vermutlich verschickt dieses eee Trojaner emails

Doktor420 · 09.11.2012, 14:06

Hallo,
mit entsetzen fand ich den Windows Defender ausgeschaltet, keine Ahnung wie lange schon.
MbAM fand einiges und hat entfernt aber ich glaub da steckt noch mehr malware drin.

Zitat:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.09.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
jensandrea :: JENS-PC [Administrator]

Schutz: Aktiviert

09.11.2000 12:36:31
mbam-log-2000-11-09 (12-36-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194670
Laufzeit: 18 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Adware.Yontoo) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\YontooIEClient.Layers.1 (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\YontooIEClient.Layers (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Adware.Yontoo) -> Löschen bei Neustart.
C:\Users\jensandrea\AppData\Local\Temp\YontooIEClient.dll (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

mit was soll ich nun scannen?

--
gruß günther

markusg · 09.11.2012, 14:09

hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Doktor420 · 09.11.2012, 19:16

hier
teil 2
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.11.2000 15:10:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jensandrea\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,12 Mb Total Physical Memory | 145,48 Mb Available Physical Memory | 14,35% Memory free
1,99 Gb Paging File | 0,63 Gb Available in Paging File | 31,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 69,76 Gb Free Space | 69,76% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 77,62 Gb Free Space | 65,85% Space Free | Partition Type: NTFS
 
Computer Name: JENS-PC | User Name: jensandrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12280B92-1066-4AD5-A35C-AAB904665665}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{22197864-4419-41B8-BF0A-A43298D9F1E8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{22E94622-8296-4FF7-8157-9BA16B6536D5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{2E1FAB3A-2933-41AA-ACB7-6A6A5E3202BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{36B5E307-283E-476B-B391-E027863B3443}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3F99E5FB-C095-4249-9D05-AE8CA4DD5D1A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{403B9046-DD6D-4471-BFF9-9B7E47D7AFE3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{419F3FC6-9104-4E97-87CB-F66972599B91}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{42EFB156-17E5-4691-A572-CA061334E3BE}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{4B6FB17C-4453-4B09-9A22-695F62B94F6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{58904064-5FBD-4825-95E3-BBE79D72C26C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{645939C8-4D37-48A0-A426-388264E5A664}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6E8F7A44-0C35-4622-93B7-E45CC25C3AA1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{85BB014D-411C-47E1-8B8F-DADF59751A03}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{91704D2E-FCB5-44A2-BEB2-2CFD0DA7E148}" = lport=445 | protocol=6 | dir=in | app=system | 
"{95DF1DF8-1F05-492F-93C7-07F71F8D6D84}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9CC70467-3007-420C-8CB1-7D136A7AE44D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B80C892C-7C02-4EB3-84C0-38FAD6B48184}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D34A4A14-6D34-4825-A931-A5177D2B10A6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D774665A-B266-4F55-A6C7-92D595DEC089}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E7EDBD50-489D-4A00-99EF-5001D8BD477C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F06B5CE8-9F11-4D0E-947E-27328AC5FAA3}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5E46F8-8D28-43CE-94F6-C20F9F4CAF27}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0C8C3527-23E5-4094-BED4-B523AC44602C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1B779F1A-A896-474A-A354-885CF42BD544}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1C36313C-C843-449F-A459-B0FB67B5A374}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2A6BFD72-8B99-4113-879F-F2EA229C49AF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{31E1AFC3-FEC9-4B46-AE36-F0EE8EB73ECB}" = dir=in | app=c:\users\jensandrea\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{3429FCB3-8072-458F-AB11-F10DEB600609}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{35305AF6-1B61-4599-BBE9-3DD1B186D8DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5C396FEC-5878-4F77-A42F-4A6C8871335F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{62E6E047-5E5A-4B0F-B806-8C31C075E138}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{79C1F042-4026-40F3-AB61-44A2705C3032}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{85C80562-4AA9-42B6-A432-4A4C09628B94}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B492B915-B093-4DE3-976D-A6F974B27FD0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D076068C-DA72-4822-AC16-AE8F7565537B}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{D159ECBE-BEC9-4DB8-83B8-3B67FF859188}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{D4A93461-0061-4BF0-ACA9-4C205D9ECB4A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{30813A04-B153-473E-AA15-33B3C2CAC7F2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47AB8413-346A-4745-BC24-8520877313C1}" = Windows Live Family Safety
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9C05B2CC-68D0-4B46-A9C8-40CC4BF10C33}" = Windows Live Family Safety
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF33FDAF-22DE-4E3E-AFF7-A8648B473596}" = Windows Live Family Safety
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Eee Docking_is1" = Eee Docking 3.8.1
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iLivid" = iLivid
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PowerTeacher_is1" = PowerTeacher Version 23.04.026.R89.ER
"PriceGong" = PriceGong 2.6.6
"RealPlayer 12.0" = RealPlayer
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Softonic" = Softonic toolbar  on IE
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.10.2012 17:28:01 | Computer Name = Jens-pc | Source = Application Virtualization Client | ID = 5011
Description = {tid=DF8} Application Virtualization Client konnte Sitzung 35 nicht
 trennen (Dateisystemstatus 16D1200A-0000E0A2).
 
Error - 07.10.2012 17:28:01 | Computer Name = Jens-pc | Source = Application Virtualization Client | ID = 5017
Description = {tid=DF8} Application Virtualization Client konnte die Größe des Dateisystemcaches
 nicht bestimmen (Dateisystemstatus 16D07A0A-0000E0A2).
 
Error - 09.10.2012 16:07:26 | Computer Name = Jens-pc | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 17e8    Startzeit: 01cda65843e4e905    Endzeit: 450    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 09.10.2012 16:07:27 | Computer Name = Jens-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x1230  Startzeit der fehlerhaften Anwendung: 0x01cda6599762c55f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: f267c6b5-124c-11e2-b847-f46d04bcc2c8
 
Error - 10.10.2012 02:39:09 | Computer Name = Jens-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: MSHTML.dll, Version: 9.0.8112.16450,
 Zeitstempel: 0x50372c8a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00262690  ID des fehlerhaften
 Prozesses: 0x145c  Startzeit der fehlerhaften Anwendung: 0x01cda6afaccbf07c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\MSHTML.dll  Berichtskennung: 314ec44e-12a5-11e2-aea6-f46d04bcc2c8
 
Error - 11.10.2012 02:53:26 | Computer Name = Jens-pc | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 11.10.2012 08:46:40 | Computer Name = Jens-pc | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\1&1
 Surf-Stick\Component\BKATProtocol.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.10.2012 08:47:16 | Computer Name = Jens-pc | Source = VSS | ID = 8194
Description = 
 
Error - 18.10.2012 15:02:38 | Computer Name = Jens-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InsOnSrv.exe, Version: 1.0.0.1, Zeitstempel:
 0x4db7e771  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x6dc  Startzeit der fehlerhaften Anwendung: 0x01cdad61c11a8f76  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Common Files\InstantOn\InsOnSrv.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 61c695fb-1956-11e2-8225-f46d04bcc2c8
 
