TrojanDownloader:Win32/Adload.DA !?

tiniii · 26.11.2012, 20:54

Hi Leute

erstmal, ich bin ganz neu angemeldet und grüsse mal alle unter euch!

nun zu meinem problem, nachdem ich gegooglet habe und einige einträge mit dem selben problem gefunden habe, wollte ich euch fragen was ich tun soll.
ich bekomme von meinem wartungscenter die meldung:
'Windows hat TrojanDownloader:Win32/Adload.DA, einen bekannten Computervirus, auf dem Computer gefunden.

Folgen Sie den Anweisungen, um den Virus vom Computer zu entfernen:

Besuchen Sie folgende Website:
Microsoft Safety Scanner'

ich benutze kaspersky anti virus 2013 und habe bereits einen kompletten check gemacht der nichts ergeben hat.
könnt ihr mir helfen wie ich diesen virus (oder was auch immer es ist, tut mir leid aber ich kenne mich absolut nicht aus.. surfen, music laden ist so ziemlich alles was ich kann ...

) entfernen kann, oder soll ich mir bereits gelöste threads genau durchlesen und die schritte dort befolgen?

hoffe ihr könnt mir ein wenig helfen

Liebe Grüsse
tiniii

cosinus · 27.11.2012, 12:39

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

tiniii · 27.11.2012, 20:37

Hi Cosinus!

erstmal vielen dank für deine sehr schnelle und sehr ausführliche antwort! *freu*

ich denke dass ich alles verstanden habe und hoffe dass ich alles richtig gemacht habe (falls nicht bitte nicht schimpfen, ich bin wie gesagt echt unwissend wenn es um pcs geht...

)

ich habe den quickscan gemacht und hier ist mein ergebnis:

Code:

ATTFilter

OTL logfile created on: 11/27/2012 8:03:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tini\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.31% Memory free
5.99 Gb Paging File | 4.65 Gb Available in Paging File | 77.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900.41 Gb Total Space | 779.23 Gb Free Space | 86.54% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.23 Gb Free Space | 34.11% Space Free | Partition Type: NTFS
 
Computer Name: TINI-PC | User Name: Tini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/11/27 19:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe
PRC - [2012/11/20 14:34:29 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/27 00:14:50 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 16:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/08 18:15:06 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/19 15:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/12/29 18:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009/12/10 02:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/02 02:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2009/07/02 02:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/02 02:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/20 14:34:29 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/10/27 00:14:50 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/07/02 02:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/11/20 14:34:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/15 17:08:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/10/27 00:14:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/11/28 22:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/04 00:03:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/10 02:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/02 02:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2012/11/15 17:12:22 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/11/15 17:12:22 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/10/10 17:11:52 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/10/10 17:11:52 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/08/13 15:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012/08/02 14:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/06/19 16:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/06/22 03:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/03/02 12:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/01/07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/12/31 02:35:54 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/07/22 11:43:31] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerCinema Movie\000.fcl -- ({60DB6561-0A84-4c94-AF33-288405CFD56D})
DRV - [2009/12/22 13:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009/12/03 11:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/29 19:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009/10/29 19:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009/10/13 13:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/05/13 20:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 20:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data]
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.medion.com/ [binary data]
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=2912_4&babsrc=SP_ss&mntrId=1e6b7ca50000000000001c4bd6028871
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{475187CA-0775-4017-AB51-E948BBA1661F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{724E5287-594D-4019-8370-B60D14AD497B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={0018DD92-4C37-4D38-B171-21D1D6271CA5}&mid=53cf9f094ea447d18e7fcd0290e66182-7cf4ac3cc0065b6430f371aa1aafeffa28bf2d51&lang=de&ds=st011&pr=sa&d=2012-02-16 13:59:23&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{CBB82912-64F8-4C6E-A618-3762C439712D}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\SearchScopes\{EA68F8AA-9B47-4A4E-9BCC-0939262B3DCC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Tini\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tini\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/09 20:32:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/10/09 20:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/10/09 20:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/10/09 20:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 00:14:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 00:14:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 00:14:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 00:14:48 | 000,000,000 | ---D | M]
 
[2011/09/02 22:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Extensions
[2012/10/23 21:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\ecfa2ova.default\extensions
[2012/09/02 18:47:42 | 000,000,927 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\mozilla\firefox\profiles\ecfa2ova.default\searchplugins\conduit.xml
[2012/03/22 01:00:49 | 000,002,060 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\mozilla\firefox\profiles\ecfa2ova.default\searchplugins\softonic.xml
[2012/10/27 00:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/10/27 00:14:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/20 13:01:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/09 13:44:18 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/20 12:58:41 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/31 19:59:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/20 13:01:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/20 13:01:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/20 13:01:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/20 13:01:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3648990694-1417340204-238680334-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18FB4348-A233-4652-9588-6B0492EB5C9F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA6FBA5-A79C-4CC1-9878-85963AFB2B96}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/27 19:58:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe
[2012/11/11 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Mozilla-Cache
[2012/11/11 15:04:32 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Party
[2012/11/11 15:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2012/11/11 15:03:44 | 000,000,000 | ---D | C] -- C:\Programs
[2012/11/08 17:27:09 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/11/08 17:26:29 | 000,000,000 | ---D | C] -- C:\Poker
[20 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/27 20:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/11/27 19:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe
[2012/11/27 19:56:30 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 19:56:30 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 19:49:29 | 000,001,958 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
[2012/11/27 19:48:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/27 19:48:10 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/26 21:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/24 16:48:54 | 000,654,436 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/24 16:48:54 | 000,616,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/24 16:48:54 | 000,130,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/24 16:48:54 | 000,106,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/18 18:58:09 | 000,023,587 | ---- | M] () -- C:\Users\Tini\Desktop\concept-bmx-bicycle-2.jpg
[2012/11/16 17:38:26 | 000,093,775 | ---- | M] () -- C:\Users\Tini\Desktop\Hisoka_by_vilsen.jpg
[2012/11/16 08:41:50 | 000,289,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/15 17:12:22 | 000,589,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/11/15 17:12:22 | 000,043,608 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kltdi.sys
[2012/11/11 15:04:00 | 000,001,699 | ---- | M] () -- C:\Users\Tini\Desktop\PartyPoker.lnk
[20 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/11/18 18:58:05 | 000,023,587 | ---- | C] () -- C:\Users\Tini\Desktop\concept-bmx-bicycle-2.jpg
[2012/11/16 17:38:22 | 000,093,775 | ---- | C] () -- C:\Users\Tini\Desktop\Hisoka_by_vilsen.jpg
[2012/11/15 23:31:12 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 23:30:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 15:04:00 | 000,001,699 | ---- | C] () -- C:\Users\Tini\Desktop\PartyPoker.lnk
[2012/07/04 09:37:23 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/03/24 11:27:57 | 000,000,017 | ---- | C] () -- C:\Users\Tini\AppData\Local\resmon.resmoncfg
[2012/02/17 18:06:12 | 000,000,624 | ---- | C] () -- C:\Windows\eReg.dat
[2012/02/15 21:30:29 | 000,347,472 | ---- | C] () -- C:\Users\Tini\AppData\Local\MB.SAV
[2012/01/19 18:44:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/10/12 18:40:30 | 000,005,632 | ---- | C] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/02 22:55:09 | 000,017,408 | ---- | C] () -- C:\Users\Tini\AppData\Local\WebpageIcons.db
[2011/06/08 22:49:42 | 001,929,576 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3070_B611.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/09/04 15:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Ascaron Entertainment
[2012/03/25 10:42:31 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Azureus
[2012/03/22 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Babylon
[2012/09/16 10:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\DVDVideoSoft
[2012/09/16 10:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/13 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Kalypso Media
[2011/10/02 13:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\LolClient
[2012/09/02 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\OpenCandy
[2012/11/11 15:06:01 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Party
[2011/09/05 21:14:07 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Raptr
[2012/05/14 21:24:25 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\runic games
[2012/11/24 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\SoftGrid Client
[2012/03/23 15:31:11 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\TalesRunner
[2011/09/13 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\TP
[2012/05/13 20:25:18 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Tropico 4
[2011/10/16 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Unity
[2012/02/19 12:24:55 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\YoudaGames
[2012/05/17 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/07/10 12:27:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/08/21 07:22:14 | 000,000,000 | ---D | M] -- C:\7c743e06b9fb87dd6fc453c579
[2010/12/03 13:19:06 | 000,000,000 | ---D | M] -- C:\Backup My Data
[2011/09/02 22:11:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/03/24 11:36:28 | 000,000,000 | ---D | M] -- C:\Download
[2012/05/13 20:30:19 | 000,000,000 | -HSD | M] -- C:\found.000
[2010/07/22 17:28:37 | 000,000,000 | ---D | M] -- C:\Intel
[2011/09/13 18:54:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/05/22 09:45:15 | 000,000,000 | ---D | M] -- C:\Netgear
[2012/11/08 17:26:29 | 000,000,000 | ---D | M] -- C:\Poker
[2012/10/27 07:54:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/10/09 20:42:23 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/11/11 15:03:44 | 000,000,000 | ---D | M] -- C:\Programs
[2011/09/02 22:11:54 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/11/27 20:06:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/09/02 22:21:53 | 000,000,000 | R--D | M] -- C:\Users
[2012/11/08 17:27:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/09/12 16:52:08 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Adobe
[2011/09/05 09:31:12 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Apple Computer
[2011/09/04 15:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Ascaron Entertainment
[2012/03/25 10:42:31 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Azureus
[2012/03/22 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Babylon
[2011/09/09 20:32:22 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\DivX
[2012/09/16 10:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\DVDVideoSoft
[2012/09/16 10:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/24 12:24:08 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\HpUpdate
[2011/09/02 22:22:12 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Identities
[2012/05/13 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Kalypso Media
[2011/10/02 13:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\LolClient
[2011/09/03 10:56:51 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Macromedia
[2009/07/14 08:48:18 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Media Center Programs
[2012/07/20 09:23:22 | 000,000,000 | --SD | M] -- C:\Users\Tini\AppData\Roaming\Microsoft
[2011/09/02 22:36:49 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Mozilla
[2012/11/11 15:05:02 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Mozilla-Cache
[2012/09/02 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\OpenCandy
[2012/11/11 15:06:01 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Party
[2011/09/05 21:14:07 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Raptr
[2012/05/14 21:24:25 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\runic games
[2012/11/24 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\SoftGrid Client
[2012/03/23 15:31:11 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\TalesRunner
[2011/09/13 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\TP
[2012/05/13 20:25:18 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Tropico 4
[2011/10/16 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Unity
[2011/10/26 16:07:26 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\vlc
[2011/09/03 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\WinRAR
[2012/02/19 12:24:55 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\YoudaGames
[2012/05/17 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\YourFileDownloader
 
