07:49.0056 4668  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:07:49.0057 4668  Filetrace - ok
10:07:49.0069 4668  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:07:49.0070 4668  flpydisk - ok
10:07:49.0108 4668  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:07:49.0113 4668  FltMgr - ok
10:07:49.0176 4668  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
10:07:49.0193 4668  FontCache - ok
10:07:49.0247 4668  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:07:49.0248 4668  FontCache3.0.0.0 - ok
10:07:49.0269 4668  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:07:49.0270 4668  FsDepends - ok
10:07:49.0302 4668  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:07:49.0303 4668  Fs_Rec - ok
10:07:49.0342 4668  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:07:49.0345 4668  fvevol - ok
10:07:49.0387 4668  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:07:49.0388 4668  gagp30kx - ok
10:07:49.0426 4668  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
10:07:49.0438 4668  gpsvc - ok
10:07:49.0539 4668  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:07:49.0541 4668  gupdate - ok
10:07:49.0559 4668  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:07:49.0561 4668  gupdatem - ok
10:07:49.0586 4668  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:07:49.0586 4668  hcw85cir - ok
10:07:49.0621 4668  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:07:49.0624 4668  HDAudBus - ok
10:07:49.0651 4668  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:07:49.0651 4668  HidBatt - ok
10:07:49.0672 4668  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:07:49.0673 4668  HidBth - ok
10:07:49.0710 4668  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:07:49.0711 4668  HidIr - ok
10:07:49.0740 4668  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:07:49.0742 4668  hidserv - ok
10:07:49.0785 4668  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:07:49.0786 4668  HidUsb - ok
10:07:49.0800 4668  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:07:49.0803 4668  hkmsvc - ok
10:07:49.0838 4668  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:07:49.0843 4668  HomeGroupListener - ok
10:07:49.0880 4668  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:07:49.0885 4668  HomeGroupProvider - ok
10:07:49.0925 4668  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
10:07:49.0926 4668  HpSAMD - ok
10:07:49.0969 4668  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:07:49.0979 4668  HTTP - ok
10:07:49.0994 4668  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:07:49.0995 4668  hwpolicy - ok
10:07:50.0028 4668  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:07:50.0029 4668  i8042prt - ok
10:07:50.0082 4668  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:07:50.0088 4668  iaStorV - ok
10:07:50.0156 4668  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:07:50.0168 4668  idsvc - ok
10:07:50.0201 4668  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:07:50.0202 4668  iirsp - ok
10:07:50.0267 4668  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
10:07:50.0279 4668  IKEEXT - ok
10:07:50.0307 4668  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
10:07:50.0308 4668  intelide - ok
10:07:50.0339 4668  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:07:50.0340 4668  intelppm - ok
10:07:50.0370 4668  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:07:50.0373 4668  IPBusEnum - ok
10:07:50.0389 4668  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:07:50.0391 4668  IpFilterDriver - ok
10:07:50.0420 4668  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:07:50.0429 4668  iphlpsvc - ok
10:07:50.0456 4668  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:07:50.0457 4668  IPMIDRV - ok
10:07:50.0477 4668  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:07:50.0479 4668  IPNAT - ok
10:07:50.0503 4668  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:07:50.0504 4668  IRENUM - ok
10:07:50.0530 4668  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
10:07:50.0530 4668  isapnp - ok
10:07:50.0570 4668  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:07:50.0573 4668  iScsiPrt - ok
10:07:50.0614 4668  [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
10:07:50.0617 4668  k57nd60a - ok
10:07:50.0650 4668  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:07:50.0651 4668  kbdclass - ok
10:07:50.0676 4668  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:07:50.0677 4668  kbdhid - ok
10:07:50.0700 4668  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
10:07:50.0703 4668  KeyIso - ok
10:07:50.0742 4668  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:07:50.0743 4668  KSecDD - ok
10:07:50.0762 4668  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:07:50.0764 4668  KSecPkg - ok
10:07:50.0798 4668  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:07:50.0799 4668  ksthunk - ok
10:07:50.0831 4668  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:07:50.0838 4668  KtmRm - ok
10:07:50.0887 4668  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:07:50.0894 4668  LanmanServer - ok
10:07:50.0915 4668  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:07:50.0920 4668  LanmanWorkstation - ok
10:07:50.0971 4668  [ 174803F2EEA3B22165DFE0E5A1F20685 ] LgBttPort       C:\Windows\system32\DRIVERS\lgbtpt64.sys
10:07:50.0972 4668  LgBttPort - ok