Error - 01.11.2012 13:06:19 | Computer Name = Jens-pc | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 158    Startzeit: 01cdb84ef9953c40    Endzeit: 63    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 02.11.2012 07:49:37 | Computer Name = Jens-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Tomorrow.exe, Version: 2.5.0.5, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00055f29  ID des fehlerhaften Prozesses:
 0x16f0  Startzeit der fehlerhaften Anwendung: 0x01cdb8efe8fe209b  Pfad der fehlerhaften
 Anwendung: E:\Tomorrow.exe  Pfad des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll
Berichtskennung:
 603fd882-24e3-11e2-aaad-f46d04bcc2c8
 
[ System Events ]
Error - 07.11.2000 02:51:10 | Computer Name = Jens-pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.11.2000 17:07:04 | Computer Name = Jens-pc | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x80070002     Fehlerbeschreibung: Das System kann die 
angegebene Datei nicht finden.      Signaturversion: 1.139.1290.0;1.139.1290.0     Modulversion:
 1.1.8904.0
 
Error - 07.11.2000 17:07:36 | Computer Name = Jens-pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 08.11.2000 09:52:23 | Computer Name = Jens-pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 08.11.2000 09:53:43 | Computer Name = Jens-pc | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.1290.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0     Fehlercode: 0x80072f8f     Fehlerbeschreibung: Es 
ist ein Sicherheitsfehler aufgetreten. 
 
Error - 08.11.2000 10:00:16 | Computer Name = Jens-pc | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.1290.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0     Fehlercode: 0x80072f8f     Fehlerbeschreibung: Es 
ist ein Sicherheitsfehler aufgetreten. 
 
Error - 08.11.2000 10:22:37 | Computer Name = Jens-pc | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x80070002     Fehlerbeschreibung: Das System kann die 
angegebene Datei nicht finden.      Signaturversion: 1.139.795.0;1.139.795.0     Modulversion:
 1.1.8904.0
 
Error - 08.11.2000 10:23:17 | Computer Name = Jens-pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 09.11.2000 08:10:21 | Computer Name = Jens-pc | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 09.11.2000 08:11:36 | Computer Name = Jens-pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >

--- --- ---

mist hier lagt's..
teil 2 nochmal?

sorry für doppel-postings

markusg · 09.11.2012, 19:25

bekomm ich noch otl.txt bitte?

Doktor420 · 09.11.2012, 19:28

sorry,

ja gleich, das netbook hängt und scheinbar ist das log zu groß

Doktor420 · 09.11.2012, 19:38

neuer versuch mit anhang

Doktor420 · 09.11.2012, 19:50

ich habe vorhin irgendwann das Systemdatum von 2000 auf 2012 gestellt.
ich glaub es war vor dem ersten scan, was aber die Eingrenzung nach "30 Tage" oder so, unbrauchbar macht.
sorry,fällt mir eben erst ein.

markusg · 10.11.2012, 00:15

scheint trotzdem zu passen.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Doktor420 · 10.11.2012, 11:46

moin moin,

Zitat:

11:42:32.0463 2256 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:42:34.0507 2256 ============================================================
11:42:34.0507 2256 Current date / time: 2012/11/10 11:42:34.0507
11:42:34.0507 2256 SystemInfo:
11:42:34.0507 2256
11:42:34.0507 2256 OS Version: 6.1.7601 ServicePack: 1.0
11:42:34.0507 2256 Product type: Workstation
11:42:34.0507 2256 ComputerName: JENS-PC
11:42:34.0507 2256 UserName: jensandrea
11:42:34.0507 2256 Windows directory: C:\windows
11:42:34.0507 2256 System windows directory: C:\windows
11:42:34.0507 2256 Processor architecture: Intel x86
11:42:34.0507 2256 Number of processors: 4
11:42:34.0507 2256 Page size: 0x1000
11:42:34.0507 2256 Boot type: Normal boot
11:42:34.0507 2256 ============================================================
11:42:37.0377 2256 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:42:37.0455 2256 ============================================================
11:42:37.0455 2256 \Device\Harddisk0\DR0:
11:42:37.0486 2256 MBR partitions:
11:42:37.0486 2256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
11:42:37.0486 2256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBD000
11:42:37.0486 2256 ============================================================
11:42:37.0533 2256 C: <-> \Device\Harddisk0\DR0\Partition1
11:42:37.0564 2256 D: <-> \Device\Harddisk0\DR0\Partition2
11:42:37.0627 2256 ============================================================
11:42:37.0627 2256 Initialize success
11:42:37.0627 2256 ============================================================
11:43:17.0235 4712 ============================================================
11:43:17.0235 4712 Scan started
11:43:17.0235 4712 Mode: Manual; SigCheck; TDLFS;
11:43:17.0235 4712 ============================================================
11:43:17.0844 4712 ================ Scan system memory ========================
11:43:17.0844 4712 System memory - ok
11:43:17.0844 4712 ================ Scan services =============================
11:43:18.0125 4712 [ D01E0B1CEF9EE82100C2BB07294880EF ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:43:18.0359 4712 1394ohci - ok
11:43:18.0421 4712 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:43:18.0468 4712 ACPI - ok
11:43:18.0499 4712 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:43:18.0608 4712 AcpiPmi - ok
11:43:18.0702 4712 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:43:18.0749 4712 AdobeARMservice - ok
11:43:18.0842 4712 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:43:18.0889 4712 AdobeFlashPlayerUpdateSvc - ok
11:43:18.0951 4712 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
11:43:18.0998 4712 adp94xx - ok
11:43:19.0029 4712 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
11:43:19.0092 4712 adpahci - ok
11:43:19.0139 4712 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
11:43:19.0185 4712 adpu320 - ok
11:43:19.0217 4712 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:43:19.0326 4712 AeLookupSvc - ok
11:43:19.0388 4712 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
11:43:19.0529 4712 AFD - ok
11:43:19.0560 4712 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
11:43:19.0607 4712 agp440 - ok
11:43:19.0653 4712 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
11:43:19.0685 4712 aic78xx - ok
11:43:19.0731 4712 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
11:43:19.0825 4712 ALG - ok
11:43:19.0887 4712 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
11:43:19.0919 4712 aliide - ok
11:43:19.0950 4712 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
11:43:19.0981 4712 amdagp - ok
11:43:19.0997 4712 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
11:43:20.0028 4712 amdide - ok
11:43:20.0075 4712 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
11:43:20.0184 4712 AmdK8 - ok
11:43:20.0215 4712 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
11:43:20.0277 4712 AmdPPM - ok
11:43:20.0309 4712 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
11:43:20.0340 4712 amdsata - ok
11:43:20.0387 4712 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
11:43:20.0433 4712 amdsbs - ok
11:43:20.0465 4712 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:43:20.0496 4712 amdxata - ok
11:43:20.0543 4712 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
11:43:20.0683 4712 AppID - ok
11:43:20.0730 4712 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:43:20.0808 4712 AppIDSvc - ok
11:43:20.0855 4712 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
11:43:20.0933 4712 Appinfo - ok
11:43:20.0979 4712 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
11:43:21.0026 4712 arc - ok
11:43:21.0057 4712 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
11:43:21.0089 4712 arcsas - ok
11:43:21.0151 4712 [ 561D6B76C045311691B870F6B3F19EAB ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
11:43:21.0198 4712 AsUpIO - ok
11:43:21.0260 4712 [ 0CC5D45987A29D5F2806F4C344ACEA75 ] ASUS InstantOn C:\Program Files\Common Files\InstantOn\InsOnSrv.exe
11:43:21.0291 4712 ASUS InstantOn - ok
11:43:21.0323 4712 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
11:43:21.0369 4712 AsusService ( UnsignedFile.Multi.Generic ) - warning
11:43:21.0369 4712 AsusService - detected UnsignedFile.Multi.Generic (1)
11:43:21.0401 4712 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:43:21.0541 4712 AsyncMac - ok
11:43:21.0588 4712 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
11:43:21.0619 4712 atapi - ok
11:43:21.0728 4712 [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr C:\windows\system32\DRIVERS\athr.sys
11:43:21.0931 4712 athr - ok
11:43:21.0993 4712 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:43:22.0071 4712 AudioEndpointBuilder - ok
11:43:22.0087 4712 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
11:43:22.0181 4712 Audiosrv - ok
11:43:22.0243 4712 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
11:43:22.0368 4712 AxInstSV - ok
11:43:22.0415 4712 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
11:43:22.0508 4712 b06bdrv - ok
11:43:22.0555 4712 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
11:43:22.0586 4712 b57nd60x - ok
11:43:22.0742 4712 [ 2BE0F23D494C301641C42EAD2FDCD4F2 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
11:43:22.0929 4712 BCM43XX - ok
11:43:22.0961 4712 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
11:43:23.0070 4712 BDESVC - ok
11:43:23.0117 4712 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
11:43:23.0195 4712 Beep - ok
11:43:23.0257 4712 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
11:43:23.0351 4712 BFE - ok
11:43:23.0413 4712 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
11:43:23.0522 4712 BITS - ok
11:43:23.0538 4712 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:43:23.0600 4712 blbdrive - ok
11:43:23.0663 4712 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:43:23.0756 4712 bowser - ok
11:43:23.0787 4712 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
11:43:23.0881 4712 BrFiltLo - ok
11:43:23.0897 4712 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
11:43:23.0959 4712 BrFiltUp - ok
11:43:24.0021 4712 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
11:43:24.0115 4712 Browser - ok
11:43:24.0146 4712 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:43:24.0271 4712 Brserid - ok
11:43:24.0302 4712 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:43:24.0380 4712 BrSerWdm - ok
11:43:24.0411 4712 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:43:24.0443 4712 BrUsbMdm - ok
11:43:24.0474 4712 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:43:24.0521 4712 BrUsbSer - ok
11:43:24.0583 4712 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
11:43:24.0770 4712 BthEnum - ok
11:43:24.0801 4712 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
11:43:24.0848 4712 BTHMODEM - ok
11:43:24.0864 4712 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
11:43:24.0911 4712 BthPan - ok
11:43:24.0973 4712 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
11:43:25.0051 4712 BTHPORT - ok
11:43:25.0098 4712 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
11:43:25.0191 4712 bthserv - ok
11:43:25.0238 4712 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
11:43:25.0285 4712 BTHUSB - ok
11:43:25.0316 4712 btwampfl - ok
11:43:25.0332 4712 btwaudio - ok
11:43:25.0363 4712 btwavdt - ok
11:43:25.0394 4712 btwl2cap - ok
11:43:25.0410 4712 btwrchid - ok
11:43:25.0441 4712 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:43:25.0535 4712 cdfs - ok
11:43:25.0597 4712 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
11:43:25.0644 4712 cdrom - ok
11:43:25.0706 4712 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
11:43:25.0784 4712 CertPropSvc - ok
11:43:25.0831 4712 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
11:43:25.0878 4712 circlass - ok
11:43:25.0909 4712 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
11:43:25.0956 4712 CLFS - ok
11:43:26.0034 4712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:43:26.0065 4712 clr_optimization_v2.0.50727_32 - ok
11:43:26.0143 4712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:43:26.0174 4712 clr_optimization_v4.0.30319_32 - ok
11:43:26.0190 4712 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:43:26.0268 4712 CmBatt - ok
11:43:26.0299 4712 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
11:43:26.0330 4712 cmdide - ok
11:43:26.0377 4712 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\windows\system32\Drivers\cng.sys
11:43:26.0455 4712 CNG - ok
11:43:26.0502 4712 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
11:43:26.0533 4712 Compbatt - ok
11:43:26.0580 4712 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