< %APPDATA%\*.exe /s >
[2011/09/03 10:44:38 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Tini\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011/10/11 20:35:54 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tini\AppData\Roaming\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
[2011/10/11 20:35:54 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tini\AppData\Roaming\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011/10/11 20:35:54 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tini\AppData\Roaming\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011/10/11 20:35:54 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tini\AppData\Roaming\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011/10/11 20:35:54 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tini\AppData\Roaming\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011/10/11 20:35:54 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tini\AppData\Roaming\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011/10/11 20:35:54 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tini\AppData\Roaming\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011/10/11 20:35:54 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tini\AppData\Roaming\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011/11/18 05:30:06 | 002,081,208 | ---- | M] (Speedchecker Limited                                        ) -- C:\Users\Tini\AppData\Roaming\OpenCandy\348958ACFE7D48B6A36EF7F315103A38\pcspeedup_oc.exe
[2012/09/02 18:42:13 | 013,491,699 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\OpenCandy\B8756A17719C44A9997FDF36F684780A\TuneUpUtilities2012_de-DE-p2v1.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
[2012/06/19 16:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2012/08/13 17:24:22 | 000,075,096 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klflt.sys
[2012/11/15 17:12:22 | 000,589,144 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2012/08/02 14:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2012/10/10 17:11:52 | 000,025,944 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klkbdflt.sys
[2012/10/10 17:11:52 | 000,025,944 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
[2012/11/15 17:12:22 | 000,043,608 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\kltdi.sys
[2012/08/13 15:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\kneps.sys
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[20 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

cosinus · 27.11.2012, 21:03

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

tiniii · 27.11.2012, 22:47

So, GMER ist mir hängen geblieben, als ich es im abgesicherten modus versucht habe ist der screen blau geworden mittendrin, es stand dass ein problem aufgetreten ist und irgendetwas von dump crash (konnte mir nicht alles merken da der pc sofort neugestartet hat)

hier das ergebnis von aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 22:30:42
-----------------------------
22:30:42.661    OS Version: Windows 6.1.7600 
22:30:42.661    Number of processors: 2 586 0x170A
22:30:42.671    ComputerName: TINI-PC  UserName: Tini
22:30:43.961    Initialize success
22:30:50.566    AVAST engine defs: 12112701
22:31:05.386    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:31:05.386    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
22:31:05.402    Disk 0 MBR read successfully
22:31:05.402    Disk 0 MBR scan
22:31:05.417    Disk 0 unknown MBR code
22:31:05.417    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           99 MB offset 2048
22:31:05.433    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       922022 MB offset 204800
22:31:05.464    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 1888505856
22:31:05.480    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 1951420416
22:31:05.480    Disk 0 scanning sectors +1953523120
22:31:05.604    Disk 0 scanning C:\Windows\system32\drivers
22:31:14.818    Service scanning
22:31:21.797    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:31:22.405    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:31:22.436    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
22:31:22.483    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:31:22.530    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
22:31:22.577    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
22:31:34.840    Modules scanning
22:31:42.072    Disk 0 trace - called modules:
22:31:42.102    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
22:31:42.112    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88dac030]
22:31:42.112    3 CLASSPNP.SYS[8cb7c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86599028]
22:31:43.937    AVAST engine scan C:\Windows
22:31:47.709    AVAST engine scan C:\Windows\system32
22:34:32.355    AVAST engine scan C:\Windows\system32\drivers
22:34:45.320    AVAST engine scan C:\Users\Tini
22:41:10.310    AVAST engine scan C:\ProgramData
22:42:15.500    Scan finished successfully
22:43:44.749    Disk 0 MBR has been saved successfully to "C:\Users\Tini\Desktop\MBR.dat"
22:43:44.765    The log file has been saved successfully to "C:\Users\Tini\Desktop\aswMBR.txt"

cosinus · 27.11.2012, 23:27

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

tiniii · 28.11.2012, 08:27

bitteschön:

Code:

ATTFilter

08:24:11.0479 2228  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:24:11.0604 2228  ============================================================
08:24:11.0604 2228  Current date / time: 2012/11/28 08:24:11.0604
08:24:11.0604 2228  SystemInfo:
08:24:11.0604 2228  
08:24:11.0604 2228  OS Version: 6.1.7600 ServicePack: 0.0
08:24:11.0604 2228  Product type: Workstation
08:24:11.0604 2228  ComputerName: TINI-PC
08:24:11.0604 2228  UserName: Tini
08:24:11.0604 2228  Windows directory: C:\Windows
08:24:11.0604 2228  System windows directory: C:\Windows
08:24:11.0604 2228  Processor architecture: Intel x86
08:24:11.0604 2228  Number of processors: 2
08:24:11.0604 2228  Page size: 0x1000
08:24:11.0604 2228  Boot type: Normal boot
08:24:11.0604 2228  ============================================================
08:24:14.0793 2228  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:24:14.0793 2228  ============================================================
08:24:14.0793 2228  \Device\Harddisk0\DR0:
08:24:14.0793 2228  MBR partitions:
08:24:14.0793 2228  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x31800
08:24:14.0793 2228  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32000, BlocksNum 0x708D3000
08:24:14.0793 2228  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x70905000, BlocksNum 0x3C00000
08:24:14.0793 2228  ============================================================
08:24:14.0855 2228  C: <-> \Device\Harddisk0\DR0\Partition2
08:24:14.0964 2228  D: <-> \Device\Harddisk0\DR0\Partition3
08:24:14.0964 2228  ============================================================
08:24:14.0964 2228  Initialize success
08:24:14.0964 2228  ============================================================
08:24:38.0243 4396  ============================================================
08:24:38.0243 4396  Scan started
08:24:38.0243 4396  Mode: Manual; SigCheck; TDLFS; 
08:24:38.0243 4396  ============================================================
08:24:38.0571 4396  ================ Scan system memory ========================
08:24:38.0571 4396  System memory - ok
08:24:38.0571 4396  ================ Scan services =============================
08:24:38.0727 4396  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
08:24:38.0836 4396  1394ohci - ok
08:24:38.0883 4396  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
08:24:38.0899 4396  ACPI - ok
08:24:38.0914 4396  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
08:24:38.0992 4396  AcpiPmi - ok
08:24:39.0086 4396  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:24:39.0117 4396  AdobeFlashPlayerUpdateSvc - ok
08:24:39.0164 4396  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:24:39.0179 4396  adp94xx - ok
08:24:39.0195 4396  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:24:39.0226 4396  adpahci - ok
08:24:39.0242 4396  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:24:39.0257 4396  adpu320 - ok
08:24:39.0304 4396  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:24:39.0335 4396  AeLookupSvc - ok
08:24:39.0382 4396  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
08:24:39.0429 4396  AFD - ok
08:24:39.0460 4396  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
08:24:39.0476 4396  agp440 - ok
08:24:39.0491 4396  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
08:24:39.0507 4396  aic78xx - ok
08:24:39.0538 4396  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
08:24:39.0585 4396  ALG - ok
08:24:39.0601 4396  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
08:24:39.0616 4396  aliide - ok
08:24:39.0616 4396  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
08:24:39.0647 4396  amdagp - ok
08:24:39.0663 4396  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
08:24:39.0679 4396  amdide - ok
08:24:39.0694 4396  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:24:39.0735 4396  AmdK8 - ok
08:24:39.0755 4396  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:24:39.0795 4396  AmdPPM - ok
08:24:39.0825 4396  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:24:39.0845 4396  amdsata - ok
08:24:39.0875 4396  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:24:39.0895 4396  amdsbs - ok
08:24:39.0915 4396  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:24:39.0935 4396  amdxata - ok
08:24:39.0945 4396  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
08:24:40.0025 4396  AppID - ok
08:24:40.0045 4396  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:24:40.0155 4396  AppIDSvc - ok
08:24:40.0205 4396  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
08:24:40.0255 4396  Appinfo - ok
08:24:40.0385 4396  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:24:40.0405 4396  Apple Mobile Device - ok
08:24:40.0435 4396  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:24:40.0445 4396  arc - ok
08:24:40.0465 4396  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:24:40.0485 4396  arcsas - ok
08:24:40.0495 4396  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:24:40.0575 4396  AsyncMac - ok
08:24:40.0615 4396  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
08:24:40.0625 4396  atapi - ok
08:24:40.0655 4396  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:24:40.0705 4396  AudioEndpointBuilder - ok
08:24:40.0715 4396  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:24:40.0755 4396  Audiosrv - ok
08:24:40.0845 4396  AVP - ok
08:24:40.0865 4396  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:24:40.0895 4396  AxInstSV - ok
08:24:40.0915 4396  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
08:24:41.0005 4396  b06bdrv - ok
08:24:41.0055 4396  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
08:24:41.0105 4396  b57nd60x - ok
08:24:41.0135 4396  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:24:41.0195 4396  BDESVC - ok
08:24:41.0235 4396  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:24:41.0285 4396  Beep - ok
08:24:41.0345 4396  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
08:24:41.0395 4396  BFE - ok
08:24:41.0445 4396  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
08:24:41.0505 4396  BITS - ok
08:24:41.0555 4396  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:24:41.0575 4396  blbdrive - ok
08:24:41.0615 4396  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:24:41.0635 4396  Bonjour Service - ok
08:24:41.0675 4396  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:24:41.0695 4396  bowser - ok
08:24:41.0715 4396  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:24:41.0745 4396  BrFiltLo - ok
08:24:41.0785 4396  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:24:41.0825 4396  BrFiltUp - ok
08:24:41.0855 4396  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser         C:\Windows\System32\browser.dll
08:24:41.0925 4396  Browser - ok
08:24:41.0985 4396  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:24:42.0066 4396  Brserid - ok
08:24:42.0076 4396  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:24:42.0106 4396  BrSerWdm - ok
08:24:42.0126 4396  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:24:42.0146 4396  BrUsbMdm - ok
08:24:42.0156 4396  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:24:42.0196 4396  BrUsbSer - ok
08:24:42.0236 4396  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
08:24:42.0276 4396  BthEnum - ok
08:24:42.0286 4396  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:24:42.0306 4396  BTHMODEM - ok
08:24:42.0336 4396  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
08:24:42.0346 4396  BthPan - ok
08:24:42.0376 4396  [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
08:24:42.0396 4396  BTHPORT - ok
08:24:42.0436 4396  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
08:24:42.0476 4396  bthserv - ok
08:24:42.0506 4396  [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
08:24:42.0536 4396  BTHUSB - ok
08:24:42.0546 4396  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
08:24:42.0786 4396  btusbflt - ok
08:24:42.0826 4396  [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
08:24:42.0846 4396  btwaudio - ok
08:24:42.0856 4396  [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
08:24:42.0876 4396  btwavdt - ok
08:24:42.0926 4396  [ F7434401AE320BB97903A3C1865242FB ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:24:42.0946 4396  btwdins - ok
08:24:42.0956 4396  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
08:24:42.0966 4396  btwl2cap - ok
08:24:42.0986 4396  [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
08:24:42.0996 4396  btwrchid - ok
08:24:43.0036 4396  [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5        C:\Windows\system32\drivers\BVRPMPR5.SYS
08:24:43.0056 4396  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
08:24:43.0056 4396  BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
08:24:43.0096 4396  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:24:43.0136 4396  cdfs - ok
08:24:43.0166 4396  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:24:43.0196 4396  cdrom - ok
08:24:43.0236 4396  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:24:43.0296 4396  CertPropSvc - ok
08:24:43.0326 4396  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:24:43.0358 4396  circlass - ok
08:24:43.0436 4396  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
08:24:43.0467 4396  CLFS - ok
08:24:43.0560 4396  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:24:43.0576 4396  clr_optimization_v2.0.50727_32 - ok
08:24:43.0607 4396  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:24:43.0623 4396  clr_optimization_v4.0.30319_32 - ok
08:24:43.0638 4396  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:24:43.0654 4396  CmBatt - ok
08:24:43.0670 4396  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
08:24:43.0685 4396  cmdide - ok
08:24:43.0716 4396  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
08:24:43.0748 4396  CNG - ok
08:24:43.0779 4396  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:24:43.0810 4396  Compbatt - ok
08:24:43.0826 4396  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
08:24:43.0841 4396  CompositeBus - ok
08:24:43.0841 4396  COMSysApp - ok
08:24:43.0857 4396  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:24:43.0872 4396  crcdisk - ok
08:24:43.0904 4396  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:24:43.0935 4396  CryptSvc - ok
08:24:44.0028 4396  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:24:44.0060 4396  cvhsvc - ok
08:24:44.0091 4396  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:24:44.0122 4396  DcomLaunch - ok
08:24:44.0138 4396  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:24:44.0184 4396  defragsvc - ok
08:24:44.0200 4396  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:24:44.0262 4396  DfsC - ok
08:24:44.0278 4396  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:24:44.0340 4396  Dhcp - ok
08:24:44.0356 4396  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
08:24:44.0387 4396  discache - ok
08:24:44.0418 4396  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:24:44.0434 4396  Disk - ok
08:24:44.0465 4396  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:24:44.0496 4396  Dnscache - ok
08:24:44.0543 4396  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:24:44.0590 4396  dot3svc - ok
08:24:44.0684 4396  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
08:24:44.0746 4396  DPS - ok
08:24:44.0793 4396  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:24:44.0840 4396  drmkaud - ok
08:24:44.0871 4396  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:24:44.0902 4396  DXGKrnl - ok
08:24:44.0918 4396  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
08:24:45.0089 4396  EapHost - ok
08:24:45.0198 4396  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
08:24:45.0323 4396  ebdrv - ok
08:24:45.0339 4396  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\Windows\System32\lsass.exe
08:24:45.0401 4396  EFS - ok
08:24:45.0448 4396  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:24:45.0495 4396  ehRecvr - ok
08:24:45.0510 4396  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
08:24:45.0557 4396  ehSched - ok
08:24:45.0573 4396  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:24:45.0604 4396  elxstor - ok
08:24:45.0666 4396  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
08:24:45.0698 4396  ErrDev - ok
08:24:45.0854 4396  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
08:24:45.0916 4396  EventSystem - ok
08:24:46.0014 4396  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
08:24:46.0054 4396  exfat - ok
08:24:46.0114 4396  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:24:46.0184 4396  fastfat - ok
08:24:46.0244 4396  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
08:24:46.0304 4396  Fax - ok
08:24:46.0324 4396  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:24:46.0344 4396  fdc - ok
08:24:46.0364 4396  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
08:24:46.0394 4396  fdPHost - ok
08:24:46.0414 4396  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
08:24:46.0464 4396  FDResPub - ok
08:24:46.0484 4396  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:24:46.0494 4396  FileInfo - ok
08:24:46.0514 4396  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:24:46.0554 4396  Filetrace - ok
08:24:46.0554 4396  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:24:46.0584 4396  flpydisk - ok
08:24:46.0604 4396  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:24:46.0624 4396  FltMgr - ok
08:24:46.0654 4396  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
08:24:46.0694 4396  FontCache - ok
08:24:46.0754 4396  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:24:46.0784 4396  FontCache3.0.0.0 - ok
08:24:46.0794 4396  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:24:46.0814 4396  FsDepends - ok
08:24:46.0834 4396  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:24:46.0844 4396  Fs_Rec - ok
08:24:46.0864 4396  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:24:46.0884 4396  fvevol - ok
08:24:46.0904 4396  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:24:46.0924 4396  gagp30kx - ok
08:24:46.0974 4396  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:24:46.0984 4396  GEARAspiWDM - ok
08:24:47.0014 4396  Giraffic - ok
08:24:47.0034 4396  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
08:24:47.0064 4396  gpsvc - ok
08:24:47.0074 4396  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:24:47.0114 4396  hcw85cir - ok
08:24:47.0154 4396  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:24:47.0184 4396  HdAudAddService - ok
08:24:47.0204 4396  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:24:47.0224 4396  HDAudBus - ok
08:24:47.0244 4396  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:24:47.0264 4396  HidBatt - ok
08:24:47.0284 4396  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:24:47.0314 4396  HidBth - ok
08:24:47.0344 4396  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:24:47.0374 4396  HidIr - ok
08:24:47.0404 4396  [ 1FAB2540C1BD6DA847CCD292F4EEE48A ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
08:24:47.0414 4396  hidkmdf - ok
08:24:47.0434 4396  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
08:24:47.0484 4396  hidserv - ok
08:24:47.0514 4396  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:24:47.0534 4396  HidUsb - ok
08:24:47.0564 4396  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:24:47.0614 4396  hkmsvc - ok
08:24:47.0634 4396  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:24:47.0684 4396  HomeGroupListener - ok
08:24:47.0704 4396  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:24:47.0734 4396  HomeGroupProvider - ok
08:24:47.0764 4396  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
08:24:47.0784 4396  HpSAMD - ok
08:24:47.0814 4396  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:24:47.0864 4396  HTTP - ok
08:24:47.0904 4396  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:24:47.0914 4396  hwpolicy - ok
08:24:47.0934 4396  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:24:47.0964 4396  i8042prt - ok
08:24:47.0994 4396  [ 5A6C5876FB84418D08D67B8CAED5EFCF ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
08:24:48.0004 4396  iaStor - ok
08:24:48.0034 4396  [ DE9560E9703BFE1BD08014A406BE0033 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:24:48.0054 4396  IAStorDataMgrSvc - ok
08:24:48.0094 4396  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:24:48.0114 4396  iaStorV - ok
08:24:48.0174 4396  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:24:48.0204 4396  idsvc - ok
08:24:48.0234 4396  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:24:48.0254 4396  iirsp - ok
08:24:48.0284 4396  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:24:48.0324 4396  IKEEXT - ok
