Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wie werde ich search.conduit.com wieder los

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.11.2012, 19:44   #1
Roxana
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Guten Abend zusammen,

nachdem mein Mann gestern Abend ein Flugsimulator Spiel von der Seite CHIP online downgeloaded hat, hat es uns die Startseite im Firefox zersägt. Anstatt *google* haben wir nun eine Suchmaschine namens *search.conduit.com*, die wir nun wieder loswerden wollen. Eine Toolbar, die sich auch installiert hatte, haben wir bereits deinstalliert.

Blöderweise gab es kein Anzeichen einer Veränderung, außer nachdem sie eingetreten war.

Habt Ihr eine Idee?

Vielen Dank im voraus,
Roxana

Alt 05.11.2012, 18:32   #2
M-K-D-B
/// TB-Ausbilder
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Bevor ich euch effektiv helfen kann, benötige ich mehr Informationen.





Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von aswMBR,
  • die Logdatei von TDSSKiller.
__________________


Alt 06.11.2012, 18:21   #3
Roxana
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Hallo Matthias, vorab schon mal recht vielen Dank für deine Hilfe :-))OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.11.2012 18:12:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,17% Memory free
6,21 Gb Paging File | 4,96 Gb Available in Paging File | 79,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 418,75 Gb Free Space | 72,68% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (GoogleDesktopManager) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\SearchScopes,DefaultScope = {2896495D-3682-48B2-9738-9B3F41F1E321}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2896495D-3682-48B2-9738-9B3F41F1E321}: "URL" = hxxp://www.google.de/search?q={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2589893885-2041423269-550841957-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-2589893885-2041423269-550841957-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2589893885-2041423269-550841957-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2589893885-2041423269-550841957-1001\..\SearchScopes,DefaultScope = {2896495D-3682-48B2-9738-9B3F41F1E321}
IE - HKU\S-1-5-21-2589893885-2041423269-550841957-1001\..\SearchScopes\{2896495D-3682-48B2-9738-9B3F41F1E321}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_deDE295
IE - HKU\S-1-5-21-2589893885-2041423269-550841957-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT3241949.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.10.04 16:41:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.10.04 16:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.10.04 16:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.10.04 16:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.10.04 16:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 10:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 10:08:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 10:08:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 10:08:02 | 000,000,000 | ---D | M]
 
[2008.10.04 14:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.11.04 18:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\h659anik.default\extensions
[2012.04.15 08:54:00 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\h659anik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.10.27 10:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.27 10:08:00 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.10.27 10:08:01 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.10.27 10:08:06 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.17 11:06:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.18 12:49:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.18 12:49:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.18 12:49:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.18 12:49:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.18 12:49:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.18 12:49:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2589893885-2041423269-550841957-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2589893885-2041423269-550841957-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2589893885-2041423269-550841957-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2589893885-2041423269-550841957-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D518B81B-C86C-4312-909D-1C7E3AE76BAC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.03 19:13:06 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012.11.03 19:13:05 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012.11.03 19:12:58 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012.11.03 19:12:57 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012.11.03 19:12:57 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012.11.03 19:12:57 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012.11.03 19:12:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012.11.03 19:12:56 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012.11.03 19:12:56 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012.11.03 19:12:56 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012.11.03 19:12:55 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012.11.03 18:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flug-Model-Simulator
[2012.10.27 10:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.19 18:14:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.19 18:14:06 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.19 18:14:06 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.06 18:13:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.06 18:10:25 | 000,000,525 | ---- | M] () -- C:\Users\Christian\Desktop\OTL - Verknüpfung.lnk
[2012.11.06 18:07:41 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.06 18:07:41 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.06 18:07:41 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.06 18:07:41 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.06 18:00:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.06 18:00:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 18:00:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 18:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.06 17:59:57 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.04 21:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.04 21:07:02 | 000,380,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.03 18:12:55 | 000,010,240 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.30 14:43:05 | 000,009,130 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat
[2012.10.17 16:42:36 | 000,011,264 | ---- | M] () -- C:\Users\Christian\Documents\nwt protokolle.wps
[2012.10.17 16:42:33 | 000,035,840 | ---- | M] () -- C:\Users\Christian\Documents\Gips.wps
[2012.10.17 16:42:30 | 000,011,264 | ---- | M] () -- C:\Users\Christian\Documents\Härte.wps
[2012.10.17 16:29:07 | 000,010,240 | ---- | M] () -- C:\Users\Christian\Documents\Dichte_Spaltbarkeit.wps
[2012.10.14 10:22:18 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.14 10:22:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.11.06 18:10:25 | 000,000,525 | ---- | C] () -- C:\Users\Christian\Desktop\OTL - Verknüpfung.lnk
[2012.10.17 16:32:33 | 000,011,264 | ---- | C] () -- C:\Users\Christian\Documents\Härte.wps
[2012.10.17 16:29:06 | 000,010,240 | ---- | C] () -- C:\Users\Christian\Documents\Dichte_Spaltbarkeit.wps
[2012.10.17 16:13:58 | 000,011,264 | ---- | C] () -- C:\Users\Christian\Documents\nwt protokolle.wps
[2012.10.17 15:41:53 | 000,035,840 | ---- | C] () -- C:\Users\Christian\Documents\Gips.wps
[2011.10.03 12:06:11 | 000,017,408 | ---- | C] () -- C:\Users\Christian\AppData\Local\WebpageIcons.db
[2009.10.18 19:34:52 | 000,000,253 | ---- | C] () -- C:\Users\Christian\Mxcdr.ini
[2008.11.26 17:49:06 | 000,010,240 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.07 17:17:50 | 000,009,130 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat
[2007.06.19 15:25:08 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.10.26 17:05:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Buhl Data Service GmbH
[2012.11.03 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon
[2010.09.19 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen
[2012.07.28 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Deluxe Pacman
[2010.12.08 12:31:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Engelmann Media
[2010.05.27 16:54:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Lexware
[2008.10.26 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MAGIX
[2009.11.10 19:30:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2009.06.20 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PTV AG
[2008.12.31 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\RapidSolution
[2009.05.05 07:23:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SYBEX.PC-Fahrschule09.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1
[2008.10.07 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Template
[2008.10.04 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.11.2012 18:12:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,17% Memory free
6,21 Gb Paging File | 4,96 Gb Available in Paging File | 79,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 418,75 Gb Free Space | 72,68% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2589893885-2041423269-550841957-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2ED85D46-3BF2-49B3-9E99-5BC06776FEEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E2631A74-4E82-485C-B246-EE20A9A40A3D}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A303F31-98A8-406C-A0AA-89F96E264BE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1B4E75E8-E966-46E8-82B2-31901B1E6135}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{44DA55D9-B665-4EEE-9ECD-86B427C135CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B59B70EF-6490-4BA4-90C8-3331FFD55AE2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{BDA5E921-D6BF-4845-BD6A-8B74DE98EA70}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FA84B13E-A7CE-4082-98E3-AC2AAC5EE061}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{65BC9615-241D-4F71-85D7-E543C8B86627}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{70293613-EE13-40ED-A869-38D12D155090}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0805AE1C-D466-3264-0C8F-B05097BCD567}" = PC-Fahrschule 2009
"{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}" = MOTORRAD Tourenplaner 2008/2009
"{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}" = AAVUpdateManager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18674C2F-190C-4CD5-A1C9-A874F69F6C24}" = Radiotracker
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.6
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73F796D0-8F6C-45F8-86D6-085F7A36787B}" = Zusatzmodul GPS-Tourenplaner MTP09
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796E7201-1CC7-405B-937C-980BDF8DB14E}_is1" = CDox
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E3F4E29-823B-440A-9219-011452AAE502}" = Steuerprogramm2009
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{979FCA90-1FA4-482F-0001-393419DB8F1B}" = MyTube HD 4.0
"{991470F7-1A45-4E49-8905-D554A2A048A0}" = Carnet d'activités À plus! 2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5A58E2C-5DD0-45E5-8E8B-C1C24E9A786C}" = Fahrschule 2008
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Canon iP4600 series Benutzerregistrierung" = Canon iP4600 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Deluxe Pacman_is1" = Deluxe Pacman version 1.95
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LetsTrade" = LetsTrade Komponenten
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Music Cleaning Lab 2008 deluxe D" = MAGIX Music Cleaning Lab 2008 deluxe 9.0.0.0 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Moorhuhn Atlantis" = Moorhuhn Atlantis
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.0.1.229 (D)
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"Schach & Matt_is1" = Schach & Matt
"SYBEX.PC-Fahrschule09.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1" = Die neue PC-Fahrschule 2009
"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions
"Yahoo! Messenger" = Yahoo! Messenger
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2011 01:05:51 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2011 02:58:21 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2011 06:46:34 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2011 08:31:17 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2011 12:46:18 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.06.2011 04:00:58 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.06.2011 00:04:59 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.06.2011 05:51:52 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.06.2011 23:39:52 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.06.2011 10:13:03 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 19.10.2012 14:40:31 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 20.10.2012 02:23:41 | Computer Name = Christian-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{D518B81B-C86C-4312-909D-1C7E3AE76BAC} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 21.10.2012 08:15:28 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 22.10.2012 06:22:28 | Computer Name = Christian-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{D518B81B-C86C-4312-909D-1C7E3AE76BAC} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 01.11.2012 07:24:22 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03.11.2012 10:55:19 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 04.11.2012 12:44:44 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 04.11.2012 14:44:46 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 04.11.2012 16:08:38 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 04.11.2012 16:18:01 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---

Defogger hat keine Datei erstellt - was soll ich jetzt tun ???
__________________

Alt 06.11.2012, 20:33   #4
M-K-D-B
/// TB-Ausbilder
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Servus,



eventuell befindet sich die Datei unter
C:\Users\Christian\Downloads

das liegt aber dann daran, weil du DeFogger nicht auf den Desktop gespeichert hast, wie ich gesagt habe!


Fahre anschließend mit aswMBR und TDSSKiller fort.

Alt 06.11.2012, 20:36   #5
Roxana
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



doch ist auf dem desktop geht aber nicht mehr

der schwarze Kasten wird jetzt nicht mehr angezeigt ... habe defogger noch mal downgeloaded, vorher den anderen gelöscht, aber irgendwie will es nicht

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:44 on 06/11/2012 (Christian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

sorry ... jetzt hab ichs ^^ peinlich

die Anleitung für Schritt 3 besagt, dass ich das Antivirenprogramm ausschalten soll, also Kaspersky lahmlegen, solange das läuft ???


Alt 06.11.2012, 20:59   #6
M-K-D-B
/// TB-Ausbilder
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Servus,


ja, bitte deaktivieren. Nach dem Suchlauf wieder aktivieren bitte.

Alt 06.11.2012, 21:27   #7
Roxana
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 21:02:04
-----------------------------
21:02:04.646 OS Version: Windows 6.0.6002 Service Pack 2
21:02:04.646 Number of processors: 2 586 0x1706
21:02:04.646 ComputerName: CHRISTIAN-PC UserName: Christian
21:02:06.674 Initialize success
21:04:05.086 AVAST engine defs: 12110601
21:04:10.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:04:10.843 Disk 0 Vendor: WDC_WD64 05.0 Size: 610480MB BusType: 3
21:04:10.874 Disk 0 MBR read successfully
21:04:10.874 Disk 0 MBR scan
21:04:10.874 Disk 0 Windows VISTA default MBR code
21:04:10.889 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 589987 MB offset 2048
21:04:10.889 Disk 0 Partition - 00 0F Extended LBA 20489 MB offset 1208296782
21:04:10.921 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20489 MB offset 1208296845
21:04:10.952 Disk 0 scanning sectors +1250258625
21:04:11.014 Disk 0 scanning C:\Windows\system32\drivers
21:04:27.425 Service scanning
21:04:34.492 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
21:04:34.601 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
21:04:34.648 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
21:04:34.679 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
21:04:34.711 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
21:04:34.742 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
21:04:46.395 Modules scanning
21:04:59.405 Disk 0 trace - called modules:
21:04:59.452 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:04:59.452 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88c69398]
21:04:59.452 3 CLASSPNP.SYS[8d7ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87383028]
21:05:01.324 AVAST engine scan C:\Windows
21:05:05.302 AVAST engine scan C:\Windows\system32
21:08:08.337 AVAST engine scan C:\Windows\system32\drivers
21:08:20.536 AVAST engine scan C:\Users\Christian
21:20:25.265 AVAST engine scan C:\ProgramData
21:24:47.813 Scan finished successfully
21:25:12.212 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Downloads\MBR.dat"
21:25:12.227 The log file has been saved successfully to "C:\Users\Christian\Downloads\aswMBR.txt"


*****

AVAST hat vor dem Scan einen Download gemacht. Beisst sich das irgendwie mit Kaspersky bzw. muss ich das wieder runterlöschen ???:

Alt 06.11.2012, 21:29   #8
M-K-D-B
/// TB-Ausbilder
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Servus,


nein, keine Sorge, da "beißt" sich nichts.
Wir haben das schon hunderte Male gemacht.