11:43:26.0611 4712 CompositeBus - ok
11:43:26.0627 4712 COMSysApp - ok
11:43:26.0673 4712 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
11:43:26.0705 4712 crcdisk - ok
11:43:26.0767 4712 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
11:43:26.0845 4712 CryptSvc - ok
11:43:26.0970 4712 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:43:27.0048 4712 cvhsvc - ok
11:43:27.0110 4712 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
11:43:27.0204 4712 DcomLaunch - ok
11:43:27.0266 4712 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
11:43:27.0344 4712 defragsvc - ok
11:43:27.0407 4712 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:43:27.0485 4712 DfsC - ok
11:43:27.0547 4712 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
11:43:27.0641 4712 Dhcp - ok
11:43:27.0687 4712 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
11:43:27.0765 4712 discache - ok
11:43:27.0828 4712 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
11:43:27.0859 4712 Disk - ok
11:43:27.0906 4712 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:43:27.0968 4712 Dnscache - ok
11:43:28.0015 4712 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
11:43:28.0109 4712 dot3svc - ok
11:43:28.0155 4712 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
11:43:28.0265 4712 DPS - ok
11:43:28.0311 4712 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:43:28.0343 4712 drmkaud - ok
11:43:28.0421 4712 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:43:28.0483 4712 DXGKrnl - ok
11:43:28.0545 4712 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
11:43:28.0623 4712 EapHost - ok
11:43:28.0795 4712 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
11:43:29.0013 4712 ebdrv - ok
11:43:29.0045 4712 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
11:43:29.0154 4712 EFS - ok
11:43:29.0216 4712 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
11:43:29.0279 4712 elxstor - ok
11:43:29.0310 4712 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
11:43:29.0357 4712 ErrDev - ok
11:43:29.0419 4712 [ 7C87DF14552A5E0270DBD906BAFF85FB ] ETD C:\windows\system32\DRIVERS\ETD.sys
11:43:29.0466 4712 ETD - ok
11:43:29.0513 4712 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
11:43:29.0606 4712 EventSystem - ok
11:43:29.0653 4712 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
11:43:29.0731 4712 exfat - ok
11:43:29.0778 4712 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
11:43:29.0856 4712 fastfat - ok
11:43:29.0934 4712 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
11:43:30.0059 4712 Fax - ok
11:43:30.0090 4712 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
11:43:30.0121 4712 fdc - ok
11:43:30.0152 4712 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
11:43:30.0246 4712 fdPHost - ok
11:43:30.0261 4712 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
11:43:30.0355 4712 FDResPub - ok
11:43:30.0371 4712 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:43:30.0402 4712 FileInfo - ok
11:43:30.0433 4712 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:43:30.0511 4712 Filetrace - ok
11:43:30.0558 4712 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
11:43:30.0620 4712 flpydisk - ok
11:43:30.0651 4712 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:43:30.0698 4712 FltMgr - ok
11:43:30.0761 4712 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
11:43:30.0870 4712 FontCache - ok
11:43:30.0932 4712 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:43:30.0963 4712 FontCache3.0.0.0 - ok
11:43:31.0010 4712 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:43:31.0041 4712 FsDepends - ok
11:43:31.0073 4712 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
11:43:31.0104 4712 fssfltr - ok
11:43:31.0213 4712 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:43:31.0322 4712 fsssvc - ok
11:43:31.0369 4712 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:43:31.0400 4712 Fs_Rec - ok
11:43:31.0447 4712 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:43:31.0509 4712 fvevol - ok
11:43:31.0556 4712 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
11:43:31.0603 4712 gagp30kx - ok
11:43:31.0650 4712 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
11:43:31.0743 4712 gpsvc - ok
11:43:31.0868 4712 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:43:31.0915 4712 gupdate - ok
11:43:31.0931 4712 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:43:31.0962 4712 gupdatem - ok
11:43:32.0024 4712 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:43:32.0087 4712 gusvc - ok
11:43:32.0102 4712 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:43:32.0243 4712 hcw85cir - ok
11:43:32.0321 4712 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:43:32.0367 4712 HdAudAddService - ok
11:43:32.0399 4712 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
11:43:32.0445 4712 HDAudBus - ok
11:43:32.0477 4712 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
11:43:32.0508 4712 HidBatt - ok
11:43:32.0523 4712 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
11:43:32.0570 4712 HidBth - ok
11:43:32.0586 4712 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
11:43:32.0617 4712 HidIr - ok
11:43:32.0648 4712 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
11:43:32.0742 4712 hidserv - ok
11:43:32.0804 4712 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:43:32.0851 4712 HidUsb - ok
11:43:32.0882 4712 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
11:43:32.0960 4712 hkmsvc - ok
11:43:33.0007 4712 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:43:33.0101 4712 HomeGroupListener - ok
11:43:33.0163 4712 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:43:33.0194 4712 HomeGroupProvider - ok
11:43:33.0257 4712 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:43:33.0288 4712 HpSAMD - ok
11:43:33.0366 4712 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:43:33.0459 4712 HTTP - ok
11:43:33.0506 4712 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:43:33.0537 4712 hwpolicy - ok
11:43:33.0600 4712 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
11:43:33.0662 4712 i8042prt - ok
11:43:33.0725 4712 [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:43:33.0771 4712 iaStor - ok
11:43:33.0834 4712 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:43:33.0865 4712 iaStorV - ok
11:43:33.0959 4712 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:43:34.0021 4712 idsvc - ok
11:43:34.0224 4712 [ 6A2A8E70C4FF9CD870869B025C6478E3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
11:43:34.0520 4712 igfx - ok
11:43:34.0583 4712 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
11:43:34.0614 4712 iirsp - ok
11:43:34.0692 4712 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
11:43:34.0785 4712 IKEEXT - ok
11:43:34.0957 4712 [ E8B6F7896DB2EE6A7AF7A177A9BBC526 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
11:43:35.0113 4712 IntcAzAudAddService - ok
11:43:35.0160 4712 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
11:43:35.0191 4712 intelide - ok
11:43:35.0253 4712 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:43:35.0300 4712 intelppm - ok
11:43:35.0331 4712 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:43:35.0409 4712 IPBusEnum - ok
11:43:35.0441 4712 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:43:35.0534 4712 IpFilterDriver - ok
11:43:35.0612 4712 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:43:35.0706 4712 iphlpsvc - ok
11:43:35.0737 4712 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:43:35.0784 4712 IPMIDRV - ok
11:43:35.0815 4712 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:43:35.0893 4712 IPNAT - ok
11:43:35.0940 4712 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
11:43:36.0065 4712 IRENUM - ok
11:43:36.0111 4712 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:43:36.0143 4712 isapnp - ok
11:43:36.0174 4712 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:43:36.0221 4712 iScsiPrt - ok
11:43:36.0252 4712 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
11:43:36.0283 4712 kbdclass - ok
11:43:36.0345 4712 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
11:43:36.0392 4712 kbdhid - ok
11:43:36.0439 4712 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
11:43:36.0486 4712 kbfiltr - ok
11:43:36.0501 4712 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
11:43:36.0548 4712 KeyIso - ok
11:43:36.0595 4712 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:43:36.0626 4712 KSecDD - ok
11:43:36.0657 4712 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:43:36.0689 4712 KSecPkg - ok
11:43:36.0735 4712 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
11:43:36.0829 4712 KtmRm - ok
11:43:36.0891 4712 [ C8FA09049E640B0A27E4B4446D958FE5 ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
11:43:36.0907 4712 L1C - ok
11:43:36.0969 4712 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
11:43:37.0063 4712 LanmanServer - ok
11:43:37.0110 4712 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:43:37.0172 4712 LanmanWorkstation - ok
11:43:37.0219 4712 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:43:37.0297 4712 lltdio - ok
11:43:37.0328 4712 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
11:43:37.0422 4712 lltdsvc - ok
11:43:37.0453 4712 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
11:43:37.0515 4712 lmhosts - ok
11:43:37.0578 4712 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
11:43:37.0625 4712 LSI_FC - ok
11:43:37.0656 4712 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
11:43:37.0687 4712 LSI_SAS - ok
11:43:37.0703 4712 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
11:43:37.0749 4712 LSI_SAS2 - ok
11:43:37.0781 4712 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
11:43:37.0812 4712 LSI_SCSI - ok