10:07:51.0004 4668  [ 565F93BB7C0361E61B3DAEA670C354D6 ] lgbusenum       C:\Windows\system32\DRIVERS\lgbtbs64.sys
10:07:51.0005 4668  lgbusenum - ok
10:07:51.0017 4668  [ ABF477857B7CED873362EC92C6CE10A7 ] LGVMODEM        C:\Windows\system32\DRIVERS\lgvmdm64.sys
10:07:51.0018 4668  LGVMODEM - ok
10:07:51.0056 4668  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:07:51.0058 4668  lltdio - ok
10:07:51.0097 4668  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:07:51.0103 4668  lltdsvc - ok
10:07:51.0125 4668  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:07:51.0127 4668  lmhosts - ok
10:07:51.0180 4668  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:07:51.0181 4668  LSI_FC - ok
10:07:51.0202 4668  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:07:51.0204 4668  LSI_SAS - ok
10:07:51.0219 4668  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:07:51.0220 4668  LSI_SAS2 - ok
10:07:51.0255 4668  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:07:51.0257 4668  LSI_SCSI - ok
10:07:51.0294 4668  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:07:51.0295 4668  luafv - ok
10:07:51.0329 4668  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:07:51.0332 4668  Mcx2Svc - ok
10:07:51.0354 4668  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:07:51.0355 4668  megasas - ok
10:07:51.0399 4668  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:07:51.0403 4668  MegaSR - ok
10:07:51.0491 4668  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:07:51.0493 4668  Microsoft Office Groove Audit Service - ok
10:07:51.0531 4668  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:07:51.0534 4668  MMCSS - ok
10:07:51.0546 4668  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:07:51.0547 4668  Modem - ok
10:07:51.0591 4668  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:07:51.0592 4668  monitor - ok
10:07:51.0611 4668  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:07:51.0612 4668  mouclass - ok
10:07:51.0654 4668  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:07:51.0655 4668  mouhid - ok
10:07:51.0670 4668  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:07:51.0672 4668  mountmgr - ok
10:07:51.0702 4668  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
10:07:51.0704 4668  mpio - ok
10:07:51.0728 4668  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:07:51.0729 4668  mpsdrv - ok
10:07:51.0776 4668  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:07:51.0788 4668  MpsSvc - ok
10:07:51.0825 4668  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:07:51.0827 4668  MRxDAV - ok
10:07:51.0870 4668  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:07:51.0873 4668  mrxsmb - ok
10:07:51.0913 4668  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:07:51.0917 4668  mrxsmb10 - ok
10:07:51.0964 4668  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:07:51.0966 4668  mrxsmb20 - ok
10:07:51.0998 4668  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
10:07:51.0999 4668  msahci - ok
10:07:52.0022 4668  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
10:07:52.0024 4668  msdsm - ok
10:07:52.0046 4668  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:07:52.0049 4668  MSDTC - ok
10:07:52.0089 4668  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:07:52.0090 4668  Msfs - ok
10:07:52.0117 4668  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:07:52.0117 4668  mshidkmdf - ok
10:07:52.0124 4668  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
10:07:52.0125 4668  msisadrv - ok
10:07:52.0177 4668  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:07:52.0180 4668  MSiSCSI - ok
10:07:52.0188 4668  msiserver - ok
10:07:52.0223 4668  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:07:52.0224 4668  MSKSSRV - ok
10:07:52.0254 4668  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:07:52.0255 4668  MSPCLOCK - ok
10:07:52.0274 4668  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:07:52.0275 4668  MSPQM - ok
10:07:52.0303 4668  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:07:52.0309 4668  MsRPC - ok
10:07:52.0336 4668  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:07:52.0337 4668  mssmbios - ok
10:07:52.0426 4668  MSSQL$SQLEXPRESS - ok
10:07:52.0549 4668  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:07:52.0550 4668  MSSQLServerADHelper100 - ok
10:07:52.0593 4668  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:07:52.0594 4668  MSTEE - ok
10:07:52.0612 4668  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:07:52.0613 4668  MTConfig - ok
10:07:52.0644 4668  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:07:52.0646 4668  Mup - ok
10:07:52.0681 4668  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
10:07:52.0689 4668  napagent - ok
10:07:52.0750 4668  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:07:52.0755 4668  NativeWifiP - ok
10:07:52.0792 4668  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:07:52.0806 4668  NDIS - ok
10:07:52.0829 4668  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:07:52.0830 4668  NdisCap - ok
10:07:52.0871 4668  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:07:52.0872 4668  NdisTapi - ok
10:07:52.0907 4668  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:07:52.0908 4668  Ndisuio - ok
10:07:52.0928 4668  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:07:52.0931 4668  NdisWan - ok