Führe bitte noch den TDSSKiller aus und poste die Logdatei.

Alt 06.11.2012, 21:36   #9
Roxana
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



nächstes Problem ... das logfile von dem TDSS kann ich nicht speichern, hat aber auch nichts gefunden ... kann auch nicht kopieren^^

soll ich es morgen noch mal probieren??? Oder hast du einen Tipp, wie ich das logfile speichern kann??? die normalen Möglichkeiten versagen hier. Erst mal vielen Dank soweit,

Schöne Grüße :-))

21:32:07.0506 5152 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:32:07.0694 5152 ============================================================
21:32:07.0694 5152 Current date / time: 2012/11/06 21:32:07.0694
21:32:07.0694 5152 SystemInfo:
21:32:07.0694 5152
21:32:07.0694 5152 OS Version: 6.0.6002 ServicePack: 2.0
21:32:07.0694 5152 Product type: Workstation
21:32:07.0694 5152 ComputerName: CHRISTIAN-PC
21:32:07.0694 5152 UserName: Christian
21:32:07.0694 5152 Windows directory: C:\Windows
21:32:07.0694 5152 System windows directory: C:\Windows
21:32:07.0694 5152 Processor architecture: Intel x86
21:32:07.0694 5152 Number of processors: 2
21:32:07.0694 5152 Page size: 0x1000
21:32:07.0694 5152 Boot type: Normal boot
21:32:07.0694 5152 ============================================================
21:32:11.0438 5152 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:32:11.0484 5152 ============================================================
21:32:11.0484 5152 \Device\Harddisk0\DR0:
21:32:11.0484 5152 MBR partitions:
21:32:11.0484 5152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48051800
21:32:11.0500 5152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x4805258D, BlocksNum 0x2804934
21:32:11.0500 5152 ============================================================
21:32:11.0531 5152 C: <-> \Device\Harddisk0\DR0\Partition1
21:32:11.0578 5152 D: <-> \Device\Harddisk0\DR0\Partition2
21:32:11.0578 5152 ============================================================
21:32:11.0578 5152 Initialize success
21:32:11.0578 5152 ============================================================
21:32:17.0912 3880 ============================================================
21:32:17.0912 3880 Scan started
21:32:17.0912 3880 Mode: Manual;
21:32:17.0912 3880 ============================================================
21:32:18.0395 3880 ================ Scan system memory ========================
21:32:18.0395 3880 System memory - ok
21:32:18.0395 3880 ================ Scan services =============================
21:32:18.0489 3880 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
21:32:18.0504 3880 AAV UpdateService - ok
21:32:18.0957 3880 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:32:18.0957 3880 ACPI - ok
21:32:19.0082 3880 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:32:19.0097 3880 AdobeFlashPlayerUpdateSvc - ok
21:32:19.0690 3880 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:32:19.0706 3880 adp94xx - ok
21:32:19.0752 3880 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:32:19.0768 3880 adpahci - ok
21:32:19.0768 3880 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:32:19.0768 3880 adpu160m - ok
21:32:19.0784 3880 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:32:19.0784 3880 adpu320 - ok
21:32:19.0830 3880 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:32:19.0830 3880 AeLookupSvc - ok
21:32:19.0893 3880 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:32:19.0893 3880 AFD - ok
21:32:19.0940 3880 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:32:19.0940 3880 agp440 - ok
21:32:19.0986 3880 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:32:19.0986 3880 aic78xx - ok
21:32:20.0002 3880 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:32:20.0002 3880 ALG - ok
21:32:20.0033 3880 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:32:20.0033 3880 aliide - ok
21:32:20.0049 3880 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:32:20.0049 3880 amdagp - ok
21:32:20.0049 3880 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:32:20.0049 3880 amdide - ok
21:32:20.0096 3880 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:32:20.0096 3880 AmdK7 - ok
21:32:20.0096 3880 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:32:20.0096 3880 AmdK8 - ok
21:32:20.0158 3880 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:32:20.0158 3880 Appinfo - ok
21:32:20.0174 3880 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:32:20.0174 3880 arc - ok
21:32:20.0174 3880 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:32:20.0189 3880 arcsas - ok
21:32:20.0236 3880 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:20.0236 3880 AsyncMac - ok
21:32:20.0267 3880 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
21:32:20.0267 3880 atapi - ok
21:32:20.0345 3880 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:32:20.0345 3880 AudioEndpointBuilder - ok
21:32:20.0376 3880 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:32:20.0376 3880 Audiosrv - ok
21:32:20.0579 3880 AVP - ok
21:32:20.0626 3880 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:32:20.0626 3880 Beep - ok
21:32:20.0688 3880 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:32:20.0688 3880 BFE - ok
21:32:20.0735 3880 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:32:20.0766 3880 BITS - ok
21:32:20.0782 3880 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:32:20.0782 3880 blbdrive - ok
21:32:20.0829 3880 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:32:20.0829 3880 bowser - ok
21:32:20.0876 3880 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:32:20.0876 3880 BrFiltLo - ok
21:32:20.0891 3880 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:32:20.0891 3880 BrFiltUp - ok
21:32:20.0922 3880 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:32:20.0922 3880 Browser - ok
21:32:20.0969 3880 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:32:20.0969 3880 Brserid - ok
21:32:20.0969 3880 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:32:20.0969 3880 BrSerWdm - ok
21:32:20.0985 3880 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:32:21.0000 3880 BrUsbMdm - ok
21:32:21.0016 3880 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:32:21.0016 3880 BrUsbSer - ok
21:32:21.0078 3880 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:32:21.0078 3880 BTHMODEM - ok
21:32:21.0110 3880 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:32:21.0110 3880 cdfs - ok
21:32:21.0172 3880 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:32:21.0172 3880 cdrom - ok
21:32:21.0234 3880 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:32:21.0234 3880 CertPropSvc - ok
21:32:21.0250 3880 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:32:21.0250 3880 circlass - ok
21:32:21.0297 3880 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:32:21.0297 3880 CLFS - ok
21:32:21.0390 3880 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:21.0390 3880 clr_optimization_v2.0.50727_32 - ok
21:32:21.0468 3880 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:21.0468 3880 clr_optimization_v4.0.30319_32 - ok
21:32:21.0484 3880 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:32:21.0484 3880 cmdide - ok
21:32:21.0500 3880 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:32:21.0500 3880 Compbatt - ok
21:32:21.0515 3880 COMSysApp - ok
21:32:21.0515 3880 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:32:21.0515 3880 crcdisk - ok
21:32:21.0531 3880 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:32:21.0531 3880 Crusoe - ok
21:32:21.0578 3880 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:32:21.0578 3880 CryptSvc - ok
21:32:21.0624 3880 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:32:21.0656 3880 DcomLaunch - ok
21:32:21.0687 3880 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:32:21.0702 3880 DfsC - ok
21:32:21.0827 3880 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:32:21.0874 3880 DFSR - ok
21:32:21.0952 3880 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:32:21.0952 3880 Dhcp - ok
21:32:21.0999 3880 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:32:21.0999 3880 disk - ok
21:32:22.0046 3880 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:32:22.0046 3880 Dnscache - ok
21:32:22.0092 3880 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:32:22.0092 3880 dot3svc - ok
21:32:22.0139 3880 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:32:22.0139 3880 DPS - ok
21:32:22.0186 3880 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:32:22.0186 3880 drmkaud - ok
21:32:22.0248 3880 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:32:22.0248 3880 DXGKrnl - ok
21:32:22.0311 3880 [ 2DB565612E74E0C01780670270A6FD7F ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
21:32:22.0311 3880 e1express - ok
21:32:22.0358 3880 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:32:22.0358 3880 E1G60 - ok
21:32:22.0373 3880 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:32:22.0373 3880 EapHost - ok
21:32:22.0451 3880 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:32:22.0451 3880 Ecache - ok
21:32:22.0498 3880 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:32:22.0514 3880 ehRecvr - ok
21:32:22.0529 3880 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:32:22.0529 3880 ehSched - ok
21:32:22.0545 3880 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:32:22.0545 3880 ehstart - ok
21:32:22.0592 3880 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:32:22.0592 3880 elxstor - ok
21:32:22.0638 3880 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:32:22.0670 3880 EMDMgmt - ok
21:32:22.0716 3880 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:32:22.0716 3880 ErrDev - ok
21:32:22.0779 3880 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:32:22.0779 3880 EventSystem - ok
21:32:22.0826 3880 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:32:22.0826 3880 exfat - ok
21:32:22.0872 3880 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:32:22.0872 3880 fastfat - ok
21:32:22.0888 3880 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:32:22.0888 3880 fdc - ok
21:32:22.0904 3880 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:32:22.0904 3880 fdPHost - ok
21:32:22.0919 3880 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:32:22.0919 3880 FDResPub - ok
21:32:22.0966 3880 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:32:22.0966 3880 FileInfo - ok
21:32:22.0982 3880 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:32:22.0982 3880 Filetrace - ok
21:32:23.0855 3880 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
21:32:23.0918 3880 FirebirdServerMAGIXInstance - ok
21:32:23.0933 3880 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:32:23.0933 3880 flpydisk - ok
21:32:23.0980 3880 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:32:23.0980 3880 FltMgr - ok
21:32:24.0074 3880 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:32:24.0105 3880 FontCache - ok
21:32:24.0214 3880 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:32:24.0214 3880 FontCache3.0.0.0 - ok
21:32:24.0245 3880 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:32:24.0261 3880 Fs_Rec - ok
21:32:24.0276 3880 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:32:24.0276 3880 gagp30kx - ok
21:32:24.0401 3880 [ 33EFD5039EA1BFA623D8BB9FB787CB0F ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
21:32:24.0401 3880 GoogleDesktopManager - ok
21:32:24.0464 3880 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:32:24.0464 3880 gpsvc - ok
21:32:24.0573 3880 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:24.0573 3880 gupdate - ok
21:32:24.0604 3880 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:24.0604 3880 gupdatem - ok
21:32:24.0651 3880 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:32:24.0651 3880 gusvc - ok
21:32:24.0682 3880 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:32:24.0682 3880 HdAudAddService - ok
21:32:24.0744 3880 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:32:24.0760 3880 HDAudBus - ok
21:32:24.0791 3880 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:32:24.0791 3880 HidBth - ok
21:32:24.0807 3880 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:32:24.0807 3880 HidIr - ok
21:32:24.0854 3880 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:32:24.0854 3880 hidserv - ok
21:32:24.0900 3880 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:32:24.0900 3880 HidUsb - ok
21:32:24.0932 3880 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:32:24.0932 3880 hkmsvc - ok
21:32:24.0947 3880 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:32:24.0947 3880 HpCISSs - ok
21:32:24.0994 3880 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:32:25.0010 3880 HTTP - ok
21:32:25.0025 3880 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:32:25.0025 3880 i2omp - ok
21:32:25.0072 3880 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:32:25.0088 3880 i8042prt - ok
21:32:25.0150 3880 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:32:25.0150 3880 IAANTMON - ok
21:32:25.0181 3880 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:32:25.0197 3880 iaStor - ok
21:32:25.0197 3880 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:32:25.0212 3880 iaStorV - ok
21:32:25.0337 3880 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:32:25.0337 3880 IDriverT - ok
21:32:25.0415 3880 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:32:25.0446 3880 idsvc - ok
21:32:25.0462 3880 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:32:25.0462 3880 iirsp - ok
21:32:25.0587 3880 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:32:25.0946 3880 IJPLMSVC - ok
21:32:25.0977 3880 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:32:25.0992 3880 IKEEXT - ok
21:32:26.0086 3880 [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:32:26.0133 3880 IntcAzAudAddService - ok
21:32:26.0180 3880 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:32:26.0195 3880 intelide - ok
21:32:26.0242 3880 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:32:26.0242 3880 intelppm - ok
21:32:26.0289 3880 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:32:26.0289 3880 IPBusEnum - ok
21:32:26.0304 3880 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:32:26.0304 3880 IpFilterDriver - ok
21:32:26.0351 3880 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:32:26.0351 3880 iphlpsvc - ok
21:32:26.0367 3880 IpInIp - ok
21:32:26.0382 3880 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:32:26.0382 3880 IPMIDRV - ok
21:32:26.0398 3880 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:32:26.0398 3880 IPNAT - ok
21:32:26.0398 3880 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:32:26.0414 3880 IRENUM - ok
21:32:26.0429 3880 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:32:26.0429 3880 isapnp - ok
21:32:26.0476 3880 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:32:26.0476 3880 iScsiPrt - ok
21:32:26.0492 3880 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:32:26.0492 3880 iteatapi - ok
21:32:26.0538 3880 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:32:26.0538 3880 iteraid - ok
21:32:26.0554 3880 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:32:26.0554 3880 kbdclass - ok
21:32:26.0601 3880 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:32:26.0601 3880 kbdhid - ok
21:32:26.0616 3880 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:32:26.0616 3880 KeyIso - ok
21:32:26.0648 3880 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
21:32:26.0663 3880 kl1 - ok
21:32:26.0726 3880 [ 654BDF113971B6DFAEA21D5554EBF5F6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
21:32:26.0726 3880 KLIF - ok
21:32:26.0772 3880 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
21:32:26.0772 3880 KLIM6 - ok
21:32:26.0804 3880 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
21:32:26.0804 3880 klkbdflt - ok
21:32:26.0819 3880 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
21:32:26.0819 3880 klmouflt - ok
21:32:26.0850 3880 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
21:32:26.0850 3880 kltdi - ok
21:32:26.0866 3880 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
21:32:26.0866 3880 kneps - ok
21:32:26.0913 3880 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:32:26.0913 3880 KSecDD - ok
21:32:26.0944 3880 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:32:26.0944 3880 KtmRm - ok