11:43:37.0874 4712 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
11:43:37.0952 4712 luafv - ok
11:43:37.0999 4712 massfilter - ok
11:43:38.0061 4712 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
11:43:38.0093 4712 MBAMProtector - ok
11:43:38.0139 4712 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:43:38.0186 4712 MBAMScheduler - ok
11:43:38.0249 4712 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:43:38.0311 4712 MBAMService - ok
11:43:38.0342 4712 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
11:43:38.0373 4712 megasas - ok
11:43:38.0420 4712 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
11:43:38.0451 4712 MegaSR - ok
11:43:38.0498 4712 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
11:43:38.0592 4712 MMCSS - ok
11:43:38.0623 4712 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
11:43:38.0685 4712 Modem - ok
11:43:38.0732 4712 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:43:38.0779 4712 monitor - ok
11:43:38.0795 4712 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:43:38.0841 4712 mouclass - ok
11:43:38.0873 4712 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:43:38.0935 4712 mouhid - ok
11:43:38.0966 4712 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:43:38.0997 4712 mountmgr - ok
11:43:39.0075 4712 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
11:43:39.0122 4712 MpFilter - ok
11:43:39.0169 4712 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
11:43:39.0200 4712 mpio - ok
11:43:39.0341 4712 [ A69630D039C38018689190234F866D77 ] MpKsl226983ee c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE30210E-F7B9-4500-AD8C-71B6514D6F17}\MpKsl226983ee.sys
11:43:39.0387 4712 MpKsl226983ee - ok
11:43:39.0403 4712 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:43:39.0481 4712 mpsdrv - ok
11:43:39.0528 4712 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
11:43:39.0621 4712 MpsSvc - ok
11:43:39.0668 4712 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:43:39.0731 4712 MRxDAV - ok
11:43:39.0793 4712 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:43:39.0918 4712 mrxsmb - ok
11:43:39.0965 4712 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:43:40.0011 4712 mrxsmb10 - ok
11:43:40.0058 4712 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:43:40.0121 4712 mrxsmb20 - ok
11:43:40.0167 4712 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
11:43:40.0199 4712 msahci - ok
11:43:40.0214 4712 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:43:40.0277 4712 msdsm - ok
11:43:40.0292 4712 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
11:43:40.0339 4712 MSDTC - ok
11:43:40.0386 4712 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
11:43:40.0479 4712 Msfs - ok
11:43:40.0511 4712 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:43:40.0573 4712 mshidkmdf - ok
11:43:40.0589 4712 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:43:40.0620 4712 msisadrv - ok
11:43:40.0698 4712 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:43:40.0776 4712 MSiSCSI - ok
11:43:40.0791 4712 msiserver - ok
11:43:40.0838 4712 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:43:40.0932 4712 MSKSSRV - ok
11:43:41.0057 4712 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:43:41.0088 4712 MsMpSvc - ok
11:43:41.0135 4712 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:43:41.0213 4712 MSPCLOCK - ok
11:43:41.0228 4712 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:43:41.0306 4712 MSPQM - ok
11:43:41.0337 4712 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:43:41.0384 4712 MsRPC - ok
11:43:41.0431 4712 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
11:43:41.0462 4712 mssmbios - ok
11:43:41.0509 4712 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:43:41.0587 4712 MSTEE - ok
11:43:41.0603 4712 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
11:43:41.0649 4712 MTConfig - ok
11:43:41.0665 4712 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
11:43:41.0696 4712 Mup - ok
11:43:41.0759 4712 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
11:43:41.0868 4712 napagent - ok
11:43:41.0915 4712 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:43:41.0993 4712 NativeWifiP - ok
11:43:42.0055 4712 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
11:43:42.0117 4712 NDIS - ok
11:43:42.0164 4712 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:43:42.0258 4712 NdisCap - ok
11:43:42.0289 4712 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:43:42.0351 4712 NdisTapi - ok
11:43:42.0414 4712 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:43:42.0507 4712 Ndisuio - ok
11:43:42.0554 4712 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:43:42.0617 4712 NdisWan - ok
11:43:42.0663 4712 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:43:42.0757 4712 NDProxy - ok
11:43:42.0819 4712 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
11:43:42.0835 4712 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:43:42.0835 4712 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:43:42.0866 4712 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:43:42.0960 4712 NetBIOS - ok
11:43:43.0007 4712 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:43:43.0085 4712 NetBT - ok
11:43:43.0116 4712 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
11:43:43.0163 4712 Netlogon - ok
11:43:43.0209 4712 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
11:43:43.0319 4712 Netman - ok
11:43:43.0350 4712 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
11:43:43.0443 4712 netprofm - ok
11:43:43.0475 4712 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:43:43.0506 4712 NetTcpPortSharing - ok
11:43:43.0553 4712 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
11:43:43.0584 4712 nfrd960 - ok
11:43:43.0662 4712 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
11:43:43.0693 4712 NisDrv - ok
11:43:43.0740 4712 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
11:43:43.0787 4712 NisSrv - ok
11:43:43.0849 4712 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\windows\System32\nlasvc.dll
11:43:43.0943 4712 NlaSvc - ok
11:43:43.0974 4712 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
11:43:44.0083 4712 Npfs - ok
11:43:44.0114 4712 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
11:43:44.0177 4712 nsi - ok
11:43:44.0192 4712 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:43:44.0270 4712 nsiproxy - ok
11:43:44.0348 4712 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:43:44.0442 4712 Ntfs - ok
11:43:44.0473 4712 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
11:43:44.0551 4712 Null - ok
11:43:44.0613 4712 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
11:43:44.0645 4712 nvraid - ok
11:43:44.0691 4712 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
11:43:44.0723 4712 nvstor - ok
11:43:44.0769 4712 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:43:44.0801 4712 nv_agp - ok
11:43:44.0847 4712 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:43:44.0894 4712 ohci1394 - ok
11:43:44.0957 4712 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:43:44.0988 4712 ose - ok
11:43:45.0144 4712 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:43:45.0487 4712 osppsvc - ok
11:43:45.0534 4712 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:43:45.0659 4712 p2pimsvc - ok
11:43:45.0721 4712 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
11:43:45.0768 4712 p2psvc - ok
11:43:45.0815 4712 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
11:43:45.0861 4712 Parport - ok
11:43:45.0908 4712 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
11:43:45.0939 4712 partmgr - ok
11:43:46.0002 4712 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
11:43:46.0064 4712 Parvdm - ok
11:43:46.0111 4712 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
11:43:46.0173 4712 PcaSvc - ok
11:43:46.0220 4712 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
11:43:46.0267 4712 pci - ok
11:43:46.0283 4712 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
11:43:46.0314 4712 pciide - ok
11:43:46.0361 4712 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
11:43:46.0392 4712 pcmcia - ok
11:43:46.0423 4712 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
11:43:46.0454 4712 pcw - ok
11:43:46.0517 4712 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:43:46.0626 4712 PEAUTH - ok
11:43:46.0735 4712 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
11:43:46.0875 4712 pla - ok
11:43:46.0922 4712 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:43:47.0031 4712 PlugPlay - ok
11:43:47.0078 4712 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
11:43:47.0094 4712 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:43:47.0094 4712 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:43:47.0125 4712 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:43:47.0187 4712 PNRPAutoReg - ok
11:43:47.0203 4712 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:43:47.0250 4712 PNRPsvc - ok
11:43:47.0312 4712 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:43:47.0406 4712 PolicyAgent - ok
11:43:47.0453 4712 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
11:43:47.0546 4712 Power - ok
11:43:47.0593 4712 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:43:47.0671 4712 PptpMiniport - ok
11:43:47.0702 4712 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
11:43:47.0733 4712 Processor - ok
11:43:47.0780 4712 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
11:43:47.0858 4712 ProfSvc - ok
11:43:47.0889 4712 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
11:43:47.0936 4712 ProtectedStorage - ok
11:43:47.0967 4712 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:43:48.0061 4712 Psched - ok