08:24:48.0404 4396  [ BA9A1F572D1A91559E6E76504CFD381C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:24:48.0464 4396  IntcAzAudAddService - ok
08:24:48.0474 4396  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
08:24:48.0494 4396  intelide - ok
08:24:48.0514 4396  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:24:48.0544 4396  intelppm - ok
08:24:48.0564 4396  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:24:48.0604 4396  IPBusEnum - ok
08:24:48.0624 4396  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:24:48.0664 4396  IpFilterDriver - ok
08:24:48.0684 4396  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:24:48.0724 4396  iphlpsvc - ok
08:24:48.0744 4396  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:24:48.0764 4396  IPMIDRV - ok
08:24:48.0784 4396  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:24:48.0824 4396  IPNAT - ok
08:24:48.0874 4396  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:24:48.0904 4396  iPod Service - ok
08:24:48.0924 4396  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:24:48.0954 4396  IRENUM - ok
08:24:48.0974 4396  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
08:24:48.0994 4396  isapnp - ok
08:24:49.0014 4396  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:24:49.0034 4396  iScsiPrt - ok
08:24:49.0044 4396  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:24:49.0054 4396  kbdclass - ok
08:24:49.0074 4396  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:24:49.0094 4396  kbdhid - ok
08:24:49.0104 4396  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
08:24:49.0124 4396  KeyIso - ok
08:24:49.0154 4396  [ EA26CB00F83686856F2C79673C00C686 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
08:24:49.0174 4396  KL1 - ok
08:24:49.0234 4396  [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
08:24:49.0264 4396  KLIF - ok
08:24:49.0284 4396  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
08:24:49.0294 4396  KLIM6 - ok
08:24:49.0324 4396  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
08:24:49.0334 4396  klkbdflt - ok
08:24:49.0354 4396  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
08:24:49.0374 4396  klmouflt - ok
08:24:49.0414 4396  [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
08:24:49.0434 4396  kltdi - ok
08:24:49.0444 4396  [ 71A38C123600172511C26BFABD0EF579 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
08:24:49.0464 4396  kneps - ok
08:24:49.0484 4396  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:24:49.0504 4396  KSecDD - ok
08:24:49.0524 4396  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:24:49.0544 4396  KSecPkg - ok
08:24:49.0574 4396  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:24:49.0624 4396  KtmRm - ok
08:24:49.0644 4396  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:24:49.0674 4396  LanmanServer - ok
08:24:49.0684 4396  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:24:49.0744 4396  LanmanWorkstation - ok
08:24:49.0804 4396  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:24:49.0854 4396  lltdio - ok
08:24:49.0884 4396  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:24:49.0934 4396  lltdsvc - ok
08:24:49.0974 4396  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:24:50.0034 4396  lmhosts - ok
08:24:50.0115 4396  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:24:50.0155 4396  LSI_FC - ok
08:24:50.0195 4396  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:24:50.0215 4396  LSI_SAS - ok
08:24:50.0225 4396  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:24:50.0245 4396  LSI_SAS2 - ok
08:24:50.0285 4396  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:24:50.0295 4396  LSI_SCSI - ok
08:24:50.0315 4396  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
08:24:50.0341 4396  luafv - ok
08:24:50.0372 4396  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:24:50.0387 4396  Mcx2Svc - ok
08:24:50.0403 4396  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:24:50.0419 4396  megasas - ok
08:24:50.0450 4396  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:24:50.0465 4396  MegaSR - ok
08:24:50.0481 4396  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
08:24:50.0528 4396  MMCSS - ok
08:24:50.0543 4396  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
08:24:50.0590 4396  Modem - ok
08:24:50.0606 4396  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:24:50.0621 4396  monitor - ok
08:24:50.0621 4396  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:24:50.0637 4396  mouclass - ok
08:24:50.0653 4396  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:24:50.0684 4396  mouhid - ok
08:24:50.0699 4396  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:24:50.0715 4396  mountmgr - ok
08:24:50.0762 4396  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:24:50.0777 4396  MozillaMaintenance - ok
08:24:50.0793 4396  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
08:24:50.0809 4396  mpio - ok
08:24:50.0824 4396  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:24:50.0855 4396  mpsdrv - ok
08:24:50.0887 4396  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:24:50.0933 4396  MpsSvc - ok
08:24:50.0965 4396  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:24:50.0980 4396  MRxDAV - ok
08:24:51.0027 4396  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:24:51.0074 4396  mrxsmb - ok
08:24:51.0089 4396  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:24:51.0121 4396  mrxsmb10 - ok
08:24:51.0136 4396  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:24:51.0152 4396  mrxsmb20 - ok
08:24:51.0167 4396  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
08:24:51.0183 4396  msahci - ok
08:24:51.0199 4396  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
08:24:51.0230 4396  msdsm - ok
08:24:51.0245 4396  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
08:24:51.0277 4396  MSDTC - ok
08:24:51.0292 4396  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:24:51.0323 4396  Msfs - ok
08:24:51.0355 4396  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:24:51.0386 4396  mshidkmdf - ok
08:24:51.0401 4396  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
08:24:51.0417 4396  msisadrv - ok
08:24:51.0448 4396  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:24:51.0479 4396  MSiSCSI - ok
08:24:51.0495 4396  msiserver - ok
08:24:51.0511 4396  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:24:51.0557 4396  MSKSSRV - ok
08:24:51.0589 4396  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:24:51.0620 4396  MSPCLOCK - ok
08:24:51.0651 4396  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:24:51.0682 4396  MSPQM - ok
08:24:51.0682 4396  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:24:51.0698 4396  MsRPC - ok
08:24:51.0713 4396  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:24:51.0729 4396  mssmbios - ok
08:24:51.0745 4396  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:24:51.0776 4396  MSTEE - ok
08:24:51.0807 4396  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:24:51.0838 4396  MTConfig - ok
08:24:51.0854 4396  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:24:51.0869 4396  Mup - ok
08:24:51.0901 4396  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
08:24:51.0947 4396  napagent - ok
08:24:51.0979 4396  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:24:51.0994 4396  NativeWifiP - ok
08:24:52.0025 4396  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:24:52.0057 4396  NDIS - ok
08:24:52.0072 4396  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:24:52.0103 4396  NdisCap - ok
08:24:52.0119 4396  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:24:52.0166 4396  NdisTapi - ok
08:24:52.0197 4396  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:24:52.0228 4396  Ndisuio - ok
08:24:52.0244 4396  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:24:52.0291 4396  NdisWan - ok
08:24:52.0306 4396  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:24:52.0353 4396  NDProxy - ok
08:24:52.0353 4396  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:24:52.0400 4396  NetBIOS - ok
08:24:52.0415 4396  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:24:52.0447 4396  NetBT - ok
08:24:52.0462 4396  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
08:24:52.0478 4396  Netlogon - ok
08:24:52.0509 4396  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
08:24:52.0556 4396  Netman - ok
08:24:52.0571 4396  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
08:24:52.0618 4396  netprofm - ok
08:24:52.0649 4396  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:24:52.0665 4396  NetTcpPortSharing - ok
08:24:52.0681 4396  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:24:52.0712 4396  nfrd960 - ok
08:24:52.0743 4396  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:24:52.0774 4396  NlaSvc - ok
08:24:52.0790 4396  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:24:52.0821 4396  Npfs - ok
08:24:52.0837 4396  npggsvc - ok
08:24:52.0852 4396  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
08:24:52.0899 4396  nsi - ok
08:24:52.0915 4396  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:24:52.0946 4396  nsiproxy - ok
08:24:53.0008 4396  [ 5126C5402C730C2A953275D8497A4715 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:24:53.0039 4396  Ntfs - ok
08:24:53.0055 4396  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
08:24:53.0086 4396  Null - ok
08:24:53.0117 4396  [ EFF6795CDACB959D1AB89EB9B9C29B57 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
08:24:53.0133 4396  NVHDA - ok
08:24:53.0320 4396  [ 50C1B2DD2A5B3ED82C6E4683C4AD58B8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:24:53.0476 4396  nvlddmkm - ok
08:24:53.0507 4396  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:24:53.0523 4396  nvraid - ok
08:24:53.0570 4396  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:24:53.0585 4396  nvstor - ok
08:24:53.0601 4396  [ D9051D79D19C63B67CA12BD1C3B6FFB3 ] nvsvc           C:\Windows\system32\nvvsvc.exe
08:24:53.0617 4396  nvsvc - ok
08:24:53.0648 4396  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
08:24:53.0663 4396  nv_agp - ok
08:24:53.0679 4396  [ F1A718C6C6CD3EDF157FA3D459ADFEF7 ] NW1950          C:\Windows\system32\DRIVERS\NW1950.sys
08:24:53.0695 4396  NW1950 - ok
08:24:53.0726 4396  [ 953E08D5CA0B02697A8145AAA0CA28BE ] NxpCap          C:\Windows\system32\DRIVERS\NxpCap.sys
08:24:53.0788 4396  NxpCap - ok
08:24:53.0804 4396  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:24:53.0835 4396  ohci1394 - ok
08:24:53.0866 4396  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:24:53.0882 4396  ose - ok
08:24:54.0007 4396  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:24:54.0163 4396  osppsvc - ok
08:24:54.0209 4396  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:24:54.0225 4396  p2pimsvc - ok
08:24:54.0272 4396  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:24:54.0303 4396  p2psvc - ok
08:24:54.0319 4396  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:24:54.0334 4396  Parport - ok
08:24:54.0365 4396  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:24:54.0381 4396  partmgr - ok
08:24:54.0397 4396  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
08:24:54.0412 4396  Parvdm - ok
08:24:54.0443 4396  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:24:54.0475 4396  PcaSvc - ok
08:24:54.0490 4396  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
08:24:54.0506 4396  pci - ok
08:24:54.0521 4396  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
08:24:54.0537 4396  pciide - ok
08:24:54.0553 4396  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:24:54.0568 4396  pcmcia - ok
08:24:54.0584 4396  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
08:24:54.0599 4396  pcw - ok
08:24:54.0693 4396  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:24:54.0771 4396  PEAUTH - ok
08:24:55.0106 4396  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
08:24:55.0226 4396  pla - ok
08:24:55.0276 4396  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:24:55.0306 4396  PlugPlay - ok
08:24:55.0326 4396  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:24:55.0366 4396  PNRPAutoReg - ok
08:24:55.0386 4396  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:24:55.0406 4396  PNRPsvc - ok
08:24:55.0436 4396  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:24:55.0486 4396  PolicyAgent - ok
08:24:55.0536 4396  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
08:24:55.0576 4396  Power - ok
08:24:55.0616 4396  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:24:55.0646 4396  PptpMiniport - ok
08:24:55.0676 4396  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:24:55.0736 4396  Processor - ok
08:24:55.0776 4396  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\Windows\system32\profsvc.dll
08:24:55.0796 4396  ProfSvc - ok
08:24:55.0806 4396  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:24:55.0826 4396  ProtectedStorage - ok
08:24:55.0846 4396  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:24:55.0896 4396  Psched - ok
08:24:55.0956 4396  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
08:24:55.0966 4396  PSI_SVC_2 - ok
08:24:56.0006 4396  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:24:56.0046 4396  ql2300 - ok
08:24:56.0096 4396  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:24:56.0126 4396  ql40xx - ok
08:24:56.0177 4396  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
08:24:56.0227 4396  QWAVE - ok
08:24:56.0247 4396  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:24:56.0277 4396  QWAVEdrv - ok
08:24:56.0297 4396  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:24:56.0327 4396  RasAcd - ok
08:24:56.0357 4396  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:24:56.0387 4396  RasAgileVpn - ok
08:24:56.0417 4396  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
08:24:56.0447 4396  RasAuto - ok
08:24:56.0477 4396  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:24:56.0517 4396  Rasl2tp - ok
08:24:56.0547 4396  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
08:24:56.0597 4396  RasMan - ok
08:24:56.0617 4396  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:24:56.0647 4396  RasPppoe - ok
08:24:56.0677 4396  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:24:56.0727 4396  RasSstp - ok
08:24:56.0747 4396  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:24:56.0777 4396  rdbss - ok
08:24:56.0837 4396  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:24:56.0867 4396  rdpbus - ok
08:24:56.0887 4396  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:24:56.0937 4396  RDPCDD - ok
08:24:56.0967 4396  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:24:57.0007 4396  RDPENCDD - ok
08:24:57.0037 4396  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:24:57.0067 4396  RDPREFMP - ok
08:24:57.0127 4396  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:24:57.0167 4396  RDPWD - ok
08:24:57.0207 4396  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:24:57.0227 4396  rdyboost - ok
08:24:57.0277 4396  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:24:57.0347 4396  RemoteAccess - ok
08:24:57.0397 4396  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:24:57.0447 4396  RemoteRegistry - ok
08:24:57.0467 4396  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
08:24:57.0497 4396  RFCOMM - ok
08:24:57.0567 4396  [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
08:24:57.0587 4396  RichVideo - ok
08:24:57.0597 4396  RimUsb - ok
08:24:57.0637 4396  [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
08:24:57.0677 4396  RimVSerPort - ok
08:24:57.0707 4396  [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
08:24:57.0747 4396  ROOTMODEM - ok
08:24:57.0767 4396  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:24:57.0807 4396  RpcEptMapper - ok
08:24:57.0837 4396  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
08:24:57.0867 4396  RpcLocator - ok
08:24:57.0902 4396  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
08:24:57.0934 4396  RpcSs - ok
08:24:57.0949 4396  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:24:57.0980 4396  rspndr - ok
08:24:58.0012 4396  [ B87F999E05DD9C0312C83A8752E8E66B ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
08:24:58.0027 4396  RSUSBSTOR - ok
08:24:58.0058 4396  [ 06BD46BE6141556125F89DF738333720 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
08:24:58.0074 4396  RTL8167 - ok
08:24:58.0105 4396  [ CFD6C307BF5DB3B339BE9F92B95433B9 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
08:24:58.0136 4396  rtl8192se - ok
08:24:58.0168 4396  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\Windows\system32\lsass.exe
08:24:58.0183 4396  SamSs - ok
08:24:58.0214 4396  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
08:24:58.0230 4396  sbp2port - ok
08:24:58.0246 4396  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:24:58.0277 4396  SCardSvr - ok