21:32:27.0022 3880 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:32:27.0022 3880 LanmanServer - ok
21:32:27.0084 3880 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:32:27.0084 3880 LanmanWorkstation - ok
21:32:27.0131 3880 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:32:27.0131 3880 lltdio - ok
21:32:27.0162 3880 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:32:27.0178 3880 lltdsvc - ok
21:32:27.0194 3880 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:32:27.0194 3880 lmhosts - ok
21:32:27.0225 3880 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:32:27.0225 3880 LSI_FC - ok
21:32:27.0240 3880 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:32:27.0240 3880 LSI_SAS - ok
21:32:27.0303 3880 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:32:27.0303 3880 LSI_SCSI - ok
21:32:27.0318 3880 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:32:27.0318 3880 luafv - ok
21:32:27.0334 3880 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:32:27.0334 3880 Mcx2Svc - ok
21:32:27.0365 3880 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:32:27.0365 3880 megasas - ok
21:32:27.0412 3880 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:32:27.0412 3880 MegaSR - ok
21:32:27.0443 3880 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:32:27.0443 3880 MMCSS - ok
21:32:27.0459 3880 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:32:27.0474 3880 Modem - ok
21:32:27.0506 3880 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:32:27.0506 3880 monitor - ok
21:32:27.0521 3880 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:32:27.0521 3880 mouclass - ok
21:32:27.0521 3880 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:32:27.0537 3880 mouhid - ok
21:32:27.0552 3880 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:32:27.0552 3880 MountMgr - ok
21:32:27.0615 3880 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:32:27.0630 3880 MozillaMaintenance - ok
21:32:27.0662 3880 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:32:27.0677 3880 mpio - ok
21:32:27.0693 3880 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:32:27.0693 3880 mpsdrv - ok
21:32:27.0724 3880 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:32:27.0755 3880 MpsSvc - ok
21:32:27.0771 3880 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:32:27.0771 3880 Mraid35x - ok
21:32:27.0802 3880 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:32:27.0818 3880 MRxDAV - ok
21:32:27.0880 3880 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:32:27.0880 3880 mrxsmb - ok
21:32:27.0911 3880 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:32:27.0911 3880 mrxsmb10 - ok
21:32:27.0927 3880 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:32:27.0927 3880 mrxsmb20 - ok
21:32:27.0958 3880 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:32:27.0958 3880 msahci - ok
21:32:27.0974 3880 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:32:27.0974 3880 msdsm - ok
21:32:28.0005 3880 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:32:28.0005 3880 MSDTC - ok
21:32:28.0036 3880 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:32:28.0036 3880 Msfs - ok
21:32:28.0067 3880 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:32:28.0067 3880 msisadrv - ok
21:32:28.0098 3880 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:32:28.0098 3880 MSiSCSI - ok
21:32:28.0114 3880 msiserver - ok
21:32:28.0130 3880 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:32:28.0130 3880 MSKSSRV - ok
21:32:28.0176 3880 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:32:28.0176 3880 MSPCLOCK - ok
21:32:28.0176 3880 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:32:28.0192 3880 MSPQM - ok
21:32:28.0239 3880 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:32:28.0239 3880 MsRPC - ok
21:32:28.0286 3880 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:32:28.0286 3880 mssmbios - ok
21:32:28.0301 3880 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:32:28.0301 3880 MSTEE - ok
21:32:28.0332 3880 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:32:28.0332 3880 Mup - ok
21:32:28.0364 3880 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:32:28.0379 3880 napagent - ok
21:32:28.0442 3880 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:32:28.0442 3880 NativeWifiP - ok
21:32:28.0488 3880 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:32:28.0488 3880 NDIS - ok
21:32:28.0520 3880 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:32:28.0535 3880 NdisTapi - ok
21:32:28.0535 3880 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:32:28.0535 3880 Ndisuio - ok
21:32:28.0629 3880 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:32:28.0629 3880 NdisWan - ok
21:32:28.0629 3880 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:32:28.0644 3880 NDProxy - ok
21:32:28.0707 3880 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:32:29.0081 3880 Nero BackItUp Scheduler 3 - ok
21:32:29.0128 3880 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:32:29.0128 3880 NetBIOS - ok
21:32:29.0175 3880 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:32:29.0175 3880 netbt - ok
21:32:29.0190 3880 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:32:29.0190 3880 Netlogon - ok
21:32:29.0222 3880 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:32:29.0253 3880 Netman - ok
21:32:29.0300 3880 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:32:29.0315 3880 netprofm - ok
21:32:29.0362 3880 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:29.0362 3880 NetTcpPortSharing - ok
21:32:29.0378 3880 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:32:29.0378 3880 nfrd960 - ok
21:32:29.0393 3880 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:32:29.0393 3880 NlaSvc - ok
21:32:29.0471 3880 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:32:29.0643 3880 NMIndexingService - ok
21:32:29.0705 3880 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:32:29.0705 3880 Npfs - ok
21:32:29.0721 3880 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:32:29.0721 3880 nsi - ok
21:32:29.0736 3880 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:32:29.0736 3880 nsiproxy - ok
21:32:29.0799 3880 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:32:29.0830 3880 Ntfs - ok
21:32:29.0846 3880 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:32:29.0846 3880 ntrigdigi - ok
21:32:29.0861 3880 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:32:29.0861 3880 Null - ok
21:32:30.0064 3880 [ 440690DA4358D9682DBCC56DA7D419AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:32:30.0204 3880 nvlddmkm - ok
21:32:30.0236 3880 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:32:30.0236 3880 nvraid - ok
21:32:30.0251 3880 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:32:30.0267 3880 nvstor - ok
21:32:30.0282 3880 [ 11E1DC466C3E384C1A697B95DC5AA785 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:32:30.0470 3880 nvsvc - ok
21:32:30.0516 3880 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:32:30.0516 3880 nv_agp - ok
21:32:30.0532 3880 NwlnkFlt - ok
21:32:30.0532 3880 NwlnkFwd - ok
21:32:30.0641 3880 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:32:30.0657 3880 odserv - ok
21:32:30.0719 3880 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:32:30.0719 3880 ohci1394 - ok
21:32:30.0750 3880 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:32:30.0750 3880 ose - ok
21:32:30.0797 3880 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:32:30.0844 3880 p2pimsvc - ok
21:32:30.0844 3880 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:32:30.0860 3880 p2psvc - ok
21:32:30.0891 3880 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:32:30.0891 3880 Parport - ok
21:32:30.0922 3880 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:32:30.0922 3880 partmgr - ok
21:32:30.0938 3880 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:32:30.0938 3880 Parvdm - ok
21:32:30.0953 3880 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:32:30.0969 3880 PcaSvc - ok
21:32:31.0000 3880 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:32:31.0016 3880 pci - ok
21:32:31.0031 3880 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:32:31.0031 3880 pciide - ok
21:32:31.0047 3880 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:32:31.0047 3880 pcmcia - ok
21:32:31.0109 3880 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:32:31.0125 3880 PEAUTH - ok
21:32:31.0218 3880 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:32:31.0265 3880 pla - ok
21:32:31.0281 3880 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
21:32:31.0452 3880 PLFlash DeviceIoControl Service - ok
21:32:31.0499 3880 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:32:31.0546 3880 PlugPlay - ok
21:32:31.0562 3880 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:32:31.0562 3880 PNRPAutoReg - ok
21:32:31.0608 3880 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:32:31.0608 3880 PNRPsvc - ok
21:32:31.0671 3880 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:32:31.0671 3880 PolicyAgent - ok
21:32:31.0702 3880 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:32:31.0702 3880 PptpMiniport - ok
21:32:31.0733 3880 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:32:31.0733 3880 Processor - ok
21:32:31.0780 3880 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:32:31.0780 3880 ProfSvc - ok
21:32:31.0811 3880 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:32:31.0811 3880 ProtectedStorage - ok
21:32:31.0858 3880 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:32:31.0858 3880 PSched - ok
21:32:31.0936 3880 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:32:31.0967 3880 ql2300 - ok
21:32:31.0998 3880 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:32:31.0998 3880 ql40xx - ok
21:32:32.0030 3880 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:32:32.0030 3880 QWAVE - ok
21:32:32.0045 3880 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:32:32.0045 3880 QWAVEdrv - ok
21:32:32.0061 3880 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:32:32.0061 3880 RasAcd - ok
21:32:32.0076 3880 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:32:32.0092 3880 RasAuto - ok
21:32:32.0108 3880 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:32:32.0123 3880 Rasl2tp - ok
21:32:32.0170 3880 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:32:32.0186 3880 RasMan - ok
21:32:32.0217 3880 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:32:32.0217 3880 RasPppoe - ok
21:32:32.0264 3880 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:32:32.0264 3880 RasSstp - ok
21:32:32.0326 3880 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:32:32.0326 3880 rdbss - ok
21:32:32.0342 3880 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:32:32.0342 3880 RDPCDD - ok
21:32:32.0357 3880 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:32:32.0373 3880 rdpdr - ok
21:32:32.0373 3880 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:32:32.0373 3880 RDPENCDD - ok
21:32:32.0420 3880 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:32:32.0420 3880 RDPWD - ok
21:32:32.0498 3880 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:32:32.0498 3880 RemoteAccess - ok
21:32:32.0544 3880 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:32:32.0544 3880 RemoteRegistry - ok
21:32:32.0560 3880 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:32:32.0576 3880 RpcLocator - ok
21:32:32.0591 3880 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:32:32.0591 3880 RpcSs - ok
21:32:32.0607 3880 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:32:32.0607 3880 rspndr - ok
21:32:32.0622 3880 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:32:32.0622 3880 SamSs - ok
21:32:32.0638 3880 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:32:32.0638 3880 sbp2port - ok
21:32:32.0685 3880 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:32:32.0700 3880 SCardSvr - ok
21:32:32.0747 3880 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:32:32.0778 3880 Schedule - ok
21:32:32.0810 3880 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:32:32.0825 3880 SCPolicySvc - ok
21:32:32.0841 3880 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:32:32.0841 3880 SDRSVC - ok
21:32:32.0872 3880 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:32:32.0872 3880 secdrv - ok
21:32:32.0872 3880 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:32:32.0888 3880 seclogon - ok
21:32:32.0903 3880 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:32:32.0903 3880 SENS - ok
21:32:32.0919 3880 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:32:32.0919 3880 Serenum - ok
21:32:32.0950 3880 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:32:32.0950 3880 Serial - ok
21:32:32.0981 3880 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:32:32.0981 3880 sermouse - ok
21:32:33.0012 3880 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:32:33.0028 3880 SessionEnv - ok
21:32:33.0059 3880 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:32:33.0059 3880 sffdisk - ok
21:32:33.0075 3880 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:32:33.0075 3880 sffp_mmc - ok
21:32:33.0090 3880 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:32:33.0090 3880 sffp_sd - ok
21:32:33.0090 3880 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:32:33.0090 3880 sfloppy - ok
21:32:33.0153 3880 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:32:33.0153 3880 SharedAccess - ok
21:32:33.0200 3880 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:32:33.0200 3880 ShellHWDetection - ok
21:32:33.0215 3880 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:32:33.0215 3880 sisagp - ok
21:32:33.0231 3880 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:32:33.0231 3880 SiSRaid2 - ok
21:32:33.0246 3880 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:32:33.0246 3880 SiSRaid4 - ok
21:32:33.0356 3880 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:32:33.0434 3880 slsvc - ok
21:32:33.0480 3880 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:32:33.0496 3880 SLUINotify - ok
21:32:33.0543 3880 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:32:33.0543 3880 Smb - ok
21:32:33.0574 3880 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:32:33.0574 3880 SNMPTRAP - ok
21:32:33.0590 3880 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:32:33.0590 3880 spldr - ok
21:32:33.0636 3880 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:32:33.0636 3880 Spooler - ok
21:32:33.0683 3880 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:32:33.0699 3880 srv - ok
21:32:33.0730 3880 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:32:33.0730 3880 srv2 - ok
21:32:33.0777 3880 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:32:33.0777 3880 srvnet - ok
21:32:33.0792 3880 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:32:33.0792 3880 SSDPSRV - ok
21:32:33.0839 3880 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:32:33.0855 3880 SstpSvc - ok
21:32:33.0902 3880 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:32:33.0917 3880 stisvc - ok
21:32:33.0964 3880 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:32:33.0964 3880 swenum - ok
21:32:34.0011 3880 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:32:34.0026 3880 swprv - ok
21:32:34.0042 3880 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:32:34.0042 3880 Symc8xx - ok
21:32:34.0058 3880 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:32:34.0058 3880 Sym_hi - ok
21:32:34.0073 3880 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:32:34.0073 3880 Sym_u3 - ok
21:32:34.0120 3880 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:32:34.0151 3880 SysMain - ok
21:32:34.0182 3880 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:32:34.0182 3880 TabletInputService - ok
21:32:34.0245 3880 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:32:34.0245 3880 TapiSrv - ok
21:32:34.0260 3880 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:32:34.0260 3880 TBS - ok
21:32:34.0307 3880 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:32:34.0323 3880 Tcpip - ok
21:32:34.0354 3880 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:32:34.0370 3880 Tcpip6 - ok
21:32:34.0385 3880 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:32:34.0385 3880 tcpipreg - ok