10:07:52.0948 4668  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:07:52.0949 4668  NDProxy - ok
10:07:52.0983 4668  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:07:52.0985 4668  NetBIOS - ok
10:07:53.0005 4668  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:07:53.0008 4668  NetBT - ok
10:07:53.0022 4668  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
10:07:53.0025 4668  Netlogon - ok
10:07:53.0061 4668  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:07:53.0068 4668  Netman - ok
10:07:53.0131 4668  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:07:53.0163 4668  NetMsmqActivator - ok
10:07:53.0170 4668  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:07:53.0172 4668  NetPipeActivator - ok
10:07:53.0215 4668  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:07:53.0223 4668  netprofm - ok
10:07:53.0253 4668  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:07:53.0255 4668  NetTcpActivator - ok
10:07:53.0262 4668  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:07:53.0264 4668  NetTcpPortSharing - ok
10:07:53.0294 4668  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:07:53.0295 4668  nfrd960 - ok
10:07:53.0344 4668  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:07:53.0350 4668  NlaSvc - ok
10:07:53.0368 4668  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:07:53.0369 4668  Npfs - ok
10:07:53.0383 4668  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:07:53.0387 4668  nsi - ok
10:07:53.0402 4668  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:07:53.0403 4668  nsiproxy - ok
10:07:53.0491 4668  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:07:53.0513 4668  Ntfs - ok
10:07:53.0539 4668  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:07:53.0540 4668  Null - ok
10:07:53.0590 4668  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:07:53.0592 4668  nvraid - ok
10:07:53.0620 4668  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:07:53.0622 4668  nvstor - ok
10:07:53.0666 4668  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
10:07:53.0668 4668  nv_agp - ok
10:07:53.0750 4668  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:07:53.0756 4668  odserv - ok
10:07:53.0774 4668  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
10:07:53.0775 4668  ohci1394 - ok
10:07:53.0847 4668  [ 4F027AAC255FDFFBEA91CFF828DEB569 ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
10:07:53.0848 4668  OpenVPNService - ok
10:07:53.0906 4668  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:07:53.0908 4668  ose - ok
10:07:53.0946 4668  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:07:53.0952 4668  p2pimsvc - ok
10:07:53.0976 4668  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:07:53.0984 4668  p2psvc - ok
10:07:54.0017 4668  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:07:54.0018 4668  Parport - ok
10:07:54.0054 4668  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:07:54.0055 4668  partmgr - ok
10:07:54.0089 4668  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:07:54.0094 4668  PcaSvc - ok
10:07:54.0124 4668  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
10:07:54.0127 4668  pci - ok
10:07:54.0149 4668  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
10:07:54.0150 4668  pciide - ok
10:07:54.0177 4668  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:07:54.0180 4668  pcmcia - ok
10:07:54.0207 4668  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:07:54.0208 4668  pcw - ok
10:07:54.0253 4668  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:07:54.0262 4668  PEAUTH - ok
10:07:54.0331 4668  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:07:54.0334 4668  PerfHost - ok
10:07:54.0407 4668  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
10:07:54.0428 4668  pla - ok
10:07:54.0493 4668  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:07:54.0500 4668  PlugPlay - ok
10:07:54.0518 4668  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:07:54.0522 4668  PNRPAutoReg - ok
10:07:54.0546 4668  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:07:54.0552 4668  PNRPsvc - ok
10:07:54.0599 4668  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:07:54.0607 4668  PolicyAgent - ok
10:07:54.0639 4668  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:07:54.0645 4668  Power - ok
10:07:54.0680 4668  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:07:54.0682 4668  PptpMiniport - ok
10:07:54.0702 4668  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:07:54.0704 4668  Processor - ok
10:07:54.0758 4668  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
10:07:54.0763 4668  ProfSvc - ok
10:07:54.0778 4668  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:07:54.0780 4668  ProtectedStorage - ok
10:07:54.0808 4668  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:07:54.0810 4668  Psched - ok
10:07:54.0839 4668  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:07:54.0840 4668  PxHlpa64 - ok
10:07:54.0931 4668  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:07:54.0951 4668  ql2300 - ok
10:07:54.0990 4668  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:07:54.0992 4668  ql40xx - ok
10:07:55.0037 4668  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:07:55.0043 4668  QWAVE - ok
10:07:55.0060 4668  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:07:55.0061 4668  QWAVEdrv - ok
10:07:55.0095 4668  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:07:55.0096 4668  RasAcd - ok