08:24:58.0308 4396  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:24:58.0339 4396  scfilter - ok
08:24:58.0370 4396  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
08:24:58.0402 4396  Schedule - ok
08:24:58.0433 4396  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:24:58.0464 4396  SCPolicySvc - ok
08:24:58.0480 4396  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:24:58.0511 4396  SDRSVC - ok
08:24:58.0526 4396  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:24:58.0573 4396  secdrv - ok
08:24:58.0589 4396  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
08:24:58.0636 4396  seclogon - ok
08:24:58.0667 4396  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
08:24:58.0698 4396  SENS - ok
08:24:58.0729 4396  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:24:58.0760 4396  SensrSvc - ok
08:24:58.0776 4396  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:24:58.0792 4396  Serenum - ok
08:24:58.0823 4396  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:24:58.0870 4396  Serial - ok
08:24:58.0885 4396  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:24:58.0932 4396  sermouse - ok
08:24:58.0963 4396  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
08:24:58.0994 4396  SessionEnv - ok
08:24:59.0026 4396  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
08:24:59.0072 4396  sffdisk - ok
08:24:59.0088 4396  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:24:59.0104 4396  sffp_mmc - ok
08:24:59.0119 4396  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
08:24:59.0135 4396  sffp_sd - ok
08:24:59.0166 4396  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:24:59.0182 4396  sfloppy - ok
08:24:59.0228 4396  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
08:24:59.0260 4396  Sftfs - ok
08:24:59.0291 4396  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
08:24:59.0306 4396  sftlist - ok
08:24:59.0322 4396  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:24:59.0338 4396  Sftplay - ok
08:24:59.0353 4396  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:24:59.0369 4396  Sftredir - ok
08:24:59.0384 4396  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
08:24:59.0400 4396  Sftvol - ok
08:24:59.0416 4396  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
08:24:59.0431 4396  sftvsa - ok
08:24:59.0447 4396  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:24:59.0509 4396  SharedAccess - ok
08:24:59.0572 4396  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:24:59.0618 4396  ShellHWDetection - ok
08:24:59.0634 4396  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
08:24:59.0650 4396  sisagp - ok
08:24:59.0681 4396  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:24:59.0696 4396  SiSRaid2 - ok
08:24:59.0712 4396  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:24:59.0728 4396  SiSRaid4 - ok
08:24:59.0748 4396  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:24:59.0788 4396  Smb - ok
08:24:59.0838 4396  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:24:59.0888 4396  SNMPTRAP - ok
08:24:59.0908 4396  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:24:59.0918 4396  spldr - ok
08:24:59.0968 4396  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler         C:\Windows\System32\spoolsv.exe
08:24:59.0988 4396  Spooler - ok
08:25:00.0098 4396  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
08:25:00.0168 4396  sppsvc - ok
08:25:00.0208 4396  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:25:00.0258 4396  sppuinotify - ok
08:25:00.0358 4396  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:25:00.0418 4396  srv - ok
08:25:00.0448 4396  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:25:00.0488 4396  srv2 - ok
08:25:00.0508 4396  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:25:00.0528 4396  srvnet - ok
08:25:00.0538 4396  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:25:00.0578 4396  SSDPSRV - ok
08:25:00.0608 4396  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:25:00.0648 4396  SstpSvc - ok
08:25:00.0658 4396  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:25:00.0678 4396  stexstor - ok
08:25:00.0718 4396  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
08:25:00.0748 4396  StillCam - ok
08:25:00.0788 4396  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
08:25:00.0838 4396  StiSvc - ok
08:25:00.0858 4396  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:25:00.0878 4396  swenum - ok
08:25:00.0888 4396  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
08:25:00.0938 4396  swprv - ok
08:25:00.0978 4396  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
08:25:01.0018 4396  SysMain - ok
08:25:01.0028 4396  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:25:01.0068 4396  TabletInputService - ok
08:25:01.0088 4396  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:25:01.0138 4396  TapiSrv - ok
08:25:01.0158 4396  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
08:25:01.0188 4396  TBS - ok
08:25:01.0248 4396  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:25:01.0278 4396  Tcpip - ok
08:25:01.0298 4396  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:25:01.0338 4396  TCPIP6 - ok
08:25:01.0358 4396  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:25:01.0408 4396  tcpipreg - ok
08:25:01.0428 4396  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:25:01.0458 4396  TDPIPE - ok
08:25:01.0478 4396  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:25:01.0488 4396  TDTCP - ok
08:25:01.0508 4396  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:25:01.0548 4396  tdx - ok
08:25:01.0568 4396  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:25:01.0578 4396  TermDD - ok
08:25:01.0608 4396  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
08:25:01.0658 4396  TermService - ok
08:25:01.0698 4396  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
08:25:01.0728 4396  Themes - ok
08:25:01.0748 4396  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
08:25:01.0778 4396  THREADORDER - ok
08:25:01.0798 4396  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
08:25:01.0838 4396  TrkWks - ok
08:25:01.0868 4396  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:25:01.0908 4396  TrustedInstaller - ok
08:25:01.0928 4396  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:25:01.0958 4396  tssecsrv - ok
08:25:01.0998 4396  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:25:02.0048 4396  tunnel - ok
08:25:02.0068 4396  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:25:02.0078 4396  uagp35 - ok
08:25:02.0098 4396  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:25:02.0148 4396  udfs - ok
08:25:02.0178 4396  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:25:02.0208 4396  UI0Detect - ok
08:25:02.0238 4396  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
08:25:02.0248 4396  uliagpkx - ok
08:25:02.0268 4396  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:25:02.0278 4396  umbus - ok
08:25:02.0298 4396  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:25:02.0318 4396  UmPass - ok
08:25:02.0338 4396  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
08:25:02.0398 4396  upnphost - ok
08:25:02.0448 4396  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
08:25:02.0508 4396  USBAAPL - ok
08:25:02.0548 4396  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:25:02.0568 4396  usbccgp - ok
08:25:02.0588 4396  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
08:25:02.0628 4396  usbcir - ok
08:25:02.0628 4396  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:25:02.0648 4396  usbehci - ok
08:25:02.0668 4396  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:25:02.0688 4396  usbhub - ok
08:25:02.0698 4396  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:25:02.0728 4396  usbohci - ok
08:25:02.0768 4396  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:25:02.0788 4396  usbprint - ok
08:25:02.0828 4396  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:25:02.0848 4396  usbscan - ok
08:25:02.0878 4396  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:25:02.0908 4396  USBSTOR - ok
08:25:02.0928 4396  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:25:02.0948 4396  usbuhci - ok
08:25:02.0968 4396  [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
08:25:03.0028 4396  usbvideo - ok
08:25:03.0038 4396  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
08:25:03.0078 4396  UxSms - ok
08:25:03.0078 4396  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
08:25:03.0098 4396  VaultSvc - ok
08:25:03.0108 4396  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
08:25:03.0128 4396  vdrvroot - ok
08:25:03.0148 4396  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
08:25:03.0168 4396  vds - ok
08:25:03.0189 4396  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:25:03.0219 4396  vga - ok
08:25:03.0239 4396  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:25:03.0269 4396  VgaSave - ok
08:25:03.0299 4396  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
08:25:03.0309 4396  vhdmp - ok
08:25:03.0329 4396  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
08:25:03.0349 4396  viaagp - ok
08:25:03.0359 4396  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
08:25:03.0379 4396  ViaC7 - ok
08:25:03.0399 4396  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
08:25:03.0409 4396  viaide - ok
08:25:03.0429 4396  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
08:25:03.0439 4396  volmgr - ok
08:25:03.0459 4396  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:25:03.0479 4396  volmgrx - ok
08:25:03.0499 4396  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
08:25:03.0509 4396  volsnap - ok
08:25:03.0549 4396  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:25:03.0559 4396  vsmraid - ok
08:25:03.0589 4396  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
08:25:03.0639 4396  VSS - ok
08:25:03.0679 4396  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:25:03.0709 4396  vwifibus - ok
08:25:03.0719 4396  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:25:03.0759 4396  vwififlt - ok
08:25:03.0779 4396  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
08:25:03.0819 4396  W32Time - ok
08:25:03.0839 4396  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:25:03.0859 4396  WacomPen - ok
08:25:03.0879 4396  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:25:03.0919 4396  WANARP - ok
08:25:03.0919 4396  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:25:03.0949 4396  Wanarpv6 - ok
08:25:04.0029 4396  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:25:04.0089 4396  WatAdminSvc - ok
08:25:04.0129 4396  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
08:25:04.0199 4396  wbengine - ok
08:25:04.0229 4396  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:25:04.0269 4396  WbioSrvc - ok
08:25:04.0299 4396  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:25:04.0354 4396  wcncsvc - ok
08:25:04.0370 4396  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:25:04.0417 4396  WcsPlugInService - ok
08:25:04.0432 4396  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:25:04.0448 4396  Wd - ok
08:25:04.0479 4396  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:25:04.0510 4396  Wdf01000 - ok
08:25:04.0526 4396  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:25:04.0557 4396  WdiServiceHost - ok
08:25:04.0557 4396  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:25:04.0588 4396  WdiSystemHost - ok
08:25:04.0619 4396  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
08:25:04.0651 4396  WebClient - ok
08:25:04.0666 4396  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:25:04.0713 4396  Wecsvc - ok
08:25:04.0729 4396  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:25:04.0775 4396  wercplsupport - ok
08:25:04.0807 4396  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:25:04.0838 4396  WerSvc - ok
08:25:04.0869 4396  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:25:04.0900 4396  WfpLwf - ok
08:25:04.0931 4396  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:25:04.0947 4396  WIMMount - ok
08:25:04.0994 4396  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:25:05.0025 4396  WinDefend - ok
08:25:05.0025 4396  WinHttpAutoProxySvc - ok
08:25:05.0072 4396  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:25:05.0150 4396  Winmgmt - ok
08:25:05.0238 4396  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:25:05.0318 4396  WinRM - ok
08:25:05.0388 4396  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:25:05.0438 4396  WinUsb - ok
08:25:05.0468 4396  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:25:05.0518 4396  Wlansvc - ok
08:25:05.0598 4396  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:25:05.0638 4396  wlidsvc - ok
08:25:05.0658 4396  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:25:05.0698 4396  WmiAcpi - ok
08:25:05.0728 4396  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:25:05.0758 4396  wmiApSrv - ok
08:25:05.0798 4396  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:25:05.0848 4396  WMPNetworkSvc - ok
08:25:05.0858 4396  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:25:05.0908 4396  WPCSvc - ok
08:25:05.0928 4396  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:25:05.0968 4396  WPDBusEnum - ok
08:25:05.0978 4396  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:25:06.0028 4396  ws2ifsl - ok
08:25:06.0058 4396  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\System32\wscsvc.dll
08:25:06.0098 4396  wscsvc - ok
08:25:06.0098 4396  WSearch - ok
08:25:06.0238 4396  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
08:25:06.0308 4396  wuauserv - ok
08:25:06.0358 4396  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:25:06.0408 4396  WudfPf - ok
08:25:06.0428 4396  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:25:06.0448 4396  WUDFRd - ok
08:25:06.0488 4396  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:25:06.0528 4396  wudfsvc - ok
08:25:06.0548 4396  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:25:06.0588 4396  WwanSvc - ok
08:25:06.0628 4396  [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid          C:\Windows\System32\Drivers\x10hid.sys
08:25:06.0638 4396  X10Hid - ok
08:25:06.0688 4396  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
08:25:06.0708 4396  x10nets ( UnsignedFile.Multi.Generic ) - warning
08:25:06.0708 4396  x10nets - detected UnsignedFile.Multi.Generic (1)
08:25:06.0728 4396  [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF            C:\Windows\System32\Drivers\x10ufx2.sys
08:25:06.0748 4396  XUIF - ok
08:25:06.0788 4396  [ 74EC37B9EAF9FCA015B933A526825C7A ] {60DB6561-0A84-4c94-AF33-288405CFD56D} C:\Program Files\CyberLink\PowerCinema Movie\000.fcl
08:25:06.0798 4396  {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok
08:25:06.0798 4396  ================ Scan global ===============================
08:25:06.0828 4396  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
08:25:06.0858 4396  [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
08:25:06.0868 4396  [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
08:25:06.0898 4396  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
08:25:06.0928 4396  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
08:25:06.0938 4396  [Global] - ok
08:25:06.0938 4396  ================ Scan MBR ==================================
08:25:06.0948 4396  [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
08:25:09.0727 4396  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:25:09.0727 4396  \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:25:09.0727 4396  ================ Scan VBR ==================================
08:25:09.0727 4396  [ F758BEADF2690C37F4DF05E0F5DF705F ] \Device\Harddisk0\DR0\Partition1
08:25:09.0727 4396  \Device\Harddisk0\DR0\Partition1 - ok
08:25:09.0758 4396  [ 99D413A8D4AFC5955094E5A36C9C1B89 ] \Device\Harddisk0\DR0\Partition2
08:25:09.0758 4396  \Device\Harddisk0\DR0\Partition2 - ok
08:25:09.0789 4396  [ BFF9B73ACA102FB0972D90EEFCEC23CF ] \Device\Harddisk0\DR0\Partition3
08:25:09.0789 4396  \Device\Harddisk0\DR0\Partition3 - ok
08:25:09.0789 4396  ============================================================
08:25:09.0789 4396  Scan finished
08:25:09.0789 4396  ============================================================
08:25:09.0821 2172  Detected object count: 3
08:25:09.0821 2172  Actual detected object count: 3
08:26:12.0801 2172  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:26:12.0801 2172  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:26:12.0801 2172  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
08:26:12.0801 2172  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:26:12.0801 2172  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:26:12.0801 2172  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus · 28.11.2012, 10:43