21:32:34.0416 3880 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:32:34.0416 3880 TDPIPE - ok
21:32:34.0432 3880 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:32:34.0432 3880 TDTCP - ok
21:32:34.0479 3880 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:32:34.0479 3880 tdx - ok
21:32:34.0510 3880 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:32:34.0510 3880 TermDD - ok
21:32:34.0541 3880 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:32:34.0557 3880 TermService - ok
21:32:34.0572 3880 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:32:34.0572 3880 Themes - ok
21:32:34.0588 3880 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:32:34.0588 3880 THREADORDER - ok
21:32:34.0604 3880 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:32:34.0604 3880 TrkWks - ok
21:32:34.0666 3880 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:32:34.0666 3880 TrustedInstaller - ok
21:32:34.0697 3880 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:32:34.0697 3880 tssecsrv - ok
21:32:34.0744 3880 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:32:34.0744 3880 tunmp - ok
21:32:34.0775 3880 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:32:34.0775 3880 tunnel - ok
21:32:34.0791 3880 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:32:34.0791 3880 uagp35 - ok
21:32:34.0838 3880 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:32:34.0853 3880 udfs - ok
21:32:34.0869 3880 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:32:34.0884 3880 UI0Detect - ok
21:32:34.0900 3880 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:32:34.0900 3880 uliagpkx - ok
21:32:34.0916 3880 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:32:34.0916 3880 uliahci - ok
21:32:34.0931 3880 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:32:34.0947 3880 UlSata - ok
21:32:34.0947 3880 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:32:34.0947 3880 ulsata2 - ok
21:32:34.0962 3880 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:32:34.0962 3880 umbus - ok
21:32:34.0978 3880 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:32:34.0994 3880 upnphost - ok
21:32:35.0056 3880 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
21:32:35.0072 3880 UPnPService - ok
21:32:35.0134 3880 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:32:35.0134 3880 usbaudio - ok
21:32:35.0165 3880 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:32:35.0165 3880 usbccgp - ok
21:32:35.0181 3880 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:32:35.0181 3880 usbcir - ok
21:32:35.0212 3880 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:32:35.0212 3880 usbehci - ok
21:32:35.0259 3880 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:32:35.0259 3880 usbhub - ok
21:32:35.0290 3880 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:32:35.0290 3880 usbohci - ok
21:32:35.0321 3880 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:32:35.0321 3880 usbprint - ok
21:32:35.0368 3880 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:32:35.0368 3880 usbscan - ok
21:32:35.0368 3880 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:32:35.0384 3880 USBSTOR - ok
21:32:35.0399 3880 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:32:35.0399 3880 usbuhci - ok
21:32:35.0462 3880 [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc C:\Program Files\Windows Live\Messenger\usnsvc.exe
21:32:35.0477 3880 usnjsvc - ok
21:32:35.0524 3880 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:32:35.0524 3880 UxSms - ok
21:32:35.0571 3880 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:32:35.0602 3880 vds - ok
21:32:35.0618 3880 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:32:35.0633 3880 vga - ok
21:32:35.0633 3880 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:32:35.0633 3880 VgaSave - ok
21:32:35.0649 3880 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:32:35.0649 3880 viaagp - ok
21:32:35.0664 3880 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:32:35.0664 3880 ViaC7 - ok
21:32:35.0680 3880 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:32:35.0680 3880 viaide - ok
21:32:35.0696 3880 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:32:35.0696 3880 volmgr - ok
21:32:35.0758 3880 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:32:35.0758 3880 volmgrx - ok
21:32:35.0805 3880 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:32:35.0820 3880 volsnap - ok
21:32:35.0836 3880 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:32:35.0836 3880 vsmraid - ok
21:32:35.0883 3880 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:32:35.0930 3880 VSS - ok
21:32:35.0976 3880 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:32:35.0992 3880 W32Time - ok
21:32:36.0008 3880 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:32:36.0008 3880 WacomPen - ok
21:32:36.0008 3880 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:32:36.0023 3880 Wanarp - ok
21:32:36.0023 3880 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:32:36.0023 3880 Wanarpv6 - ok
21:32:36.0039 3880 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:32:36.0039 3880 wcncsvc - ok
21:32:36.0070 3880 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:32:36.0070 3880 WcsPlugInService - ok
21:32:36.0070 3880 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:32:36.0086 3880 Wd - ok
21:32:36.0101 3880 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:32:36.0101 3880 Wdf01000 - ok
21:32:36.0132 3880 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:32:36.0132 3880 WdiServiceHost - ok
21:32:36.0132 3880 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:32:36.0132 3880 WdiSystemHost - ok
21:32:36.0195 3880 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:32:36.0210 3880 WebClient - ok
21:32:36.0242 3880 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:32:36.0257 3880 Wecsvc - ok
21:32:36.0273 3880 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:32:36.0273 3880 wercplsupport - ok
21:32:36.0304 3880 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:32:36.0320 3880 WerSvc - ok
21:32:36.0366 3880 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:32:36.0366 3880 WinDefend - ok
21:32:36.0382 3880 WinHttpAutoProxySvc - ok
21:32:36.0413 3880 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:32:36.0413 3880 Winmgmt - ok
21:32:36.0476 3880 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:32:36.0522 3880 WinRM - ok
21:32:36.0600 3880 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:32:36.0616 3880 Wlansvc - ok
21:32:36.0694 3880 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:32:36.0694 3880 WLSetupSvc - ok
21:32:36.0725 3880 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:32:36.0725 3880 WmiAcpi - ok
21:32:36.0772 3880 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:32:36.0772 3880 wmiApSrv - ok
21:32:36.0850 3880 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:32:36.0881 3880 WMPNetworkSvc - ok
21:32:36.0928 3880 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:32:36.0928 3880 WPCSvc - ok
21:32:36.0975 3880 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:32:36.0990 3880 WPDBusEnum - ok
21:32:37.0037 3880 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:32:37.0037 3880 WpdUsb - ok
21:32:37.0131 3880 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:32:37.0146 3880 WPFFontCache_v0400 - ok
21:32:37.0193 3880 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:32:37.0193 3880 ws2ifsl - ok
21:32:37.0240 3880 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:32:37.0240 3880 wscsvc - ok
21:32:37.0240 3880 WSearch - ok
21:32:37.0318 3880 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:32:37.0349 3880 wuauserv - ok
21:32:37.0396 3880 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:32:37.0396 3880 WUDFRd - ok
21:32:37.0412 3880 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:32:37.0427 3880 wudfsvc - ok
21:32:37.0443 3880 ================ Scan global ===============================
21:32:37.0474 3880 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:32:37.0521 3880 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:32:37.0536 3880 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:32:37.0583 3880 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:32:37.0599 3880 [Global] - ok
21:32:37.0599 3880 ================ Scan MBR ==================================
21:32:37.0599 3880 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:32:38.0051 3880 \Device\Harddisk0\DR0 - ok
21:32:38.0051 3880 ================ Scan VBR ==================================
21:32:38.0051 3880 [ E25B3AAB48ECC19F2AC0CE98A6B28A01 ] \Device\Harddisk0\DR0\Partition1
21:32:38.0051 3880 \Device\Harddisk0\DR0\Partition1 - ok
21:32:38.0067 3880 [ D6E4F5B17F497AB2C33BEA5BF5D0B10B ] \Device\Harddisk0\DR0\Partition2
21:32:38.0067 3880 \Device\Harddisk0\DR0\Partition2 - ok
21:32:38.0067 3880 ============================================================
21:32:38.0067 3880 Scan finished
21:32:38.0067 3880 ============================================================
21:32:38.0082 3340 Detected object count: 0
21:32:38.0082 3340 Actual detected object count: 0
21:40:33.0295 2564 ============================================================
21:40:33.0295 2564 Scan started
21:40:33.0295 2564 Mode: Manual;
21:40:33.0295 2564 ============================================================
21:40:33.0716 2564 ================ Scan system memory ========================
21:40:33.0716 2564 System memory - ok
21:40:33.0716 2564 ================ Scan services =============================
21:40:33.0825 2564 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
21:40:33.0825 2564 AAV UpdateService - ok
21:40:33.0950 2564 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:40:33.0950 2564 ACPI - ok
21:40:34.0013 2564 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:40:34.0013 2564 AdobeFlashPlayerUpdateSvc - ok
21:40:34.0059 2564 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:40:34.0059 2564 adp94xx - ok
21:40:34.0075 2564 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:40:34.0075 2564 adpahci - ok
21:40:34.0091 2564 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:40:34.0091 2564 adpu160m - ok
21:40:34.0106 2564 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:40:34.0106 2564 adpu320 - ok
21:40:34.0137 2564 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:40:34.0137 2564 AeLookupSvc - ok
21:40:34.0200 2564 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:40:34.0200 2564 AFD - ok
21:40:34.0215 2564 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:40:34.0215 2564 agp440 - ok
21:40:34.0231 2564 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:40:34.0231 2564 aic78xx - ok
21:40:34.0247 2564 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:40:34.0247 2564 ALG - ok
21:40:34.0262 2564 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:40:34.0262 2564 aliide - ok
21:40:34.0278 2564 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:40:34.0278 2564 amdagp - ok
21:40:34.0293 2564 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:40:34.0293 2564 amdide - ok
21:40:34.0309 2564 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:40:34.0309 2564 AmdK7 - ok
21:40:34.0325 2564 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:40:34.0325 2564 AmdK8 - ok
21:40:34.0340 2564 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:40:34.0340 2564 Appinfo - ok
21:40:34.0356 2564 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:40:34.0356 2564 arc - ok
21:40:34.0371 2564 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:40:34.0371 2564 arcsas - ok
21:40:34.0387 2564 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:40:34.0387 2564 AsyncMac - ok
21:40:34.0403 2564 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
21:40:34.0403 2564 atapi - ok
21:40:34.0449 2564 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:40:34.0449 2564 AudioEndpointBuilder - ok
21:40:34.0465 2564 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:40:34.0481 2564 Audiosrv - ok
21:40:34.0590 2564 AVP - ok
21:40:34.0621 2564 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:40:34.0621 2564 Beep - ok
21:40:34.0668 2564 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:40:34.0668 2564 BFE - ok
21:40:34.0715 2564 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:40:34.0715 2564 BITS - ok
21:40:34.0730 2564 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:40:34.0730 2564 blbdrive - ok
21:40:34.0777 2564 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:40:34.0777 2564 bowser - ok
21:40:34.0793 2564 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:40:34.0793 2564 BrFiltLo - ok
21:40:34.0824 2564 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:40:34.0824 2564 BrFiltUp - ok
21:40:34.0839 2564 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:40:34.0839 2564 Browser - ok
21:40:34.0855 2564 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:40:34.0871 2564 Brserid - ok
21:40:34.0871 2564 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:40:34.0871 2564 BrSerWdm - ok
21:40:34.0886 2564 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:40:34.0886 2564 BrUsbMdm - ok
21:40:34.0902 2564 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:40:34.0917 2564 BrUsbSer - ok
21:40:34.0933 2564 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:40:34.0933 2564 BTHMODEM - ok
21:40:34.0949 2564 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:40:34.0949 2564 cdfs - ok
21:40:34.0980 2564 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:40:34.0980 2564 cdrom - ok
21:40:35.0027 2564 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:40:35.0027 2564 CertPropSvc - ok
21:40:35.0042 2564 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:40:35.0042 2564 circlass - ok
21:40:35.0089 2564 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:40:35.0089 2564 CLFS - ok
21:40:35.0167 2564 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:35.0167 2564 clr_optimization_v2.0.50727_32 - ok
21:40:35.0245 2564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:40:35.0245 2564 clr_optimization_v4.0.30319_32 - ok
21:40:35.0261 2564 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:40:35.0261 2564 cmdide - ok
21:40:35.0276 2564 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:40:35.0276 2564 Compbatt - ok
21:40:35.0292 2564 COMSysApp - ok
21:40:35.0292 2564 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:40:35.0292 2564 crcdisk - ok
21:40:35.0307 2564 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:40:35.0307 2564 Crusoe - ok
21:40:35.0339 2564 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:40:35.0339 2564 CryptSvc - ok
21:40:35.0401 2564 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:40:35.0401 2564 DcomLaunch - ok
21:40:35.0432 2564 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:40:35.0448 2564 DfsC - ok
21:40:35.0526 2564 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:40:35.0541 2564 DFSR - ok
21:40:35.0588 2564 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:40:35.0588 2564 Dhcp - ok
21:40:35.0619 2564 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:40:35.0619 2564 disk - ok
21:40:35.0651 2564 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:40:35.0651 2564 Dnscache - ok
21:40:35.0697 2564 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:40:35.0697 2564 dot3svc - ok
21:40:35.0729 2564 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:40:35.0729 2564 DPS - ok
21:40:35.0744 2564 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:40:35.0744 2564 drmkaud - ok
21:40:35.0807 2564 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:40:35.0807 2564 DXGKrnl - ok
21:40:35.0838 2564 [ 2DB565612E74E0C01780670270A6FD7F ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
21:40:35.0838 2564 e1express - ok
21:40:35.0853 2564 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:40:35.0853 2564 E1G60 - ok
21:40:35.0869 2564 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:40:35.0869 2564 EapHost - ok
21:40:35.0916 2564 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:40:35.0916 2564 Ecache - ok
21:40:35.0931 2564 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:40:35.0947 2564 ehRecvr - ok