10:07:55.0137 4668  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:07:55.0138 4668  RasAgileVpn - ok
10:07:55.0167 4668  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:07:55.0171 4668  RasAuto - ok
10:07:55.0205 4668  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:07:55.0207 4668  Rasl2tp - ok
10:07:55.0234 4668  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
10:07:55.0241 4668  RasMan - ok
10:07:55.0267 4668  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:07:55.0269 4668  RasPppoe - ok
10:07:55.0315 4668  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:07:55.0317 4668  RasSstp - ok
10:07:55.0334 4668  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:07:55.0339 4668  rdbss - ok
10:07:55.0353 4668  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:07:55.0354 4668  rdpbus - ok
10:07:55.0378 4668  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:07:55.0379 4668  RDPCDD - ok
10:07:55.0418 4668  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:07:55.0419 4668  RDPENCDD - ok
10:07:55.0442 4668  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:07:55.0443 4668  RDPREFMP - ok
10:07:55.0484 4668  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:07:55.0488 4668  RDPWD - ok
10:07:55.0527 4668  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:07:55.0529 4668  rdyboost - ok
10:07:55.0563 4668  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:07:55.0566 4668  RemoteAccess - ok
10:07:55.0582 4668  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:07:55.0587 4668  RemoteRegistry - ok
10:07:55.0655 4668  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:07:55.0657 4668  RFCOMM - ok
10:07:55.0700 4668  [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
10:07:55.0701 4668  rimmptsk - ok
10:07:55.0718 4668  [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
10:07:55.0719 4668  rimsptsk - ok
10:07:55.0764 4668  [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
10:07:55.0766 4668  rismxdp - ok
10:07:55.0799 4668  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
10:07:55.0800 4668  ROOTMODEM - ok
10:07:55.0838 4668  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:07:55.0842 4668  RpcEptMapper - ok
10:07:55.0877 4668  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:07:55.0879 4668  RpcLocator - ok
10:07:55.0907 4668  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
10:07:55.0915 4668  RpcSs - ok
10:07:55.0973 4668  [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
10:07:55.0976 4668  RsFx0103 - ok
10:07:56.0003 4668  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:07:56.0005 4668  rspndr - ok
10:07:56.0059 4668  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
10:07:56.0061 4668  s0016bus - ok
10:07:56.0110 4668  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
10:07:56.0111 4668  s0016mdfl - ok
10:07:56.0140 4668  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
10:07:56.0142 4668  s0016mdm - ok
10:07:56.0188 4668  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
10:07:56.0190 4668  s0016mgmt - ok
10:07:56.0259 4668  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
10:07:56.0260 4668  s0016nd5 - ok
10:07:56.0307 4668  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
10:07:56.0309 4668  s0016obex - ok
10:07:56.0352 4668  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
10:07:56.0354 4668  s0016unic - ok
10:07:56.0379 4668  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
10:07:56.0382 4668  SamSs - ok
10:07:56.0408 4668  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
10:07:56.0410 4668  sbp2port - ok
10:07:56.0446 4668  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:07:56.0450 4668  SCardSvr - ok
10:07:56.0468 4668  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:07:56.0469 4668  scfilter - ok
10:07:56.0537 4668  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
10:07:56.0556 4668  Schedule - ok
10:07:56.0582 4668  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:07:56.0584 4668  SCPolicySvc - ok
10:07:56.0622 4668  [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
10:07:56.0624 4668  sdbus - ok
10:07:56.0661 4668  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:07:56.0666 4668  SDRSVC - ok
10:07:56.0699 4668  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:07:56.0700 4668  secdrv - ok
10:07:56.0715 4668  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
10:07:56.0719 4668  seclogon - ok
10:07:56.0744 4668  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:07:56.0748 4668  SENS - ok
10:07:56.0771 4668  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:07:56.0775 4668  SensrSvc - ok
10:07:56.0803 4668  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:07:56.0804 4668  Serenum - ok
10:07:56.0823 4668  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:07:56.0824 4668  Serial - ok
10:07:56.0837 4668  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:07:56.0838 4668  sermouse - ok
10:07:56.0883 4668  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
10:07:56.0887 4668  SessionEnv - ok
10:07:56.0906 4668  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
10:07:56.0906 4668  sffdisk - ok
10:07:56.0933 4668  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:07:56.0934 4668  sffp_mmc - ok
10:07:56.0954 4668  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
10:07:56.0955 4668  sffp_sd - ok