11:43:48.0139 4712 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
11:43:48.0233 4712 ql2300 - ok
11:43:48.0264 4712 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
11:43:48.0311 4712 ql40xx - ok
11:43:48.0342 4712 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
11:43:48.0404 4712 QWAVE - ok
11:43:48.0435 4712 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:43:48.0482 4712 QWAVEdrv - ok
11:43:48.0529 4712 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
11:43:48.0560 4712 RapiMgr - ok
11:43:48.0576 4712 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:43:48.0669 4712 RasAcd - ok
11:43:48.0716 4712 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:43:48.0779 4712 RasAgileVpn - ok
11:43:48.0825 4712 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
11:43:48.0919 4712 RasAuto - ok
11:43:48.0950 4712 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:43:49.0044 4712 Rasl2tp - ok
11:43:49.0122 4712 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
11:43:49.0215 4712 RasMan - ok
11:43:49.0262 4712 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:43:49.0340 4712 RasPppoe - ok
11:43:49.0371 4712 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:43:49.0434 4712 RasSstp - ok
11:43:49.0496 4712 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:43:49.0574 4712 rdbss - ok
11:43:49.0590 4712 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
11:43:49.0637 4712 rdpbus - ok
11:43:49.0668 4712 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:43:49.0746 4712 RDPCDD - ok
11:43:49.0777 4712 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:43:49.0855 4712 RDPENCDD - ok
11:43:49.0902 4712 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:43:49.0980 4712 RDPREFMP - ok
11:43:50.0042 4712 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
11:43:50.0120 4712 RdpVideoMiniport - ok
11:43:50.0167 4712 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:43:50.0245 4712 RDPWD - ok
11:43:50.0307 4712 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:43:50.0339 4712 rdyboost - ok
11:43:50.0385 4712 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
11:43:50.0448 4712 RemoteAccess - ok
11:43:50.0495 4712 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:43:50.0588 4712 RemoteRegistry - ok
11:43:50.0635 4712 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
11:43:50.0697 4712 RFCOMM - ok
11:43:50.0744 4712 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:43:50.0822 4712 RpcEptMapper - ok
11:43:50.0853 4712 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
11:43:50.0916 4712 RpcLocator - ok
11:43:50.0947 4712 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
11:43:51.0025 4712 RpcSs - ok
11:43:51.0087 4712 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:43:51.0150 4712 rspndr - ok
11:43:51.0181 4712 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
11:43:51.0212 4712 SamSs - ok
11:43:51.0243 4712 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:43:51.0290 4712 sbp2port - ok
11:43:51.0321 4712 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
11:43:51.0415 4712 SCardSvr - ok
11:43:51.0462 4712 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:43:51.0540 4712 scfilter - ok
11:43:51.0602 4712 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
11:43:51.0711 4712 Schedule - ok
11:43:51.0743 4712 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
11:43:51.0805 4712 SCPolicySvc - ok
11:43:51.0852 4712 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:43:51.0992 4712 SDRSVC - ok
11:43:52.0023 4712 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:43:52.0117 4712 secdrv - ok
11:43:52.0164 4712 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
11:43:52.0257 4712 seclogon - ok
11:43:52.0304 4712 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
11:43:52.0398 4712 SENS - ok
11:43:52.0445 4712 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
11:43:52.0491 4712 Serenum - ok
11:43:52.0523 4712 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
11:43:52.0585 4712 Serial - ok
11:43:52.0663 4712 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
11:43:52.0710 4712 sermouse - ok
11:43:52.0788 4712 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
11:43:52.0866 4712 SessionEnv - ok
11:43:52.0897 4712 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:43:52.0991 4712 sffdisk - ok
11:43:53.0006 4712 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:43:53.0053 4712 sffp_mmc - ok
11:43:53.0084 4712 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:43:53.0131 4712 sffp_sd - ok
11:43:53.0162 4712 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
11:43:53.0209 4712 sfloppy - ok
11:43:53.0256 4712 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
11:43:53.0318 4712 Sftfs - ok
11:43:53.0381 4712 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
11:43:53.0427 4712 sftlist - ok
11:43:53.0490 4712 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
11:43:53.0537 4712 Sftplay - ok
11:43:53.0552 4712 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
11:43:53.0583 4712 Sftredir - ok
11:43:53.0599 4712 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
11:43:53.0630 4712 Sftvol - ok
11:43:53.0661 4712 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
11:43:53.0708 4712 sftvsa - ok
11:43:53.0755 4712 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
11:43:53.0833 4712 SharedAccess - ok
11:43:53.0864 4712 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:43:53.0942 4712 ShellHWDetection - ok
11:43:54.0005 4712 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
11:43:54.0036 4712 sisagp - ok
11:43:54.0067 4712 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
11:43:54.0114 4712 SiSRaid2 - ok
11:43:54.0129 4712 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
11:43:54.0161 4712 SiSRaid4 - ok
11:43:54.0192 4712 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
11:43:54.0270 4712 Smb - ok
11:43:54.0332 4712 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:43:54.0395 4712 SNMPTRAP - ok
11:43:54.0441 4712 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
11:43:54.0473 4712 spldr - ok
11:43:54.0535 4712 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
11:43:54.0629 4712 Spooler - ok
11:43:54.0769 4712 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
11:43:54.0956 4712 sppsvc - ok
11:43:55.0003 4712 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:43:55.0097 4712 sppuinotify - ok
11:43:55.0143 4712 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
11:43:55.0237 4712 srv - ok
11:43:55.0299 4712 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:43:55.0346 4712 srv2 - ok
11:43:55.0362 4712 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:43:55.0393 4712 srvnet - ok
11:43:55.0424 4712 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:43:55.0518 4712 SSDPSRV - ok
11:43:55.0565 4712 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
11:43:55.0643 4712 SstpSvc - ok
11:43:55.0689 4712 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
11:43:55.0721 4712 stexstor - ok
11:43:55.0783 4712 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
11:43:55.0845 4712 StiSvc - ok
11:43:55.0892 4712 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
11:43:55.0923 4712 swenum - ok
11:43:55.0970 4712 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
11:43:56.0079 4712 swprv - ok
11:43:56.0173 4712 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
11:43:56.0251 4712 SysMain - ok
11:43:56.0407 4712 [ 968E23EC4E0AF2F107E73C733B0D7A8E ] SystemExplorerHelpService C:\Program Files\System Explorer\service\SystemExplorerService.exe
11:43:56.0469 4712 SystemExplorerHelpService - ok
11:43:56.0516 4712 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
11:43:56.0579 4712 TabletInputService - ok
11:43:56.0625 4712 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
11:43:56.0703 4712 TapiSrv - ok
11:43:56.0735 4712 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
11:43:56.0813 4712 TBS - ok
11:43:56.0922 4712 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:43:57.0015 4712 Tcpip - ok
11:43:57.0093 4712 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:43:57.0171 4712 TCPIP6 - ok
11:43:57.0218 4712 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:43:57.0312 4712 tcpipreg - ok
11:43:57.0359 4712 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:43:57.0421 4712 TDPIPE - ok
11:43:57.0468 4712 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:43:57.0515 4712 TDTCP - ok
11:43:57.0561 4712 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:43:57.0624 4712 tdx - ok
11:43:57.0671 4712 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
11:43:57.0702 4712 TermDD - ok
11:43:57.0749 4712 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
11:43:57.0842 4712 TermService - ok
11:43:57.0873 4712 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
11:43:57.0936 4712 Themes - ok
11:43:57.0967 4712 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
11:43:58.0029 4712 THREADORDER - ok
11:43:58.0061 4712 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
11:43:58.0139 4712 TrkWks - ok
11:43:58.0201 4712 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:43:58.0279 4712 TrustedInstaller - ok
11:43:58.0310 4712 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:43:58.0388 4712 tssecsrv - ok
11:43:58.0435 4712 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:43:58.0466 4712 TsUsbFlt - ok
11:43:58.0529 4712 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:43:58.0591 4712 tunnel - ok
11:43:58.0622 4712 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
11:43:58.0669 4712 uagp35 - ok
11:43:58.0685 4712 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:43:58.0778 4712 udfs - ok