21:40:35.0963 2564 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:40:35.0963 2564 ehSched - ok
21:40:35.0978 2564 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:40:35.0978 2564 ehstart - ok
21:40:35.0994 2564 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:40:35.0994 2564 elxstor - ok
21:40:36.0056 2564 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:40:36.0056 2564 EMDMgmt - ok
21:40:36.0072 2564 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:40:36.0072 2564 ErrDev - ok
21:40:36.0119 2564 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:40:36.0119 2564 EventSystem - ok
21:40:36.0165 2564 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:40:36.0165 2564 exfat - ok
21:40:36.0197 2564 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:40:36.0197 2564 fastfat - ok
21:40:36.0212 2564 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:40:36.0212 2564 fdc - ok
21:40:36.0212 2564 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:40:36.0212 2564 fdPHost - ok
21:40:36.0228 2564 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:40:36.0228 2564 FDResPub - ok
21:40:36.0243 2564 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:40:36.0243 2564 FileInfo - ok
21:40:36.0259 2564 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:40:36.0259 2564 Filetrace - ok
21:40:36.0368 2564 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
21:40:36.0384 2564 FirebirdServerMAGIXInstance - ok
21:40:36.0384 2564 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:40:36.0399 2564 flpydisk - ok
21:40:36.0399 2564 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:40:36.0399 2564 FltMgr - ok
21:40:36.0462 2564 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:40:36.0462 2564 FontCache - ok
21:40:36.0540 2564 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:40:36.0540 2564 FontCache3.0.0.0 - ok
21:40:36.0571 2564 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:40:36.0587 2564 Fs_Rec - ok
21:40:36.0587 2564 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:40:36.0587 2564 gagp30kx - ok
21:40:36.0649 2564 [ 33EFD5039EA1BFA623D8BB9FB787CB0F ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
21:40:36.0649 2564 GoogleDesktopManager - ok
21:40:36.0696 2564 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:40:36.0711 2564 gpsvc - ok
21:40:36.0789 2564 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:40:36.0789 2564 gupdate - ok
21:40:36.0805 2564 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:40:36.0805 2564 gupdatem - ok
21:40:36.0821 2564 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:40:36.0821 2564 gusvc - ok
21:40:36.0852 2564 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:40:36.0852 2564 HdAudAddService - ok
21:40:36.0899 2564 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:40:36.0914 2564 HDAudBus - ok
21:40:36.0930 2564 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:40:36.0930 2564 HidBth - ok
21:40:36.0930 2564 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:40:36.0930 2564 HidIr - ok
21:40:36.0977 2564 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:40:36.0977 2564 hidserv - ok
21:40:37.0008 2564 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:40:37.0008 2564 HidUsb - ok
21:40:37.0039 2564 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:40:37.0039 2564 hkmsvc - ok
21:40:37.0055 2564 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:40:37.0055 2564 HpCISSs - ok
21:40:37.0101 2564 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:40:37.0101 2564 HTTP - ok
21:40:37.0117 2564 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:40:37.0117 2564 i2omp - ok
21:40:37.0117 2564 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:40:37.0117 2564 i8042prt - ok
21:40:37.0164 2564 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:40:37.0164 2564 IAANTMON - ok
21:40:37.0195 2564 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:40:37.0195 2564 iaStor - ok
21:40:37.0226 2564 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:40:37.0226 2564 iaStorV - ok
21:40:37.0335 2564 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:40:37.0335 2564 IDriverT - ok
21:40:37.0413 2564 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:40:37.0413 2564 idsvc - ok
21:40:37.0429 2564 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:40:37.0429 2564 iirsp - ok
21:40:37.0491 2564 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:40:37.0491 2564 IJPLMSVC - ok
21:40:37.0523 2564 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:40:37.0538 2564 IKEEXT - ok
21:40:37.0601 2564 [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:40:37.0616 2564 IntcAzAudAddService - ok
21:40:37.0616 2564 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:40:37.0616 2564 intelide - ok
21:40:37.0632 2564 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:40:37.0632 2564 intelppm - ok
21:40:37.0663 2564 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:40:37.0663 2564 IPBusEnum - ok
21:40:37.0679 2564 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:37.0679 2564 IpFilterDriver - ok
21:40:37.0710 2564 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:40:37.0725 2564 iphlpsvc - ok
21:40:37.0725 2564 IpInIp - ok
21:40:37.0741 2564 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:40:37.0741 2564 IPMIDRV - ok
21:40:37.0757 2564 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:40:37.0757 2564 IPNAT - ok
21:40:37.0772 2564 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:40:37.0772 2564 IRENUM - ok
21:40:37.0788 2564 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:40:37.0788 2564 isapnp - ok
21:40:37.0835 2564 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:40:37.0835 2564 iScsiPrt - ok
21:40:37.0850 2564 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:40:37.0850 2564 iteatapi - ok
21:40:37.0850 2564 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:40:37.0850 2564 iteraid - ok
21:40:37.0881 2564 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:40:37.0881 2564 kbdclass - ok
21:40:37.0913 2564 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:40:37.0913 2564 kbdhid - ok
21:40:37.0944 2564 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:40:37.0944 2564 KeyIso - ok
21:40:37.0975 2564 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
21:40:37.0975 2564 kl1 - ok
21:40:38.0022 2564 [ 654BDF113971B6DFAEA21D5554EBF5F6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
21:40:38.0022 2564 KLIF - ok
21:40:38.0069 2564 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
21:40:38.0069 2564 KLIM6 - ok
21:40:38.0100 2564 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
21:40:38.0100 2564 klkbdflt - ok
21:40:38.0115 2564 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
21:40:38.0115 2564 klmouflt - ok
21:40:38.0147 2564 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
21:40:38.0147 2564 kltdi - ok
21:40:38.0162 2564 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
21:40:38.0162 2564 kneps - ok
21:40:38.0209 2564 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:40:38.0209 2564 KSecDD - ok
21:40:38.0240 2564 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:40:38.0256 2564 KtmRm - ok
21:40:38.0287 2564 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:40:38.0287 2564 LanmanServer - ok
21:40:38.0334 2564 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:40:38.0334 2564 LanmanWorkstation - ok
21:40:38.0365 2564 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:40:38.0365 2564 lltdio - ok
21:40:38.0381 2564 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:40:38.0396 2564 lltdsvc - ok
21:40:38.0412 2564 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:40:38.0412 2564 lmhosts - ok
21:40:38.0427 2564 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:40:38.0427 2564 LSI_FC - ok
21:40:38.0459 2564 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:40:38.0459 2564 LSI_SAS - ok
21:40:38.0459 2564 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:40:38.0459 2564 LSI_SCSI - ok
21:40:38.0490 2564 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:40:38.0490 2564 luafv - ok
21:40:38.0490 2564 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:40:38.0490 2564 Mcx2Svc - ok
21:40:38.0505 2564 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:40:38.0505 2564 megasas - ok
21:40:38.0537 2564 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:40:38.0537 2564 MegaSR - ok
21:40:38.0552 2564 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:40:38.0552 2564 MMCSS - ok
21:40:38.0568 2564 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:40:38.0568 2564 Modem - ok
21:40:38.0615 2564 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:40:38.0615 2564 monitor - ok
21:40:38.0615 2564 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:40:38.0615 2564 mouclass - ok
21:40:38.0630 2564 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:40:38.0630 2564 mouhid - ok
21:40:38.0646 2564 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:40:38.0646 2564 MountMgr - ok
21:40:38.0693 2564 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:40:38.0693 2564 MozillaMaintenance - ok
21:40:38.0708 2564 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:40:38.0708 2564 mpio - ok
21:40:38.0724 2564 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:40:38.0739 2564 mpsdrv - ok
21:40:38.0771 2564 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:40:38.0786 2564 MpsSvc - ok
21:40:38.0802 2564 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:40:38.0802 2564 Mraid35x - ok
21:40:38.0833 2564 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:40:38.0833 2564 MRxDAV - ok
21:40:38.0880 2564 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:38.0880 2564 mrxsmb - ok
21:40:38.0911 2564 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:38.0911 2564 mrxsmb10 - ok
21:40:38.0911 2564 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:38.0927 2564 mrxsmb20 - ok
21:40:38.0942 2564 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:40:38.0942 2564 msahci - ok
21:40:38.0958 2564 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:40:38.0958 2564 msdsm - ok
21:40:38.0973 2564 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:40:38.0973 2564 MSDTC - ok
21:40:39.0005 2564 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:40:39.0005 2564 Msfs - ok
21:40:39.0005 2564 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:40:39.0005 2564 msisadrv - ok
21:40:39.0051 2564 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:40:39.0051 2564 MSiSCSI - ok
21:40:39.0051 2564 msiserver - ok
21:40:39.0067 2564 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:40:39.0067 2564 MSKSSRV - ok
21:40:39.0083 2564 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:39.0083 2564 MSPCLOCK - ok
21:40:39.0083 2564 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:40:39.0083 2564 MSPQM - ok
21:40:39.0129 2564 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:40:39.0129 2564 MsRPC - ok
21:40:39.0145 2564 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:40:39.0145 2564 mssmbios - ok
21:40:39.0161 2564 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:40:39.0161 2564 MSTEE - ok
21:40:39.0192 2564 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:40:39.0192 2564 Mup - ok
21:40:39.0207 2564 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:40:39.0223 2564 napagent - ok
21:40:39.0270 2564 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:40:39.0270 2564 NativeWifiP - ok
21:40:39.0301 2564 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:40:39.0301 2564 NDIS - ok
21:40:39.0317 2564 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:39.0317 2564 NdisTapi - ok
21:40:39.0332 2564 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:39.0332 2564 Ndisuio - ok
21:40:39.0363 2564 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:39.0363 2564 NdisWan - ok
21:40:39.0379 2564 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:40:39.0379 2564 NDProxy - ok
21:40:39.0441 2564 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:40:39.0441 2564 Nero BackItUp Scheduler 3 - ok
21:40:39.0457 2564 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:40:39.0457 2564 NetBIOS - ok
21:40:39.0504 2564 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:40:39.0504 2564 netbt - ok
21:40:39.0519 2564 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:40:39.0519 2564 Netlogon - ok
21:40:39.0551 2564 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:40:39.0566 2564 Netman - ok
21:40:39.0582 2564 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:40:39.0582 2564 netprofm - ok
21:40:39.0597 2564 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:40:39.0597 2564 NetTcpPortSharing - ok
21:40:39.0613 2564 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:40:39.0613 2564 nfrd960 - ok
21:40:39.0629 2564 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:40:39.0629 2564 NlaSvc - ok
21:40:39.0707 2564 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:40:39.0707 2564 NMIndexingService - ok
21:40:39.0753 2564 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:40:39.0753 2564 Npfs - ok
21:40:39.0769 2564 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:40:39.0769 2564 nsi - ok
21:40:39.0769 2564 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:40:39.0769 2564 nsiproxy - ok
21:40:39.0847 2564 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:40:39.0847 2564 Ntfs - ok
21:40:39.0863 2564 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:40:39.0863 2564 ntrigdigi - ok
21:40:39.0863 2564 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:40:39.0863 2564 Null - ok
21:40:40.0034 2564 [ 440690DA4358D9682DBCC56DA7D419AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:40:40.0097 2564 nvlddmkm - ok
21:40:40.0112 2564 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:40:40.0112 2564 nvraid - ok
21:40:40.0128 2564 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:40:40.0128 2564 nvstor - ok
21:40:40.0143 2564 [ 11E1DC466C3E384C1A697B95DC5AA785 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:40:40.0143 2564 nvsvc - ok
21:40:40.0159 2564 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:40:40.0159 2564 nv_agp - ok
21:40:40.0159 2564 NwlnkFlt - ok
21:40:40.0175 2564 NwlnkFwd - ok
21:40:40.0237 2564 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:40:40.0237 2564 odserv - ok
21:40:40.0284 2564 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:40:40.0284 2564 ohci1394 - ok
21:40:40.0315 2564 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:40.0315 2564 ose - ok
21:40:40.0362 2564 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:40:40.0362 2564 p2pimsvc - ok
21:40:40.0377 2564 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:40:40.0393 2564 p2psvc - ok
21:40:40.0409 2564 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:40:40.0409 2564 Parport - ok
21:40:40.0424 2564 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:40:40.0424 2564 partmgr - ok
21:40:40.0440 2564 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:40:40.0440 2564 Parvdm - ok
21:40:40.0471 2564 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:40:40.0471 2564 PcaSvc - ok
21:40:40.0518 2564 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:40:40.0518 2564 pci - ok
21:40:40.0533 2564 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:40:40.0533 2564 pciide - ok
21:40:40.0549 2564 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:40:40.0549 2564 pcmcia - ok
21:40:40.0580 2564 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:40:40.0580 2564 PEAUTH - ok
21:40:40.0643 2564 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:40:40.0643 2564 pla - ok
21:40:40.0674 2564 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
21:40:40.0674 2564 PLFlash DeviceIoControl Service - ok
21:40:40.0721 2564 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:40:40.0721 2564 PlugPlay - ok
21:40:40.0736 2564 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:40:40.0736 2564 PNRPAutoReg - ok
21:40:40.0752 2564 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:40:40.0752 2564 PNRPsvc - ok
21:40:40.0799 2564 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:40:40.0799 2564 PolicyAgent - ok
21:40:40.0845 2564 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:40:40.0845 2564 PptpMiniport - ok