Du hast ein TDSS/TDL im System. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

tiniii · 28.11.2012, 16:48

Code:

ATTFilter

ComboFix 12-11-28.01 - Tini 28.11.2012  11:10:47.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3070.1940 [GMT 1:00]
ausgeführt von:: c:\users\Tini\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\DealPly
c:\program files\DealPly\DealPlyTune.dll
c:\windows\system32\pt
c:\windows\system32\pt\Lagoon.resources.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-28  ))))))))))))))))))))))))))))))
.
.
2012-11-28 11:09 . 2012-11-28 11:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-28 10:15 . 2012-11-28 10:15	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75624F61-8662-42B0-8778-B448EA578E5F}\offreg.dll
2012-11-27 18:54 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75624F61-8662-42B0-8778-B448EA578E5F}\mpengine.dll
2012-11-15 22:31 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 22:31 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 22:31 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-15 22:30 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 22:30 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 22:30 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-15 22:30 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-15 22:30 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-15 22:30 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-15 22:30 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 15:58 . 2012-09-25 21:55	78336	----a-w-	c:\windows\system32\synceng.dll
2012-11-15 15:58 . 2012-10-18 17:57	2344960	----a-w-	c:\windows\system32\win32k.sys
2012-11-11 14:05 . 2012-11-11 14:05	--------	d-----w-	c:\users\Tini\AppData\Roaming\Mozilla-Cache
2012-11-11 14:04 . 2012-11-11 14:06	--------	d-----w-	c:\users\Tini\AppData\Roaming\Party
2012-11-11 14:03 . 2012-11-11 14:03	--------	d-----w-	C:\Programs
2012-11-08 16:27 . 2012-11-08 16:27	--------	d--h--w-	c:\windows\AxInstSV
2012-11-08 16:26 . 2012-11-08 16:26	--------	d-----w-	C:\Poker
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 13:34 . 2012-04-17 07:01	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-20 13:34 . 2011-09-03 09:56	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 16:12 . 2012-06-08 09:38	43608	----a-w-	c:\windows\system32\drivers\kltdi.sys
2012-10-16 20:34 . 2012-11-27 18:53	559104	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-10 16:11 . 2012-07-25 12:53	25944	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-10-10 16:11 . 2012-05-25 17:38	25944	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2012-09-25 21:52 . 2012-09-25 21:52	0	----a-w-	c:\windows\system32\sho1298.tmp
2012-09-23 21:10 . 2012-09-23 21:10	0	----a-w-	c:\windows\system32\shoAB96.tmp
2012-09-14 23:19 . 2012-09-14 23:19	0	----a-w-	c:\windows\system32\sho1970.tmp
2012-09-14 18:30 . 2012-10-10 15:37	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-31 17:21 . 2012-10-10 15:36	1210736	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:18 . 2012-10-10 15:36	3958128	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 15:36	3902832	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-26 23:14 . 2012-10-26 23:14	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49	176936	----a-w-	c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-03 13838952]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-29 8391200]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-29 678432]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2010-01-19 75048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-15 356376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
c:\users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/07/22 11:43];c:\program files\CyberLink\PowerCinema Movie\000.fcl [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 36626872
*Deregistered* - 36626872
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 13:34]
.
2012-11-28 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Tini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\ecfa2ova.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2012-10-09 21:36; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-10-09 21:36; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-10-09 21:36; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF - user.js: extensions.softonic_i.hmpg - true
FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.softonic_i.dfltSrch - true
FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.softonic_i.dnsErr - true
FF - user.js: extensions.softonic_i.newTab - true
FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 1e6b7ca50000000000001c4bd6028871
FF - user.js: extensions.softonic_i.instlDay - 15421
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.51:01
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitaeazel');
user_pref('extensions.dealply.installId', 'v23500280561241430038462012032222252622');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '2');
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=2912_4
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 1e6b7ca50000000000001c4bd6028871
FF - user.js: extensions.BabylonToolbar_i.hardId - 1e6b7ca50000000000001c4bd6028871
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15541
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
SafeBoot-BsScanner
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{60DB6561-0A84-4c94-AF33-288405CFD56D}]
"ImagePath"="\??\c:\program files\CyberLink\PowerCinema Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*&wño]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*&wño\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3648990694-1417340204-238680334-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*&wño]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,54,69,6e,69,5c,64,77,68,65,6c,70,65,72,5c,
   54,65,6e,65,6d,65,6e,74,20,32,2e,6d,70,34,00,63,00,31,00,32,00,38,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-28  12:11:55
ComboFix-quarantined-files.txt  2012-11-28 11:11
.
Vor Suchlauf: 11 Verzeichnis(se), 837.245.505.536 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 844.704.227.328 Bytes frei
.
- - End Of File - - D1FEAB4AA5D49048C866E759BC86611F