11:43:58.0841 4712 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:43:58.0903 4712 UI0Detect - ok
11:43:58.0919 4712 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:43:58.0965 4712 uliagpkx - ok
11:43:59.0012 4712 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:43:59.0043 4712 umbus - ok
11:43:59.0075 4712 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
11:43:59.0121 4712 UmPass - ok
11:43:59.0153 4712 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
11:43:59.0246 4712 upnphost - ok
11:43:59.0293 4712 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:43:59.0371 4712 usbccgp - ok
11:43:59.0402 4712 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:43:59.0449 4712 usbcir - ok
11:43:59.0480 4712 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
11:43:59.0527 4712 usbehci - ok
11:43:59.0574 4712 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:43:59.0636 4712 usbhub - ok
11:43:59.0683 4712 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\drivers\usbohci.sys
11:43:59.0761 4712 usbohci - ok
11:43:59.0792 4712 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:43:59.0855 4712 usbprint - ok
11:43:59.0901 4712 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
11:43:59.0964 4712 usbscan - ok
11:44:00.0011 4712 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:44:00.0089 4712 USBSTOR - ok
11:44:00.0135 4712 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
11:44:00.0182 4712 usbuhci - ok
11:44:00.0245 4712 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
11:44:00.0307 4712 usbvideo - ok
11:44:00.0354 4712 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
11:44:00.0416 4712 usb_rndisx - ok
11:44:00.0463 4712 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
11:44:00.0541 4712 UxSms - ok
11:44:00.0557 4712 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
11:44:00.0588 4712 VaultSvc - ok
11:44:00.0650 4712 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:44:00.0681 4712 vdrvroot - ok
11:44:00.0744 4712 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
11:44:00.0837 4712 vds - ok
11:44:00.0915 4712 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:44:00.0947 4712 vga - ok
11:44:00.0978 4712 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
11:44:01.0040 4712 VgaSave - ok
11:44:01.0087 4712 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:44:01.0134 4712 vhdmp - ok
11:44:01.0181 4712 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
11:44:01.0212 4712 viaagp - ok
11:44:01.0243 4712 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
11:44:01.0290 4712 ViaC7 - ok
11:44:01.0321 4712 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
11:44:01.0352 4712 viaide - ok
11:44:01.0415 4712 [ C37CE43FB54066FFB540729C6E6E194E ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
11:44:01.0446 4712 VideAceWindowsService - ok
11:44:01.0493 4712 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:44:01.0524 4712 volmgr - ok
11:44:01.0571 4712 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:44:01.0617 4712 volmgrx - ok
11:44:01.0649 4712 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
11:44:01.0680 4712 volsnap - ok
11:44:01.0742 4712 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
11:44:01.0773 4712 vsmraid - ok
11:44:01.0836 4712 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
11:44:01.0945 4712 VSS - ok
11:44:01.0992 4712 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:44:02.0039 4712 vwifibus - ok
11:44:02.0070 4712 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:44:02.0132 4712 vwififlt - ok
11:44:02.0163 4712 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:44:02.0210 4712 vwifimp - ok
11:44:02.0241 4712 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
11:44:02.0351 4712 W32Time - ok
11:44:02.0397 4712 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
11:44:02.0429 4712 WacomPen - ok
11:44:02.0460 4712 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:44:02.0538 4712 WANARP - ok
11:44:02.0538 4712 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:44:02.0616 4712 Wanarpv6 - ok
11:44:02.0694 4712 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
11:44:02.0850 4712 wbengine - ok
11:44:02.0897 4712 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:44:02.0943 4712 WbioSrvc - ok
11:44:03.0021 4712 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
11:44:03.0068 4712 WcesComm - ok
11:44:03.0131 4712 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
11:44:03.0209 4712 wcncsvc - ok
11:44:03.0255 4712 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:44:03.0365 4712 WcsPlugInService - ok
11:44:03.0396 4712 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
11:44:03.0427 4712 Wd - ok
11:44:03.0458 4712 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:44:03.0505 4712 Wdf01000 - ok
11:44:03.0552 4712 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
11:44:03.0661 4712 WdiServiceHost - ok
11:44:03.0677 4712 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
11:44:03.0739 4712 WdiSystemHost - ok
11:44:03.0770 4712 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
11:44:03.0833 4712 WebClient - ok
11:44:03.0864 4712 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
11:44:03.0957 4712 Wecsvc - ok
11:44:03.0989 4712 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
11:44:04.0082 4712 wercplsupport - ok
11:44:04.0129 4712 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
11:44:04.0223 4712 WerSvc - ok
11:44:04.0269 4712 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:44:04.0332 4712 WfpLwf - ok
11:44:04.0363 4712 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:44:04.0394 4712 WIMMount - ok
11:44:04.0472 4712 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:44:04.0535 4712 WinDefend - ok
11:44:04.0550 4712 WinHttpAutoProxySvc - ok
11:44:04.0613 4712 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:44:04.0675 4712 Winmgmt - ok
11:44:04.0769 4712 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
11:44:04.0878 4712 WinRM - ok
11:44:04.0971 4712 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
11:44:05.0003 4712 WinUsb - ok
11:44:05.0049 4712 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
11:44:05.0143 4712 Wlansvc - ok
11:44:05.0221 4712 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:44:05.0252 4712 wlcrasvc - ok
11:44:05.0346 4712 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:44:05.0439 4712 wlidsvc - ok
11:44:05.0502 4712 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
11:44:05.0549 4712 WmiAcpi - ok
11:44:05.0595 4712 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:44:05.0627 4712 wmiApSrv - ok
11:44:05.0736 4712 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:44:05.0876 4712 WMPNetworkSvc - ok
11:44:05.0907 4712 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
11:44:06.0032 4712 WPCSvc - ok
11:44:06.0063 4712 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:44:06.0157 4712 WPDBusEnum - ok
11:44:06.0188 4712 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:44:06.0251 4712 ws2ifsl - ok
11:44:06.0297 4712 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
11:44:06.0360 4712 wscsvc - ok
11:44:06.0375 4712 WSearch - ok
11:44:06.0422 4712 [ BAEDC491374DEFD5E76336901D6D397D ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
11:44:06.0453 4712 wsvd - ok
11:44:06.0547 4712 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
11:44:06.0672 4712 wuauserv - ok
11:44:06.0687 4712 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:44:06.0750 4712 WudfPf - ok
11:44:06.0812 4712 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:44:06.0906 4712 WUDFRd - ok
11:44:06.0953 4712 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:44:07.0046 4712 wudfsvc - ok
11:44:07.0077 4712 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
11:44:07.0140 4712 WwanSvc - ok
11:44:07.0187 4712 ZTEusbmdm6k - ok
11:44:07.0202 4712 ZTEusbnmea - ok
11:44:07.0218 4712 ZTEusbser6k - ok
11:44:07.0249 4712 ================ Scan global ===============================
11:44:07.0296 4712 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
11:44:07.0327 4712 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
11:44:07.0343 4712 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
11:44:07.0389 4712 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
11:44:07.0405 4712 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
11:44:07.0421 4712 [Global] - ok
11:44:07.0421 4712 ================ Scan MBR ==================================
11:44:07.0436 4712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:44:08.0076 4712 \Device\Harddisk0\DR0 - ok
11:44:08.0076 4712 ================ Scan VBR ==================================
11:44:08.0076 4712 [ 9CDB9DE2ABB40D850ECCFBAFB04FA8D3 ] \Device\Harddisk0\DR0\Partition1
11:44:08.0091 4712 \Device\Harddisk0\DR0\Partition1 - ok
11:44:08.0123 4712 [ 57A49E272B8522265850A5AF64925792 ] \Device\Harddisk0\DR0\Partition2
11:44:08.0138 4712 \Device\Harddisk0\DR0\Partition2 - ok
11:44:08.0138 4712 ============================================================
11:44:08.0138 4712 Scan finished
11:44:08.0138 4712 ============================================================
11:44:08.0185 1016 Detected object count: 3
11:44:08.0185 1016 Actual detected object count: 3
11:44:31.0913 1016 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:31.0913 1016 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:31.0928 1016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:31.0928 1016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:31.0928 1016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:31.0928 1016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 10.11.2012, 15:20