21:40:40.0861 2564 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:40:40.0861 2564 Processor - ok
21:40:40.0908 2564 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:40:40.0923 2564 ProfSvc - ok
21:40:40.0939 2564 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:40:40.0939 2564 ProtectedStorage - ok
21:40:40.0986 2564 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:40:40.0986 2564 PSched - ok
21:40:41.0017 2564 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:40:41.0033 2564 ql2300 - ok
21:40:41.0048 2564 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:40:41.0048 2564 ql40xx - ok
21:40:41.0064 2564 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:40:41.0079 2564 QWAVE - ok
21:40:41.0095 2564 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:40:41.0095 2564 QWAVEdrv - ok
21:40:41.0095 2564 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:40:41.0095 2564 RasAcd - ok
21:40:41.0111 2564 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:40:41.0126 2564 RasAuto - ok
21:40:41.0142 2564 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:41.0142 2564 Rasl2tp - ok
21:40:41.0189 2564 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:40:41.0189 2564 RasMan - ok
21:40:41.0220 2564 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:41.0235 2564 RasPppoe - ok
21:40:41.0267 2564 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:40:41.0267 2564 RasSstp - ok
21:40:41.0313 2564 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:40:41.0329 2564 rdbss - ok
21:40:41.0329 2564 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:41.0329 2564 RDPCDD - ok
21:40:41.0345 2564 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:40:41.0360 2564 rdpdr - ok
21:40:41.0360 2564 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:40:41.0360 2564 RDPENCDD - ok
21:40:41.0391 2564 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:40:41.0391 2564 RDPWD - ok
21:40:41.0454 2564 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:40:41.0454 2564 RemoteAccess - ok
21:40:41.0501 2564 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:40:41.0501 2564 RemoteRegistry - ok
21:40:41.0516 2564 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:40:41.0516 2564 RpcLocator - ok
21:40:41.0547 2564 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:40:41.0547 2564 RpcSs - ok
21:40:41.0563 2564 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:40:41.0563 2564 rspndr - ok
21:40:41.0579 2564 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:40:41.0579 2564 SamSs - ok
21:40:41.0594 2564 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:40:41.0594 2564 sbp2port - ok
21:40:41.0641 2564 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:40:41.0641 2564 SCardSvr - ok
21:40:41.0688 2564 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:40:41.0688 2564 Schedule - ok
21:40:41.0735 2564 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:40:41.0735 2564 SCPolicySvc - ok
21:40:41.0750 2564 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:40:41.0750 2564 SDRSVC - ok
21:40:41.0766 2564 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:40:41.0766 2564 secdrv - ok
21:40:41.0781 2564 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:40:41.0781 2564 seclogon - ok
21:40:41.0781 2564 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:40:41.0797 2564 SENS - ok
21:40:41.0813 2564 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:40:41.0813 2564 Serenum - ok
21:40:41.0828 2564 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:40:41.0828 2564 Serial - ok
21:40:41.0844 2564 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:40:41.0844 2564 sermouse - ok
21:40:41.0891 2564 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:40:41.0891 2564 SessionEnv - ok
21:40:41.0891 2564 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:40:41.0891 2564 sffdisk - ok
21:40:41.0906 2564 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:40:41.0906 2564 sffp_mmc - ok
21:40:41.0922 2564 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:40:41.0922 2564 sffp_sd - ok
21:40:41.0922 2564 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:40:41.0922 2564 sfloppy - ok
21:40:41.0953 2564 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:40:41.0953 2564 SharedAccess - ok
21:40:42.0000 2564 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:40:42.0000 2564 ShellHWDetection - ok
21:40:42.0015 2564 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:40:42.0015 2564 sisagp - ok
21:40:42.0031 2564 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:40:42.0031 2564 SiSRaid2 - ok
21:40:42.0047 2564 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:40:42.0047 2564 SiSRaid4 - ok
21:40:42.0156 2564 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:40:42.0187 2564 slsvc - ok
21:40:42.0218 2564 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:40:42.0218 2564 SLUINotify - ok
21:40:42.0265 2564 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:40:42.0265 2564 Smb - ok
21:40:42.0296 2564 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:40:42.0296 2564 SNMPTRAP - ok
21:40:42.0296 2564 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:40:42.0296 2564 spldr - ok
21:40:42.0343 2564 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:40:42.0359 2564 Spooler - ok
21:40:42.0405 2564 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:40:42.0405 2564 srv - ok
21:40:42.0437 2564 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:40:42.0437 2564 srv2 - ok
21:40:42.0468 2564 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:40:42.0468 2564 srvnet - ok
21:40:42.0483 2564 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:40:42.0483 2564 SSDPSRV - ok
21:40:42.0515 2564 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:40:42.0530 2564 SstpSvc - ok
21:40:42.0577 2564 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:40:42.0593 2564 stisvc - ok
21:40:42.0608 2564 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:40:42.0608 2564 swenum - ok
21:40:42.0639 2564 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:40:42.0655 2564 swprv - ok
21:40:42.0671 2564 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:40:42.0671 2564 Symc8xx - ok
21:40:42.0686 2564 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:40:42.0686 2564 Sym_hi - ok
21:40:42.0702 2564 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:40:42.0702 2564 Sym_u3 - ok
21:40:42.0749 2564 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:40:42.0749 2564 SysMain - ok
21:40:42.0764 2564 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:40:42.0780 2564 TabletInputService - ok
21:40:42.0827 2564 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:40:42.0827 2564 TapiSrv - ok
21:40:42.0842 2564 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:40:42.0842 2564 TBS - ok
21:40:42.0889 2564 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:40:42.0905 2564 Tcpip - ok
21:40:42.0936 2564 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:40:42.0951 2564 Tcpip6 - ok
21:40:42.0967 2564 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:40:42.0967 2564 tcpipreg - ok
21:40:42.0983 2564 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:40:42.0983 2564 TDPIPE - ok
21:40:42.0998 2564 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:40:42.0998 2564 TDTCP - ok
21:40:43.0045 2564 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:40:43.0045 2564 tdx - ok
21:40:43.0076 2564 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:40:43.0076 2564 TermDD - ok
21:40:43.0107 2564 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:40:43.0107 2564 TermService - ok
21:40:43.0123 2564 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:40:43.0139 2564 Themes - ok
21:40:43.0154 2564 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:40:43.0154 2564 THREADORDER - ok
21:40:43.0170 2564 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:40:43.0170 2564 TrkWks - ok
21:40:43.0232 2564 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:40:43.0232 2564 TrustedInstaller - ok
21:40:43.0248 2564 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:40:43.0263 2564 tssecsrv - ok
21:40:43.0263 2564 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:40:43.0263 2564 tunmp - ok
21:40:43.0295 2564 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:40:43.0295 2564 tunnel - ok
21:40:43.0326 2564 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:40:43.0326 2564 uagp35 - ok
21:40:43.0373 2564 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:40:43.0373 2564 udfs - ok
21:40:43.0388 2564 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:40:43.0388 2564 UI0Detect - ok
21:40:43.0435 2564 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:40:43.0435 2564 uliagpkx - ok
21:40:43.0451 2564 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:40:43.0451 2564 uliahci - ok
21:40:43.0466 2564 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:40:43.0466 2564 UlSata - ok
21:40:43.0482 2564 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:40:43.0482 2564 ulsata2 - ok
21:40:43.0497 2564 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:40:43.0497 2564 umbus - ok
21:40:43.0513 2564 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:40:43.0529 2564 upnphost - ok
21:40:43.0575 2564 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
21:40:43.0591 2564 UPnPService - ok
21:40:43.0622 2564 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:40:43.0622 2564 usbaudio - ok
21:40:43.0638 2564 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:40:43.0638 2564 usbccgp - ok
21:40:43.0653 2564 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:40:43.0653 2564 usbcir - ok
21:40:43.0669 2564 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:40:43.0669 2564 usbehci - ok
21:40:43.0716 2564 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:40:43.0716 2564 usbhub - ok
21:40:43.0747 2564 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:40:43.0747 2564 usbohci - ok
21:40:43.0778 2564 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:40:43.0778 2564 usbprint - ok
21:40:43.0794 2564 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:40:43.0794 2564 usbscan - ok
21:40:43.0825 2564 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:40:43.0825 2564 USBSTOR - ok
21:40:43.0841 2564 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:40:43.0841 2564 usbuhci - ok
21:40:43.0903 2564 [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc C:\Program Files\Windows Live\Messenger\usnsvc.exe
21:40:43.0919 2564 usnjsvc - ok
21:40:43.0950 2564 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:40:43.0950 2564 UxSms - ok
21:40:44.0012 2564 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:40:44.0028 2564 vds - ok
21:40:44.0043 2564 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:44.0043 2564 vga - ok
21:40:44.0043 2564 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:40:44.0043 2564 VgaSave - ok
21:40:44.0059 2564 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:40:44.0059 2564 viaagp - ok
21:40:44.0075 2564 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:40:44.0075 2564 ViaC7 - ok
21:40:44.0090 2564 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:40:44.0090 2564 viaide - ok
21:40:44.0106 2564 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:40:44.0106 2564 volmgr - ok
21:40:44.0153 2564 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:40:44.0168 2564 volmgrx - ok
21:40:44.0199 2564 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:40:44.0199 2564 volsnap - ok
21:40:44.0231 2564 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:40:44.0231 2564 vsmraid - ok
21:40:44.0277 2564 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:40:44.0293 2564 VSS - ok
21:40:44.0340 2564 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:40:44.0340 2564 W32Time - ok
21:40:44.0355 2564 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:40:44.0355 2564 WacomPen - ok
21:40:44.0371 2564 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:40:44.0371 2564 Wanarp - ok
21:40:44.0371 2564 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:40:44.0387 2564 Wanarpv6 - ok
21:40:44.0387 2564 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:40:44.0402 2564 wcncsvc - ok
21:40:44.0418 2564 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:40:44.0433 2564 WcsPlugInService - ok
21:40:44.0449 2564 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:40:44.0449 2564 Wd - ok
21:40:44.0465 2564 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:40:44.0465 2564 Wdf01000 - ok
21:40:44.0480 2564 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:40:44.0496 2564 WdiServiceHost - ok
21:40:44.0496 2564 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:40:44.0496 2564 WdiSystemHost - ok
21:40:44.0543 2564 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:40:44.0543 2564 WebClient - ok
21:40:44.0574 2564 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:40:44.0589 2564 Wecsvc - ok
21:40:44.0605 2564 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:40:44.0605 2564 wercplsupport - ok
21:40:44.0636 2564 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:40:44.0652 2564 WerSvc - ok
21:40:44.0699 2564 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:40:44.0699 2564 WinDefend - ok
21:40:44.0714 2564 WinHttpAutoProxySvc - ok
21:40:44.0745 2564 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:40:44.0745 2564 Winmgmt - ok
21:40:44.0792 2564 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:40:44.0808 2564 WinRM - ok
21:40:44.0855 2564 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:40:44.0870 2564 Wlansvc - ok
21:40:44.0933 2564 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:40:44.0933 2564 WLSetupSvc - ok
21:40:44.0948 2564 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:40:44.0948 2564 WmiAcpi - ok
21:40:44.0995 2564 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:40:44.0995 2564 wmiApSrv - ok
21:40:45.0026 2564 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:40:45.0026 2564 WMPNetworkSvc - ok
21:40:45.0042 2564 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:40:45.0042 2564 WPCSvc - ok
21:40:45.0089 2564 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:40:45.0089 2564 WPDBusEnum - ok
21:40:45.0135 2564 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:40:45.0135 2564 WpdUsb - ok
21:40:45.0260 2564 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:40:45.0260 2564 WPFFontCache_v0400 - ok
21:40:45.0276 2564 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:40:45.0291 2564 ws2ifsl - ok
21:40:45.0323 2564 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:40:45.0338 2564 wscsvc - ok
21:40:45.0338 2564 WSearch - ok
21:40:45.0401 2564 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:40:45.0416 2564 wuauserv - ok
21:40:45.0432 2564 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:45.0447 2564 WUDFRd - ok
21:40:45.0463 2564 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:40:45.0463 2564 wudfsvc - ok
21:40:45.0494 2564 ================ Scan global ===============================
21:40:45.0510 2564 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:40:45.0557 2564 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:40:45.0588 2564 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:40:45.0635 2564 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:40:45.0635 2564 [Global] - ok
21:40:45.0635 2564 ================ Scan MBR ==================================
21:40:45.0650 2564 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:40:46.0118 2564 \Device\Harddisk0\DR0 - ok
21:40:46.0118 2564 ================ Scan VBR ==================================
21:40:46.0118 2564 [ E25B3AAB48ECC19F2AC0CE98A6B28A01 ] \Device\Harddisk0\DR0\Partition1
21:40:46.0134 2564 \Device\Harddisk0\DR0\Partition1 - ok
21:40:46.0165 2564 [ D6E4F5B17F497AB2C33BEA5BF5D0B10B ] \Device\Harddisk0\DR0\Partition2
21:40:46.0165 2564 \Device\Harddisk0\DR0\Partition2 - ok
21:40:46.0165 2564 ============================================================
21:40:46.0165 2564 Scan finished
21:40:46.0165 2564 ============================================================
21:40:46.0165 0904 Detected object count: 0
21:40:46.0165 0904 Actual detected object count: 0
21:41:42.0277 2636 Deinitialize success