10:07:56.0963 4668  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:07:56.0964 4668  sfloppy - ok
10:07:57.0119 4668  [ E15DA9B84D74AECB1AFB6B439FDFFB21 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
10:07:57.0127 4668  SftService - ok
10:07:57.0229 4668  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:07:57.0235 4668  SharedAccess - ok
10:07:57.0274 4668  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:07:57.0282 4668  ShellHWDetection - ok
10:07:57.0308 4668  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:07:57.0309 4668  SiSRaid2 - ok
10:07:57.0381 4668  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:07:57.0383 4668  SiSRaid4 - ok
10:07:57.0543 4668  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:07:57.0546 4668  SkypeUpdate - ok
10:07:57.0620 4668  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:07:57.0622 4668  Smb - ok
10:07:57.0736 4668  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:07:58.0103 4668  SNMPTRAP - ok
10:07:58.0287 4668  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
10:07:58.0289 4668  Sony PC Companion - ok
10:07:58.0375 4668  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:07:58.0376 4668  spldr - ok
10:07:58.0586 4668  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
10:07:58.0631 4668  Spooler - ok
10:07:59.0234 4668  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:07:59.0361 4668  sppsvc - ok
10:07:59.0383 4668  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:07:59.0387 4668  sppuinotify - ok
10:07:59.0733 4668  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
10:07:59.0735 4668  sprtsvc_DellSupportCenter - ok
10:08:00.0059 4668  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
10:08:00.0060 4668  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
10:08:00.0063 4668  sptd ( LockedFile.Multi.Generic ) - warning
10:08:00.0063 4668  sptd - detected LockedFile.Multi.Generic (1)
10:08:00.0122 4668  [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
10:08:00.0129 4668  SQLAgent$SQLEXPRESS - ok
10:08:00.0244 4668  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:08:00.0248 4668  SQLBrowser - ok
10:08:00.0373 4668  [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:08:00.0375 4668  SQLWriter - ok
10:08:00.0431 4668  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:08:00.0437 4668  srv - ok
10:08:00.0468 4668  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:08:00.0473 4668  srv2 - ok
10:08:00.0523 4668  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:08:00.0526 4668  srvnet - ok
10:08:00.0565 4668  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:08:00.0570 4668  SSDPSRV - ok
10:08:00.0584 4668  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:08:00.0589 4668  SstpSvc - ok
10:08:00.0683 4668  [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
10:08:00.0685 4668  STacSV - ok
10:08:00.0711 4668  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:08:00.0713 4668  stexstor - ok
10:08:00.0757 4668  [ 02E784FA49032F84964DB90A3ED81890 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
10:08:00.0764 4668  STHDA - ok
10:08:00.0806 4668  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
10:08:00.0817 4668  stisvc - ok
10:08:00.0847 4668  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:08:00.0848 4668  swenum - ok
10:08:00.0887 4668  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:08:00.0897 4668  swprv - ok
10:08:00.0943 4668  [ 1657B7442D5CE30533F5C4317716B468 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:08:00.0948 4668  SynTP - ok
10:08:01.0020 4668  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
10:08:01.0045 4668  SysMain - ok
10:08:01.0069 4668  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:08:01.0074 4668  TabletInputService - ok
10:08:01.0114 4668  [ 18A198FCB0C3EFD891BD567B69ADA6DA ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
10:08:01.0115 4668  tap0901 - ok
10:08:01.0160 4668  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:08:01.0168 4668  TapiSrv - ok
10:08:01.0186 4668  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:08:01.0190 4668  TBS - ok
10:08:01.0270 4668  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:08:01.0295 4668  Tcpip - ok
10:08:01.0359 4668  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:08:01.0377 4668  TCPIP6 - ok
10:08:01.0413 4668  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:08:01.0415 4668  tcpipreg - ok
10:08:01.0440 4668  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:08:01.0441 4668  TDPIPE - ok
10:08:01.0481 4668  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:08:01.0482 4668  TDTCP - ok
10:08:01.0520 4668  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:08:01.0522 4668  tdx - ok
10:08:01.0538 4668  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:08:01.0539 4668  TermDD - ok
10:08:01.0588 4668  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
10:08:01.0600 4668  TermService - ok
10:08:01.0620 4668  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:08:01.0624 4668  Themes - ok
10:08:01.0654 4668  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:08:01.0657 4668  THREADORDER - ok
10:08:01.0704 4668  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
10:08:01.0706 4668  tosporte - ok
10:08:01.0735 4668  [ 0ADC36861F0D11A916EF78995272FDB7 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
10:08:01.0738 4668  tosrfbd - ok