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Doktor420 · 10.11.2012, 16:28

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-11-09.02 - jensandrea 10.11.2012  16:01:49.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.231 [GMT 1:00]
ausgeführt von:: c:\users\jensandrea\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-10 bis 2012-11-10  ))))))))))))))))))))))))))))))
.
.
2012-11-10 15:18 . 2012-10-12 05:56	6918632	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A75AE47D-77D3-471F-89DF-4B69CCFF3416}\mpengine.dll
2012-11-10 15:18 . 2012-11-10 15:19	--------	d-----w-	c:\users\jensandrea\AppData\Local\temp
2012-11-10 15:18 . 2012-11-10 15:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-09 19:08 . 2012-11-10 14:30	--------	d-----w-	c:\users\jensandrea\AppData\Local\GHISLER
2012-11-09 19:02 . 2012-08-03 07:01	545	----a-w-	c:\windows\UC.PIF
2012-11-09 19:02 . 2012-08-03 07:01	545	----a-w-	c:\windows\RAR.PIF
2012-11-09 19:02 . 2012-08-03 07:01	545	----a-w-	c:\windows\PKZIP.PIF
2012-11-09 19:02 . 2012-08-03 07:01	545	----a-w-	c:\windows\PKUNZIP.PIF
2012-11-09 19:02 . 2012-08-03 07:01	545	----a-w-	c:\windows\LHA.PIF
2012-11-09 19:02 . 2012-08-03 07:01	545	----a-w-	c:\windows\ARJ.PIF
2012-11-09 19:02 . 2012-11-09 19:03	--------	d-----w-	c:\users\jensandrea\AppData\Roaming\GHISLER
2012-11-09 19:02 . 2012-11-09 19:02	--------	dc----w-	c:\program files\totalcmd
2012-11-09 17:54 . 2012-11-09 23:34	--------	d-----w-	c:\programdata\SystemExplorer
2012-11-09 17:54 . 2012-11-09 17:54	--------	dc----w-	c:\program files\System Explorer
2012-11-09 16:16 . 2012-08-24 16:57	247808	----a-w-	c:\windows\system32\schannel.dll
2012-11-09 16:16 . 2012-08-24 17:05	136560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-09 16:16 . 2012-08-24 17:02	369856	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-09 16:16 . 2012-08-24 16:57	220160	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-09 16:16 . 2012-08-24 16:56	1039360	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-09 16:15 . 2012-05-04 09:59	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-11-02 10:52 . 2012-11-02 10:52	--------	dc----w-	c:\program files\Ubisoft
2012-10-20 08:57 . 2012-09-28 10:20	740784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D755D0F1-6FE2-4012-B440-C2CD55685E4E}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 05:56 . 2000-11-08 14:22	6918632	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-09 11:51 . 2012-09-30 08:56	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:51 . 2011-08-20 10:13	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2000-11-09 11:33	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-28 10:20 . 2011-10-11 18:27	740784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-14 18:28 . 2012-10-10 19:06	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 19:04	1211760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03	193552	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25	99272	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 17:12 . 2012-10-10 19:04	3914096	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 19:04	3968880	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-10 19:06	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-26 20:41	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-26 20:42	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-26 20:41	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-26 20:42	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-26 20:42	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-26 20:42	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-23 15:51 . 2012-11-09 16:18	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2012-08-22 17:16 . 2012-09-13 14:15	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-13 14:15	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-13 14:15	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-13 14:15	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 14:29	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40 . 2012-10-10 19:06	169984	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 19:06	293376	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 19:06	271360	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 19:06	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:06	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:06	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:06	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 19:06	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-03-28 20:28 . 2012-03-28 20:28	3993600	-c--a-w-	c:\program files\GUT342C.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFile.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
2011-05-09 09:49	176936	-c--a-w-	c:\program files\FileConverter_1.3\prxtbFile.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-08-02 10:13	248936	-c--a-w-	c:\program files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll" [2012-08-02 274536]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFile.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-07 39408]
"Facebook Update"="c:\users\jensandrea\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-10 138096]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2012-10-15 2752472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HotkeyMon"="AsusSender.exe" [2010-11-22 34728]
"HotkeyService"="AsusSender.exe" [2010-11-22 34728]
"SuperHybridEngine"="AsusSender.exe" [2010-11-22 34728]
"LiveUpdate"="AsusSender.exe" [2010-11-22 34728]
"CapsHook"="AsusSender.exe" [2010-11-22 34728]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-01-13 191304]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-02-10 2018032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-12 273528]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\Asus\AsusVibe\AsusVibeLauncher.exe [2012-2-13 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\Common Files\InstantOn\InsOnSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 11:51]
.
2012-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4221273847-916833978-1422230252-1000Core.job
- c:\users\jensandrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-10 18:54]
.
2012-11-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4221273847-916833978-1422230252-1000UA.job
- c:\users\jensandrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-10 18:54]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 13:51]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 13:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593} - c:\program files\Asus\Game Park\Chicken Invaders 2\Uninstall.exe
AddRemove-{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1 - c:\program files\Asus\Game Park\GameConsole\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:05,45,a1,ee,a0,47,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,73,0f,a5,e6,af,d8,47,88,60,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,73,0f,a5,e6,af,d8,47,88,60,ff,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-10  16:24:26
ComboFix-quarantined-files.txt  2012-11-10 15:24
.
Vor Suchlauf: 9 Verzeichnis(se), 74.352.455.680 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 75.361.652.736 Bytes frei
.
- - End Of File - - AC8C124D0DE843EAE13243CA2ECA5C6A

--- --- ---

danke schonmal zwischendurch

markusg · 10.11.2012, 20:52

läuft der defender wieder?

Doktor420 · 10.11.2012, 21:16

könnte sein, daß ich ihn etwas zu früh wieder aktiviert hab - combofix erstellte gerade das log - ich dach es sei fertig soweit

markusg · 10.11.2012, 21:18

nein, du sagtest doch am anfang, das er nicht mehr funktioniert.
ich möchte nur wissen, ob sich das erledigt hatte :-)

Doktor420 · 10.11.2012, 21:24

ja, der geht wieder

09.11.2012, 19:25	#4
markusg /// Malware-holic	vermutlich verschickt dieses eee Trojaner emails bekomm ich noch otl.txt bitte? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

10.11.2012, 20:52	#12
markusg /// Malware-holic	vermutlich verschickt dieses eee Trojaner emails läuft der defender wieder? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

vermutlich verschickt dieses eee Trojaner emails

Plagegeister aller Art und deren Bekämpfung: vermutlich verschickt dieses eee Trojaner emails