*******

Oh Mann ^^ ... das war schon gespeichert ... hab es jetzt dann doch gefunden ... wenn man keine Ahnung hat *lach* ...

Muss ich nu die keinen Tools usw. wieder löschen ???

Nix für ungut *lach*

Alt 07.11.2012, 18:01   #10
M-K-D-B
/// TB-Ausbilder
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Servus,



die hier verwendeten Programme entfernen wir am Ende der Bereinigung.







Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





Schritt 2
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von ComboFix.

Alt 08.11.2012, 09:30   #11
Roxana
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



# AdwCleaner v2.007 - Datei am 08/11/2012 um 09:26:56 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\h659anik.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19328

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\h659anik.default\prefs.js

Gelöscht : user_pref("CT3241949.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT3241949.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT3241949.1000234.TWC_TMP_city", "KREFELD");
Gelöscht : user_pref("CT3241949.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT3241949.1000234.TWC_locId", "GMXX0067");
Gelöscht : user_pref("CT3241949.1000234.TWC_location", "Krefeld, Deutschland");
Gelöscht : user_pref("CT3241949.1000234.TWC_region", "DE");
Gelöscht : user_pref("CT3241949.1000234.TWC_temp_dis", "c");
Gelöscht : user_pref("CT3241949.1000234.TWC_wind_dis", "kmh");
Gelöscht : user_pref("CT3241949.1000234.weatherData", "{\"icon\":\"31.png\",\"temperature\":\"9°C\",\"temperatu[...]
Gelöscht : user_pref("CT3241949.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3241949.FirstTime", "true");
Gelöscht : user_pref("CT3241949.FirstTimeFF3", "true");
Gelöscht : user_pref("CT3241949.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Gelöscht : user_pref("CT3241949.UserID", "UN89164050950300853");
Gelöscht : user_pref("CT3241949.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT3241949.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT3241949.embeddedsData", "[{\"appId\":\"129887071061272563\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3241949.enableAlerts", "always");
Gelöscht : user_pref("CT3241949.event_data", "JTVCJTVE");
Gelöscht : user_pref("CT3241949.fired_events", "AA==");
Gelöscht : user_pref("CT3241949.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT3241949.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT3241949.fixUrls", true);
Gelöscht : user_pref("CT3241949.installType", "Unknown");
Gelöscht : user_pref("CT3241949.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT3241949.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT3241949.isNewTabEnabled", true);
Gelöscht : user_pref("CT3241949.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT3241949.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3241949.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.key_date", "NA==");
Gelöscht : user_pref("CT3241949.keyword", true);
Gelöscht : user_pref("CT3241949.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT3241949.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT3241949.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Gelöscht : user_pref("CT3241949.search.searchAppId", "129887071061272563");
Gelöscht : user_pref("CT3241949.search.searchCount", "0");
Gelöscht : user_pref("CT3241949.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT3241949.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352049733640");
Gelöscht : user_pref("CT3241949.serviceLayer_services_appsMetadata_lastUpdate", "1352049733365");
Gelöscht : user_pref("CT3241949.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352049736114");
Gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.13.1.89_lastUpdate", "1352049961683");
Gelöscht : user_pref("CT3241949.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13520[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13520[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_optimizer_lastUpdate", "1352049736006");
Gelöscht : user_pref("CT3241949.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352049736059");
Gelöscht : user_pref("CT3241949.serviceLayer_services_searchAPI_lastUpdate", "1352049732362");
Gelöscht : user_pref("CT3241949.serviceLayer_services_serviceMap_lastUpdate", "1352049731969");
Gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352049736344");
Gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarSettings_lastUpdate", "1352049732242");
Gelöscht : user_pref("CT3241949.serviceLayer_services_translation_lastUpdate", "1352049733321");
Gelöscht : user_pref("CT3241949.settingsINI", true);
Gelöscht : user_pref("CT3241949.smartbar.CTID", "CT3241949");
Gelöscht : user_pref("CT3241949.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT3241949.smartbar.homepage", true);
Gelöscht : user_pref("CT3241949.smartbar.isHidden", false);
Gelöscht : user_pref("CT3241949.smartbar.toolbarName", "FileConverter 1.3 ");
Gelöscht : user_pref("CT3241949.toolbarBornServerTime", "4-11-2012");
Gelöscht : user_pref("CT3241949.toolbarCurrentServerTime", "4-11-2012");
Gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3241949&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "FileConverter 1.3 Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3241949");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q=[...]