10:08:01.0794 4668  [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
10:08:01.0795 4668  tosrfbnp - ok
10:08:01.0835 4668  [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
10:08:01.0836 4668  Tosrfcom - ok
10:08:01.0862 4668  [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
10:08:01.0864 4668  Tosrfhid - ok
10:08:01.0915 4668  [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
10:08:01.0916 4668  tosrfnds - ok
10:08:01.0950 4668  [ E1E045240C1184FA6628F3C7E7FF85D8 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
10:08:01.0951 4668  TosRfSnd - ok
10:08:02.0000 4668  [ DA7AA562448E29CA895895920BFF8946 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
10:08:02.0001 4668  Tosrfusb - ok
10:08:02.0043 4668  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:08:02.0048 4668  TrkWks - ok
10:08:02.0104 4668  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:08:02.0107 4668  TrustedInstaller - ok
10:08:02.0126 4668  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:08:02.0128 4668  tssecsrv - ok
10:08:02.0180 4668  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:08:02.0183 4668  tunnel - ok
10:08:02.0206 4668  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:08:02.0207 4668  uagp35 - ok
10:08:02.0250 4668  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:08:02.0255 4668  udfs - ok
10:08:02.0291 4668  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:08:02.0295 4668  UI0Detect - ok
10:08:02.0329 4668  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
10:08:02.0330 4668  uliagpkx - ok
10:08:02.0360 4668  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:08:02.0362 4668  umbus - ok
10:08:02.0386 4668  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:08:02.0387 4668  UmPass - ok
10:08:02.0437 4668  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:08:02.0445 4668  upnphost - ok
10:08:02.0482 4668  [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus          C:\Windows\system32\DRIVERS\lgx64bus.sys
10:08:02.0483 4668  usbbus - ok
10:08:02.0514 4668  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:08:02.0515 4668  usbccgp - ok
10:08:02.0561 4668  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
10:08:02.0563 4668  usbcir - ok
10:08:02.0594 4668  [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag         C:\Windows\system32\DRIVERS\lgx64diag.sys
10:08:02.0595 4668  UsbDiag - ok
10:08:02.0635 4668  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:08:02.0636 4668  usbehci - ok
10:08:02.0687 4668  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:08:02.0693 4668  usbhub - ok
10:08:02.0735 4668  [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem        C:\Windows\system32\DRIVERS\lgx64modem.sys
10:08:02.0736 4668  USBModem - ok
10:08:02.0769 4668  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:08:02.0770 4668  usbohci - ok
10:08:02.0812 4668  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:08:02.0813 4668  usbprint - ok
10:08:02.0842 4668  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:08:02.0843 4668  usbscan - ok
10:08:02.0882 4668  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:08:02.0884 4668  USBSTOR - ok
10:08:02.0924 4668  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:08:02.0925 4668  usbuhci - ok
10:08:02.0992 4668  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:08:02.0995 4668  usbvideo - ok
10:08:03.0033 4668  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:08:03.0038 4668  UxSms - ok
10:08:03.0057 4668  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
10:08:03.0059 4668  VaultSvc - ok
10:08:03.0089 4668  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
10:08:03.0091 4668  vdrvroot - ok
10:08:03.0136 4668  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
10:08:03.0145 4668  vds - ok
10:08:03.0193 4668  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:08:03.0194 4668  vga - ok
10:08:03.0217 4668  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:08:03.0218 4668  VgaSave - ok
10:08:03.0244 4668  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
10:08:03.0246 4668  vhdmp - ok
10:08:03.0284 4668  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
10:08:03.0285 4668  viaide - ok
10:08:03.0309 4668  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
10:08:03.0310 4668  volmgr - ok
10:08:03.0338 4668  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:08:03.0344 4668  volmgrx - ok
10:08:03.0371 4668  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
10:08:03.0375 4668  volsnap - ok
10:08:03.0396 4668  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:08:03.0398 4668  vsmraid - ok
10:08:03.0463 4668  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
10:08:03.0489 4668  VSS - ok
10:08:03.0504 4668  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:08:03.0506 4668  vwifibus - ok
10:08:03.0547 4668  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:08:03.0549 4668  vwififlt - ok
10:08:03.0579 4668  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:08:03.0580 4668  vwifimp - ok
10:08:03.0613 4668  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:08:03.0620 4668  W32Time - ok
10:08:03.0639 4668  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:08:03.0640 4668  WacomPen - ok
10:08:03.0676 4668  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:08:03.0678 4668  WANARP - ok
10:08:03.0684 4668  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:08:03.0686 4668  Wanarpv6 - ok
10:08:03.0752 4668  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
10:08:03.0776 4668  wbengine - ok
10:08:03.0801 4668  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:08:03.0806 4668  WbioSrvc - ok
10:08:03.0859 4668  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:08:03.0867 4668  wcncsvc - ok
10:08:03.0896 4668  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:08:03.0900 4668  WcsPlugInService - ok
10:08:03.0932 4668  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:08:03.0934 4668  Wd - ok
10:08:03.0963 4668  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:08:03.0972 4668  Wdf01000 - ok
10:08:04.0012 4668  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:08:04.0017 4668  WdiServiceHost - ok
10:08:04.0023 4668  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:08:04.0029 4668  WdiSystemHost - ok
10:08:04.0078 4668  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
10:08:04.0085 4668  WebClient - ok
10:08:04.0121 4668  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:08:04.0127 4668  Wecsvc - ok
10:08:04.0147 4668  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:08:04.0151 4668  wercplsupport - ok
10:08:04.0198 4668  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:08:04.0202 4668  WerSvc - ok
10:08:04.0250 4668  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:08:04.0251 4668  WfpLwf - ok
10:08:04.0305 4668  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
10:08:04.0308 4668  WimFltr - ok
10:08:04.0326 4668  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:08:04.0327 4668  WIMMount - ok
10:08:04.0349 4668  WinDefend - ok
10:08:04.0363 4668  WinHttpAutoProxySvc - ok
10:08:04.0419 4668  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:08:04.0423 4668  Winmgmt - ok
10:08:04.0497 4668  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:08:04.0528 4668  WinRM - ok
10:08:04.0586 4668  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:08:04.0587 4668  WinUsb - ok
10:08:04.0643 4668  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:08:04.0659 4668  Wlansvc - ok
10:08:04.0698 4668  [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
10:08:04.0699 4668  wltrysvc - ok
10:08:04.0719 4668  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:08:04.0720 4668  WmiAcpi - ok
10:08:04.0759 4668  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:08:04.0762 4668  wmiApSrv - ok
10:08:04.0807 4668  WMPNetworkSvc - ok
10:08:04.0828 4668  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:08:04.0832 4668  WPCSvc - ok
10:08:04.0857 4668  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:08:04.0862 4668  WPDBusEnum - ok
10:08:04.0888 4668  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:08:04.0889 4668  ws2ifsl - ok
10:08:04.0925 4668  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:08:04.0930 4668  wscsvc - ok
10:08:04.0937 4668  WSearch - ok
10:08:05.0038 4668  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:08:05.0074 4668  wuauserv - ok
10:08:05.0106 4668  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:08:05.0108 4668  WudfPf - ok
10:08:05.0159 4668  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:08:05.0161 4668  WUDFRd - ok
10:08:05.0193 4668  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:08:05.0198 4668  wudfsvc - ok
10:08:05.0221 4668  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:08:05.0227 4668  WwanSvc - ok
10:08:05.0307 4668  ================ Scan global ===============================
10:08:05.0342 4668  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:08:05.0376 4668  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
10:08:05.0389 4668  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
10:08:05.0413 4668  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:08:05.0451 4668  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:08:05.0458 4668  [Global] - ok
10:08:05.0459 4668  ================ Scan MBR ==================================
10:08:05.0477 4668  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:08:06.0542 4668  \Device\Harddisk0\DR0 - ok
10:08:06.0543 4668  ================ Scan VBR ==================================
10:08:06.0566 4668  [ 97BFFEA9E60EE6D0689B8AEF9C382220 ] \Device\Harddisk0\DR0\Partition1
10:08:06.0568 4668  \Device\Harddisk0\DR0\Partition1 - ok
10:08:06.0584 4668  [ 07E53153A1A0D6F2E4850DABB2CEC8B6 ] \Device\Harddisk0\DR0\Partition2
10:08:06.0586 4668  \Device\Harddisk0\DR0\Partition2 - ok
10:08:06.0606 4668  [ BD5252C1EF4270C77C5E877C92DFF8CE ] \Device\Harddisk0\DR0\Partition3
10:08:06.0608 4668  \Device\Harddisk0\DR0\Partition3 - ok
10:08:06.0630 4668  [ 290A26839D2682AEED8DE9A464B1145E ] \Device\Harddisk0\DR0\Partition4
10:08:06.0632 4668  \Device\Harddisk0\DR0\Partition4 - ok
10:08:06.0656 4668  [ 8BB822589DE30BE3581732F607E136DB ] \Device\Harddisk0\DR0\Partition5
10:08:06.0658 4668  \Device\Harddisk0\DR0\Partition5 - ok
10:08:06.0658 4668  ============================================================
10:08:06.0658 4668  Scan finished
10:08:06.0658 4668  ============================================================
10:08:06.0680 3304  Detected object count: 1
10:08:06.0680 3304  Actual detected object count: 1
10:08:24.0987 3304  sptd ( LockedFile.Multi.Generic ) - skipped by user
10:08:24.0987 3304  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Tobbo · 20.09.2012, 09:25