*************************

AdwCleaner[S1].txt - [7423 octets] - [08/11/2012 09:26:56]

########## EOF - C:\AdwCleaner[S1].txt - [7483 octets] ##########

Hallo Matthias, hier nun das logfile zum combofix ... Was mir noch aufgefallen ist: Beim Starten des Browsers nach dem Neustart kam folgende Meldung: Firefox ist momentan nicht als Ihr Standardbrowser festgelegt. Möchten Sie ihn zu Ihrem Stardardbrowser machen? Ich habe das mit JA bestätigt ... Und das andere war, dass sonst beim Hochfahren des Rechners das Fenster mit dem Windows Live Messenger aufgegangen ist. Ich benutze den zwar nicht, aber nun isser weg ...

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-08.01 - Christian 08.11.2012   9:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1866 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-08 bis 2012-11-08  ))))))))))))))))))))))))))))))
.
.
2012-11-08 08:44 . 2012-11-08 08:46	--------	d-----w-	c:\users\Christian\AppData\Local\temp
2012-11-03 18:12 . 2005-05-26 14:34	2297552	----a-w-	c:\windows\system32\d3dx9_26.dll
2012-10-19 17:14 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-19 17:14 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-19 17:14 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-19 17:14 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-19 17:14 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-19 17:14 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-19 17:14 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-14 09:22 . 2012-04-05 06:12	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-14 09:22 . 2011-05-24 06:40	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-04 15:59 . 2012-07-25 12:53	25944	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-10-04 15:59 . 2012-05-25 17:38	25944	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2012-08-25 11:50 . 2012-09-24 11:27	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-24 11:27	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-24 11:27	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-24 11:27	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-08-25 11:44 . 2012-09-24 11:27	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-08-25 10:11 . 2012-09-24 11:27	385024	----a-w-	c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-24 11:27	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-24 11:27	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-13 16:24 . 2012-08-13 16:24	75096	----a-w-	c:\windows\system32\drivers\klflt.sys
2012-08-13 14:49 . 2012-08-13 14:49	144344	----a-w-	c:\windows\system32\drivers\kneps.sys
2012-10-27 09:08 . 2012-10-27 09:08	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-3-20 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04	8192	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:22]
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 14:16]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 14:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\h659anik.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2012-10-04 17:41; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2012-10-04 17:41; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-10-04 17:41; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2012-10-04 17:41; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-10-04 17:41; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: !HIDDEN! 2009-07-16 18:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-11-08 09:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-08  09:50:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-08 08:50
.
Vor Suchlauf: 6 Verzeichnis(se), 449.828.261.888 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 450.695.987.200 Bytes frei
.
- - End Of File - - 59E9F0F47139016F5AB82636A52FBE97
         
--- --- ---

Alt 08.11.2012, 20:12   #12
M-K-D-B
/// TB-Ausbilder
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Servus,


der Hinweis mit Firefox und Standardbrowser liegt an ComboFix. Keine Sorge, du kannst Firefox jederzeit wieder als Standardbrowser auswählen, wenn du das möchtest.


Hast du noch Probleme mit Conduit?
Wenn ja, in welchem Browser treten die Probleme noch auf?






Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Alt 09.11.2012, 10:10   #13
Roxana
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.11.2012 10:00:29 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 55,17% Memory free
6,21 Gb Paging File | 4,79 Gb Available in Paging File | 77,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 419,79 Gb Free Space | 72,86% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (GoogleDesktopManager) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2896495D-3682-48B2-9738-9B3F41F1E321}: "URL" = hxxp://www.google.de/search?q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {2896495D-3682-48B2-9738-9B3F41F1E321}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2896495D-3682-48B2-9738-9B3F41F1E321}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.10.04 16:41:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.10.04 16:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.10.04 16:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.10.04 16:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.10.04 16:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 10:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 10:08:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 10:08:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 10:08:02 | 000,000,000 | ---D | M]
 
[2008.10.04 14:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.11.04 18:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\h659anik.default\extensions
[2012.04.15 08:54:00 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\h659anik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.10.27 10:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.27 10:08:00 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.10.27 10:08:01 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.10.27 10:08:06 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.17 11:06:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.18 12:49:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.18 12:49:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.18 12:49:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.18 12:49:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.18 12:49:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.18 12:49:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.08 09:46:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D518B81B-C86C-4312-909D-1C7E3AE76BAC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.08 09:50:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.08 09:50:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp
[2012.11.08 09:50:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.08 09:35:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.08 09:35:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.08 09:35:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.08 09:35:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.08 09:35:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.08 09:35:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.03 18:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flug-Model-Simulator
[2012.10.27 10:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.09 09:59:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.09 09:59:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.09 09:59:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.09 09:59:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.09 09:54:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.09 09:52:23 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 09:52:23 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 09:52:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.09 09:52:15 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.08 09:46:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.08 09:34:00 | 000,000,556 | ---- | M] () -- C:\Users\Christian\Desktop\ComboFix - Verknüpfung.lnk
[2012.11.08 09:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.06 21:31:54 | 000,000,566 | ---- | M] () -- C:\Users\Christian\Desktop\tdsskiller - Verknüpfung.lnk
[2012.11.06 21:13:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.06 20:47:15 | 000,000,544 | ---- | M] () -- C:\Users\Christian\Desktop\aswMBR - Verknüpfung.lnk
[2012.11.06 20:44:11 | 000,000,556 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger - Verknüpfung.lnk
[2012.11.06 20:43:20 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.11.06 18:25:14 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2012.11.06 18:10:25 | 000,000,525 | ---- | M] () -- C:\Users\Christian\Desktop\OTL - Verknüpfung.lnk
[2012.11.04 21:07:02 | 000,380,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.03 18:12:55 | 000,010,240 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.30 14:43:05 | 000,009,130 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat
[2012.10.17 16:42:36 | 000,011,264 | ---- | M] () -- C:\Users\Christian\Documents\nwt protokolle.wps
[2012.10.17 16:42:33 | 000,035,840 | ---- | M] () -- C:\Users\Christian\Documents\Gips.wps
[2012.10.17 16:42:30 | 000,011,264 | ---- | M] () -- C:\Users\Christian\Documents\Härte.wps
[2012.10.17 16:29:07 | 000,010,240 | ---- | M] () -- C:\Users\Christian\Documents\Dichte_Spaltbarkeit.wps
 
========== Files Created - No Company Name ==========
 
[2012.11.08 09:35:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.08 09:35:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.08 09:35:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.08 09:35:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.08 09:35:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.08 09:34:00 | 000,000,556 | ---- | C] () -- C:\Users\Christian\Desktop\ComboFix - Verknüpfung.lnk
[2012.11.06 21:31:54 | 000,000,566 | ---- | C] () -- C:\Users\Christian\Desktop\tdsskiller - Verknüpfung.lnk
[2012.11.06 20:47:15 | 000,000,544 | ---- | C] () -- C:\Users\Christian\Desktop\aswMBR - Verknüpfung.lnk
[2012.11.06 20:44:11 | 000,000,556 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger - Verknüpfung.lnk
[2012.11.06 20:43:20 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe
[2012.11.06 18:25:14 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2012.11.06 18:10:25 | 000,000,525 | ---- | C] () -- C:\Users\Christian\Desktop\OTL - Verknüpfung.lnk
[2012.10.17 16:32:33 | 000,011,264 | ---- | C] () -- C:\Users\Christian\Documents\Härte.wps
[2012.10.17 16:29:06 | 000,010,240 | ---- | C] () -- C:\Users\Christian\Documents\Dichte_Spaltbarkeit.wps
[2012.10.17 16:13:58 | 000,011,264 | ---- | C] () -- C:\Users\Christian\Documents\nwt protokolle.wps
[2012.10.17 15:41:53 | 000,035,840 | ---- | C] () -- C:\Users\Christian\Documents\Gips.wps
[2011.10.03 12:06:11 | 000,017,408 | ---- | C] () -- C:\Users\Christian\AppData\Local\WebpageIcons.db
[2009.10.18 19:34:52 | 000,000,253 | ---- | C] () -- C:\Users\Christian\Mxcdr.ini
[2008.11.26 17:49:06 | 000,010,240 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.07 17:17:50 | 000,009,130 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.10.26 17:05:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Buhl Data Service GmbH
[2012.11.03 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon
[2010.09.19 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen
[2012.07.28 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Deluxe Pacman
[2010.12.08 12:31:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Engelmann Media
[2010.05.27 16:54:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Lexware
[2008.10.26 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MAGIX
[2009.11.10 19:30:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2009.06.20 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PTV AG
[2008.12.31 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\RapidSolution
[2009.05.05 07:23:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SYBEX.PC-Fahrschule09.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1
[2008.10.07 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Template
[2008.10.04 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---





Hallo Matthias,
Also, ich weiß nicht wirklich ob ich noch Probleme habe mit conduit, weil wir den Rechner seither nicht mehr wirklich benutzt haben. Lediglich Google haben wir wieder als Standard-Suchmaschine eingestellt, aber um auf Nummer sicher zu gehen, damit alle Fragmente von conduit entfernt werden können , haben wir uns dann hier die Hilfe gesucht ...
Das einzige, was wirklich komisch ist, dass das Windows Live messenger Fenster beim Hochstarten nicht mehr erscheint ... Es ist mir nur aufgefallen, brauchen tu ich es eh nicht ...

Alt 09.11.2012, 19:45   #14
M-K-D-B
/// TB-Ausbilder
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Servus,


Es kann sein, dass es sich bei dem Messenger um "Überbleibsel" gehandelt hat. Für gewöhnlich werden diese mit ComboFix und/oder AdwCleaner entfernt.
ok. wir kontrollieren nochmal alles.


Schritt 1
Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 10.11.2012, 15:59   #15
Roxana
 
Wie werde ich search.conduit.com wieder los - Standard

Wie werde ich search.conduit.com wieder los



Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.11.10.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
Christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

10.11.2012 15:54:50
mbam-log-2012-11-10 (15-54-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202447
Laufzeit: 4 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Antwort

Themen zu Wie werde ich search.conduit.com wieder los
.com, abend, bereits, chip, firefox, gestern, google, guten, installier, installiert, loswerden, namens, online, seite, spiel, startseite, suchmaschine, toolbar, veränderung, zeichen, zusammen




Ähnliche Themen: Wie werde ich search.conduit.com wieder los


  1. Lab.search.conduit.com entfernen
    Anleitungen, FAQs & Links - 08.05.2014 (2)
  2. conduit search
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (7)
  3. Search Conduit Entfernen
    Log-Analyse und Auswertung - 15.04.2014 (16)
  4. Conduit Search
    Log-Analyse und Auswertung - 23.03.2014 (7)
  5. http://search.fbdownloader.com/?channel=de Ist es gefährlich und wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2014 (1)
  6. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  7. search.conduit - Werbebanner und Pop-Ups
    Plagegeister aller Art und deren Bekämpfung - 15.01.2014 (7)
  8. search.conduit-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (9)
  9. Search Conduit
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (5)
  10. Search Conduit entfernen
    Plagegeister aller Art und deren Bekämpfung - 31.12.2013 (7)
  11. unerwünschte Werbung ... MalWare ... PlusHD3 ... Search-Gol ... wie werde ich diese wieder los?
    Log-Analyse und Auswertung - 25.11.2013 (15)
  12. Conduit Search - ist das ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (5)
  13. Wie werde ich search.conduit.com wieder los und ist die Herkunftsursache ein kompromitiertes System?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (13)
  14. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (8)
  15. wie werde ich delta search wieder los?
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (17)
  16. Werde search.conduit nicht mehr los
    Log-Analyse und Auswertung - 06.04.2013 (7)
  17. Wie werde ich "Delta Search" wieder los?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (47)

Zum Thema Wie werde ich search.conduit.com wieder los - Guten Abend zusammen, nachdem mein Mann gestern Abend ein Flugsimulator Spiel von der Seite CHIP online downgeloaded hat, hat es uns die Startseite im Firefox zersägt. Anstatt *google* haben wir - Wie werde ich search.conduit.com wieder los...
Archiv
Du betrachtest: Wie werde ich search.conduit.com wieder los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.