aswMBR stürzt immer ab, siehe Bild

Psychotic · 20.09.2012, 10:47

defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Tobbo · 21.09.2012, 13:41

Hier die Log Datei:

Tobbo · 21.09.2012, 19:34

defogger ist erfolgreich durchgelaufen. Was muss ich nun tun?

Psychotic · 24.09.2012, 07:32

Schritt 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012.09.18 17:13:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Baumann\AppData\Roaming\Zuasy
[2012.09.18 17:13:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Baumann\AppData\Roaming\Ymryf
[2012.09.18 17:13:40 | 000,000,000 | ---D | C] -- C:\Users\Tobias Baumann\AppData\Roaming\Idpo
:COMMANDS
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2: MBAM

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Tobbo · 29.09.2012, 12:51

Hier zunächst der OTL Bericht:

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Tobias Baumann\AppData\Roaming\Zuasy folder moved successfully.
C:\Users\Tobias Baumann\AppData\Roaming\Ymryf folder moved successfully.
C:\Users\Tobias Baumann\AppData\Roaming\Idpo folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nadine Krisch
->Temp folder emptied: 2385177 bytes
->Temporary Internet Files folder emptied: 149016216 bytes
->Java cache emptied: 40858512 bytes
->Opera cache emptied: 390989 bytes
->Flash cache emptied: 5461 bytes
 
User: Public
 
User: Tobias Baumann
->Temp folder emptied: 82365056 bytes
->Temporary Internet Files folder emptied: 69535499 bytes
->Java cache emptied: 36011262 bytes
->FireFox cache emptied: 72347797 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 64583 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1359926 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 433,00 mb
 
 
OTL by OldTimer - Version 3.2.64.0 log created on 09292012_134044

Files\Folders moved on Reboot...
C:\Users\Tobias Baumann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

.. und hier MBAM:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.29.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Tobias Baumann :: TOBIASBAUMANN [Administrator]

29.09.2012 13:50:58
mbam-log-2012-09-29 (13-50-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225855
Laufzeit: 5 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Psychotic · 29.09.2012, 18:24

Wie verhält sich der Rechner?

Tobbo · 29.09.2012, 19:38

Habe keine Probleme, läuft gut. Sind die Viren/Trojaner was auch immer nun gekillt/behoben? Oder muss ich noch was tun?

Psychotic · 29.09.2012, 19:41

Sieht ganz gut aus - kontrollieren wir alles nochmal!

Schritt 1: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Tobbo · 30.09.2012, 13:13

Hier der MBAM Scan (vollständig):

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.29.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Tobias Baumann :: TOBIASBAUMANN [Administrator]

29.09.2012 20:51:48
mbam-log-2012-09-29 (20-51-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 672169
Laufzeit: 3 Stunde(n), 29 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Was ist mit den Quarantäne Dateien (MBAM)? Löschen? Lassen?

nach über 5,25 Std. habe ich zunächst abgebrochen. Hier das Zwischenergebnis:

Code:

ATTFilter

C:\Users\Tobias Baumann\AppData\Roaming\Mozilla\Firefox\Profiles\lu7fip6o.default\user.js	JS/SecurityDisabler.A.Gen Anwendung
C:\Windows\Installer\13910.msi	Variante von Win32/Toolbar.Widgi Anwendung

Muss bestimmt den gesamten Scan nochmal machen, aber der ESET Scan hat dennoch was entdeckt, obwohl MBAM keinen Fund gemeldet hat. Was nun?

29.09.2012, 18:24	#12
Psychotic /// Malwareteam	Heuristics.Shuriken mit Malewarebytes entdeckt Wie verhält sich der Rechner? __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Heuristics.Shuriken mit Malewarebytes entdeckt

Log-Analyse und Auswertung: Heuristics.Shuriken mit Malewarebytes entdeckt