cosinus · 28.11.2012, 16:54

Mach bitte neue Logs mit aswMBR und TDSS-Killer

tiniii · 28.11.2012, 20:30

danke, bin erst vorhin dazu gekommen weiterzumachen

hier der aswMBR log

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 22:30:42
-----------------------------
22:30:42.661    OS Version: Windows 6.1.7600 
22:30:42.661    Number of processors: 2 586 0x170A
22:30:42.671    ComputerName: TINI-PC  UserName: Tini
22:30:43.961    Initialize success
22:30:50.566    AVAST engine defs: 12112701
22:31:05.386    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:31:05.386    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
22:31:05.402    Disk 0 MBR read successfully
22:31:05.402    Disk 0 MBR scan
22:31:05.417    Disk 0 unknown MBR code
22:31:05.417    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           99 MB offset 2048
22:31:05.433    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       922022 MB offset 204800
22:31:05.464    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 1888505856
22:31:05.480    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 1951420416
22:31:05.480    Disk 0 scanning sectors +1953523120
22:31:05.604    Disk 0 scanning C:\Windows\system32\drivers
22:31:14.818    Service scanning
22:31:21.797    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:31:22.405    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:31:22.436    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
22:31:22.483    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:31:22.530    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
22:31:22.577    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
22:31:34.840    Modules scanning
22:31:42.072    Disk 0 trace - called modules:
22:31:42.102    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
22:31:42.112    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88dac030]
22:31:42.112    3 CLASSPNP.SYS[8cb7c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86599028]
22:31:43.937    AVAST engine scan C:\Windows
22:31:47.709    AVAST engine scan C:\Windows\system32
22:34:32.355    AVAST engine scan C:\Windows\system32\drivers
22:34:45.320    AVAST engine scan C:\Users\Tini
22:41:10.310    AVAST engine scan C:\ProgramData
22:42:15.500    Scan finished successfully
22:43:44.749    Disk 0 MBR has been saved successfully to "C:\Users\Tini\Desktop\MBR.dat"
22:43:44.765    The log file has been saved successfully to "C:\Users\Tini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 20:13:58
-----------------------------
20:13:58.280    OS Version: Windows 6.1.7600 
20:13:58.280    Number of processors: 2 586 0x170A
20:13:58.280    ComputerName: TINI-PC  UserName: Tini
20:13:59.715    Initialize success
20:14:10.073    AVAST engine defs: 12112800
20:14:14.925    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:14:14.941    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
20:14:14.956    Disk 0 MBR read successfully
20:14:14.956    Disk 0 MBR scan
20:14:14.972    Disk 0 unknown MBR code
20:14:14.987    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           99 MB offset 2048
20:14:14.987    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       922022 MB offset 204800
20:14:15.019    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 1888505856
20:14:15.050    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 1951420416
20:14:15.050    Disk 0 scanning sectors +1953523120
20:14:15.128    Disk 0 scanning C:\Windows\system32\drivers
20:14:24.722    Service scanning
20:14:35.236    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
20:14:35.860    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
20:14:35.907    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
20:14:35.938    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
20:14:35.985    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
20:14:36.032    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
20:14:47.670    Modules scanning
20:14:54.705    Disk 0 trace - called modules:
20:14:54.721    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
20:14:54.736    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88da7310]
20:14:54.736    3 CLASSPNP.SYS[8cb7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8659a028]
20:14:56.749    AVAST engine scan C:\Windows
20:15:00.228    AVAST engine scan C:\Windows\system32
20:18:08.147    AVAST engine scan C:\Windows\system32\drivers
20:18:31.064    AVAST engine scan C:\Users\Tini
20:22:32.819    AVAST engine scan C:\ProgramData
20:23:39.864    Scan finished successfully
20:25:31.265    Disk 0 MBR has been saved successfully to "C:\Users\Tini\Desktop\MBR.dat"
20:25:31.296    The log file has been saved successfully to "C:\Users\Tini\Desktop\aswMBR.txt"

und der TDSS log:

Code:

ATTFilter

20:27:33.0949 1844  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:27:34.0027 1844  ============================================================
20:27:34.0027 1844  Current date / time: 2012/11/28 20:27:34.0027
20:27:34.0027 1844  SystemInfo:
20:27:34.0027 1844  
20:27:34.0027 1844  OS Version: 6.1.7600 ServicePack: 0.0
20:27:34.0027 1844  Product type: Workstation
20:27:34.0027 1844  ComputerName: TINI-PC
20:27:34.0027 1844  UserName: Tini
20:27:34.0027 1844  Windows directory: C:\Windows
20:27:34.0027 1844  System windows directory: C:\Windows
20:27:34.0027 1844  Processor architecture: Intel x86
20:27:34.0027 1844  Number of processors: 2
20:27:34.0027 1844  Page size: 0x1000
20:27:34.0027 1844  Boot type: Normal boot
20:27:34.0027 1844  ============================================================
20:27:34.0510 1844  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:27:34.0510 1844  ============================================================
20:27:34.0510 1844  \Device\Harddisk0\DR0:
20:27:34.0510 1844  MBR partitions:
20:27:34.0510 1844  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x31800
20:27:34.0510 1844  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32000, BlocksNum 0x708D3000
20:27:34.0510 1844  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x70905000, BlocksNum 0x3C00000
20:27:34.0510 1844  ============================================================
20:27:34.0604 1844  C: <-> \Device\Harddisk0\DR0\Partition2
20:27:34.0651 1844  D: <-> \Device\Harddisk0\DR0\Partition3
20:27:34.0651 1844  ============================================================
20:27:34.0651 1844  Initialize success
20:27:34.0651 1844  ============================================================
20:27:39.0580 1668  ============================================================
20:27:39.0580 1668  Scan started
20:27:39.0580 1668  Mode: Manual; SigCheck; TDLFS; 
20:27:39.0580 1668  ============================================================
20:27:40.0017 1668  ================ Scan system memory ========================
20:27:40.0017 1668  System memory - ok
20:27:40.0017 1668  ================ Scan services =============================
20:27:40.0173 1668  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:27:40.0313 1668  1394ohci - ok
20:27:40.0345 1668  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
20:27:40.0360 1668  ACPI - ok
20:27:40.0391 1668  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
20:27:40.0454 1668  AcpiPmi - ok
20:27:40.0563 1668  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:27:40.0610 1668  AdobeFlashPlayerUpdateSvc - ok
20:27:40.0657 1668  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:27:40.0672 1668  adp94xx - ok
20:27:40.0703 1668  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:27:40.0719 1668  adpahci - ok
20:27:40.0750 1668  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:27:40.0766 1668  adpu320 - ok
20:27:40.0813 1668  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:27:40.0859 1668  AeLookupSvc - ok
20:27:40.0891 1668  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
20:27:40.0969 1668  AFD - ok
20:27:41.0031 1668  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
20:27:41.0062 1668  agp440 - ok
20:27:41.0078 1668  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
20:27:41.0109 1668  aic78xx - ok
20:27:41.0140 1668  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
20:27:41.0171 1668  ALG - ok
20:27:41.0187 1668  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
20:27:41.0203 1668  aliide - ok
20:27:41.0218 1668  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
20:27:41.0234 1668  amdagp - ok
20:27:41.0249 1668  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
20:27:41.0265 1668  amdide - ok
20:27:41.0281 1668  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:27:41.0312 1668  AmdK8 - ok
20:27:41.0327 1668  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:27:41.0359 1668  AmdPPM - ok
20:27:41.0390 1668  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:27:41.0405 1668  amdsata - ok
20:27:41.0437 1668  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:27:41.0468 1668  amdsbs - ok
20:27:41.0483 1668  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:27:41.0499 1668  amdxata - ok
20:27:41.0515 1668  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
20:27:41.0608 1668  AppID - ok
20:27:41.0624 1668  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:27:41.0717 1668  AppIDSvc - ok
20:27:41.0733 1668  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
20:27:41.0780 1668  Appinfo - ok
20:27:41.0873 1668  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:27:41.0889 1668  Apple Mobile Device - ok
20:27:41.0920 1668  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:27:41.0936 1668  arc - ok
20:27:41.0951 1668  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:27:41.0967 1668  arcsas - ok
20:27:41.0983 1668  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:42.0076 1668  AsyncMac - ok
20:27:42.0092 1668  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
20:27:42.0107 1668  atapi - ok
20:27:42.0139 1668  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:27:42.0201 1668  AudioEndpointBuilder - ok
20:27:42.0201 1668  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:27:42.0248 1668  Audiosrv - ok
20:27:42.0326 1668  AVP - ok
20:27:42.0357 1668  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:27:42.0404 1668  AxInstSV - ok
20:27:42.0451 1668  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
20:27:42.0529 1668  b06bdrv - ok
20:27:42.0544 1668  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:27:42.0575 1668  b57nd60x - ok
20:27:42.0638 1668  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:27:42.0700 1668  BDESVC - ok
20:27:42.0731 1668  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:27:42.0778 1668  Beep - ok
20:27:42.0825 1668  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
20:27:42.0856 1668  BFE - ok
20:27:42.0903 1668  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\system32\qmgr.dll
20:27:42.0965 1668  BITS - ok
20:27:42.0981 1668  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:27:42.0997 1668  blbdrive - ok
20:27:43.0043 1668  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:27:43.0075 1668  Bonjour Service - ok
20:27:43.0090 1668  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:27:43.0121 1668  bowser - ok
20:27:43.0137 1668  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:27:43.0168 1668  BrFiltLo - ok
20:27:43.0184 1668  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:27:43.0215 1668  BrFiltUp - ok
20:27:43.0262 1668  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:27:43.0309 1668  BridgeMP - ok
20:27:43.0340 1668  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser         C:\Windows\System32\browser.dll
20:27:43.0387 1668  Browser - ok
20:27:43.0418 1668  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:27:43.0465 1668  Brserid - ok
20:27:43.0480 1668  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:27:43.0511 1668  BrSerWdm - ok
20:27:43.0527 1668  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:27:43.0543 1668  BrUsbMdm - ok
20:27:43.0558 1668  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:27:43.0589 1668  BrUsbSer - ok
20:27:43.0621 1668  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:27:43.0683 1668  BthEnum - ok
20:27:43.0699 1668  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:27:43.0730 1668  BTHMODEM - ok
20:27:43.0745 1668  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:27:43.0777 1668  BthPan - ok
20:27:43.0808 1668  [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:27:43.0823 1668  BTHPORT - ok
20:27:43.0855 1668  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
20:27:43.0901 1668  bthserv - ok
20:27:43.0933 1668  [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:27:43.0948 1668  BTHUSB - ok
20:27:43.0979 1668  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
20:27:43.0995 1668  btusbflt - ok
20:27:44.0026 1668  [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
20:27:44.0042 1668  btwaudio - ok
20:27:44.0042 1668  [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
20:27:44.0057 1668  btwavdt - ok
20:27:44.0135 1668  [ F7434401AE320BB97903A3C1865242FB ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:27:44.0182 1668  btwdins - ok
20:27:44.0182 1668  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
20:27:44.0198 1668  btwl2cap - ok
20:27:44.0213 1668  [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
20:27:44.0213 1668  btwrchid - ok
20:27:44.0276 1668  [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5        C:\Windows\system32\drivers\BVRPMPR5.SYS
20:27:44.0276 1668  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
20:27:44.0276 1668  BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
20:27:44.0354 1668  catchme - ok
20:27:44.0385 1668  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:27:44.0416 1668  cdfs - ok
20:27:44.0463 1668  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:27:44.0494 1668  cdrom - ok
20:27:44.0541 1668  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:27:44.0588 1668  CertPropSvc - ok
20:27:44.0603 1668  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:27:44.0619 1668  circlass - ok
20:27:44.0635 1668  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
20:27:44.0666 1668  CLFS - ok
20:27:44.0744 1668  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:44.0775 1668  clr_optimization_v2.0.50727_32 - ok
20:27:44.0806 1668  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:27:44.0822 1668  clr_optimization_v4.0.30319_32 - ok
20:27:44.0837 1668  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:27:44.0853 1668  CmBatt - ok
20:27:44.0884 1668  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
20:27:44.0900 1668  cmdide - ok
20:27:44.0931 1668  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
20:27:44.0947 1668  CNG - ok
20:27:44.0978 1668  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:27:44.0993 1668  Compbatt - ok
20:27:45.0009 1668  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:27:45.0025 1668  CompositeBus - ok
20:27:45.0040 1668  COMSysApp - ok
20:27:45.0056 1668  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:27:45.0071 1668  crcdisk - ok
20:27:45.0103 1668  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:27:45.0149 1668  CryptSvc - ok
20:27:45.0212 1668  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:27:45.0243 1668  cvhsvc - ok
20:27:45.0259 1668  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:27:45.0305 1668  DcomLaunch - ok
20:27:45.0321 1668  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:27:45.0352 1668  defragsvc - ok
20:27:45.0368 1668  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:27:45.0430 1668  DfsC - ok
20:27:45.0461 1668  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:27:45.0524 1668  Dhcp - ok
20:27:45.0539 1668  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
20:27:45.0571 1668  discache - ok
20:27:45.0602 1668  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:27:45.0617 1668  Disk - ok
20:27:45.0633 1668  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:27:45.0664 1668  Dnscache - ok
20:27:45.0695 1668  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:27:45.0758 1668  dot3svc - ok
20:27:45.0789 1668  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
20:27:45.0836 1668  DPS - ok
20:27:45.0851 1668  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:27:45.0898 1668  drmkaud - ok
20:27:45.0929 1668  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:27:45.0961 1668  DXGKrnl - ok
20:27:45.0976 1668  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
20:27:46.0023 1668  EapHost - ok
20:27:46.0085 1668  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
20:27:46.0195 1668  ebdrv - ok
20:27:46.0210 1668  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\Windows\System32\lsass.exe
20:27:46.0273 1668  EFS - ok
20:27:46.0304 1668  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:27:46.0351 1668  ehRecvr - ok
20:27:46.0366 1668  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
20:27:46.0413 1668  ehSched - ok
20:27:46.0444 1668  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:27:46.0475 1668  elxstor - ok
20:27:46.0491 1668  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
20:27:46.0507 1668  ErrDev - ok
20:27:46.0553 1668  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
20:27:46.0600 1668  EventSystem - ok
20:27:46.0616 1668  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
20:27:46.0647 1668  exfat - ok
20:27:46.0678 1668  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:27:46.0725 1668  fastfat - ok
20:27:46.0756 1668  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
20:27:46.0819 1668  Fax - ok
20:27:46.0834 1668  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:27:46.0850 1668  fdc - ok
20:27:46.0881 1668  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
20:27:46.0912 1668  fdPHost - ok
20:27:46.0912 1668  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
20:27:46.0959 1668  FDResPub - ok
20:27:46.0975 1668  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:27:47.0006 1668  FileInfo - ok
20:27:47.0021 1668  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:27:47.0053 1668  Filetrace - ok
20:27:47.0053 1668  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:27:47.0099 1668  flpydisk - ok
20:27:47.0131 1668  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:27:47.0146 1668  FltMgr - ok
20:27:47.0193 1668  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
20:27:47.0224 1668  FontCache - ok
20:27:47.0271 1668  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:27:47.0287 1668  FontCache3.0.0.0 - ok
20:27:47.0302 1668  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:27:47.0318 1668  FsDepends - ok
20:27:47.0349 1668  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:27:47.0365 1668  Fs_Rec - ok
20:27:47.0380 1668  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:27:47.0411 1668  fvevol - ok
20:27:47.0427 1668  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:27:47.0443 1668  gagp30kx - ok
20:27:47.0489 1668  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:27:47.0505 1668  GEARAspiWDM - ok
20:27:47.0552 1668  Giraffic - ok
20:27:47.0567 1668  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
20:27:47.0599 1668  gpsvc - ok
20:27:47.0614 1668  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:27:47.0661 1668  hcw85cir - ok
20:27:47.0677 1668  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:27:47.0708 1668  HdAudAddService - ok
20:27:47.0723 1668  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:27:47.0755 1668  HDAudBus - ok
20:27:47.0770 1668  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:27:47.0786 1668  HidBatt - ok
20:27:47.0801 1668  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:27:47.0848 1668  HidBth - ok
20:27:47.0864 1668  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:27:47.0895 1668  HidIr - ok
20:27:47.0926 1668  [ 1FAB2540C1BD6DA847CCD292F4EEE48A ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
20:27:47.0942 1668  hidkmdf - ok
20:27:47.0957 1668  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
20:27:47.0989 1668  hidserv - ok
20:27:48.0004 1668  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:27:48.0051 1668  HidUsb - ok
20:27:48.0082 1668  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:27:48.0129 1668  hkmsvc - ok
20:27:48.0160 1668  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:27:48.0207 1668  HomeGroupListener - ok
20:27:48.0223 1668  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:27:48.0269 1668  HomeGroupProvider - ok
20:27:48.0316 1668  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
20:27:48.0347 1668  HpSAMD - ok
20:27:48.0379 1668  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:27:48.0441 1668  HTTP - ok
20:27:48.0472 1668  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:27:48.0488 1668  hwpolicy - ok
20:27:48.0503 1668  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:27:48.0550 1668  i8042prt - ok
20:27:48.0566 1668  [ 5A6C5876FB84418D08D67B8CAED5EFCF ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:27:48.0581 1668  iaStor - ok
20:27:48.0628 1668  [ DE9560E9703BFE1BD08014A406BE0033 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:27:48.0644 1668  IAStorDataMgrSvc - ok
20:27:48.0675 1668  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:27:48.0706 1668  iaStorV - ok
20:27:48.0784 1668  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:27:48.0831 1668  idsvc - ok
20:27:48.0878 1668  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:27:48.0893 1668  iirsp - ok
20:27:48.0925 1668  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:27:48.0971 1668  IKEEXT - ok
20:27:49.0065 1668  [ BA9A1F572D1A91559E6E76504CFD381C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:27:49.0190 1668  IntcAzAudAddService - ok
20:27:49.0205 1668  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
20:27:49.0221 1668  intelide - ok
20:27:49.0252 1668  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:27:49.0283 1668  intelppm - ok
20:27:49.0299 1668  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:27:49.0346 1668  IPBusEnum - ok
20:27:49.0361 1668  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:49.0408 1668  IpFilterDriver - ok
20:27:49.0439 1668  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:27:49.0486 1668  iphlpsvc - ok
20:27:49.0502 1668  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:27:49.0533 1668  IPMIDRV - ok
20:27:49.0549 1668  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:27:49.0595 1668  IPNAT - ok
20:27:49.0642 1668  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:27:49.0658 1668  iPod Service - ok
20:27:49.0689 1668  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:27:49.0720 1668  IRENUM - ok
20:27:49.0736 1668  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
20:27:49.0751 1668  isapnp - ok
20:27:49.0783 1668  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:27:49.0814 1668  iScsiPrt - ok
20:27:49.0814 1668  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:27:49.0829 1668  kbdclass - ok
20:27:49.0845 1668  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:27:49.0861 1668  kbdhid - ok
20:27:49.0876 1668  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
20:27:49.0892 1668  KeyIso - ok
20:27:49.0923 1668  [ EA26CB00F83686856F2C79673C00C686 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
20:27:49.0939 1668  KL1 - ok
20:27:50.0001 1668  [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
20:27:50.0032 1668  KLIF - ok
20:27:50.0048 1668  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
20:27:50.0063 1668  KLIM6 - ok
20:27:50.0095 1668  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
20:27:50.0110 1668  klkbdflt - ok
20:27:50.0126 1668  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
20:27:50.0141 1668  klmouflt - ok
20:27:50.0173 1668  [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
20:27:50.0188 1668  kltdi - ok
20:27:50.0204 1668  [ 71A38C123600172511C26BFABD0EF579 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
20:27:50.0219 1668  kneps - ok
20:27:50.0251 1668  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:27:50.0266 1668  KSecDD - ok
20:27:50.0297 1668  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:27:50.0313 1668  KSecPkg - ok
20:27:50.0344 1668  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:27:50.0391 1668  KtmRm - ok
20:27:50.0407 1668  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:27:50.0438 1668  LanmanServer - ok
20:27:50.0453 1668  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:27:50.0500 1668  LanmanWorkstation - ok
20:27:50.0547 1668  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:27:50.0594 1668  lltdio - ok
20:27:50.0609 1668  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:27:50.0656 1668  lltdsvc - ok
20:27:50.0687 1668  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:27:50.0719 1668  lmhosts - ok
20:27:50.0750 1668  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:27:50.0765 1668  LSI_FC - ok
20:27:50.0781 1668  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:27:50.0797 1668  LSI_SAS - ok
20:27:50.0812 1668  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:27:50.0828 1668  LSI_SAS2 - ok
20:27:50.0843 1668  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:27:50.0859 1668  LSI_SCSI - ok
20:27:50.0875 1668  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
20:27:50.0906 1668  luafv - ok
20:27:50.0937 1668  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:27:50.0953 1668  Mcx2Svc - ok
20:27:50.0968 1668  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:27:50.0984 1668  megasas - ok
20:27:51.0015 1668  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:27:51.0031 1668  MegaSR - ok
20:27:51.0062 1668  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
20:27:51.0093 1668  MMCSS - ok
20:27:51.0109 1668  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
20:27:51.0156 1668  Modem - ok
20:27:51.0171 1668  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:27:51.0187 1668  monitor - ok
20:27:51.0187 1668  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:27:51.0218 1668  mouclass - ok
20:27:51.0218 1668  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:27:51.0249 1668  mouhid - ok
20:27:51.0265 1668  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:27:51.0280 1668  mountmgr - ok
20:27:51.0327 1668  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:27:51.0343 1668  MozillaMaintenance - ok
20:27:51.0358 1668  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
20:27:51.0374 1668  mpio - ok
20:27:51.0390 1668  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:27:51.0421 1668  mpsdrv - ok
20:27:51.0452 1668  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:27:51.0499 1668  MpsSvc - ok
20:27:51.0530 1668  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:27:51.0561 1668  MRxDAV - ok
20:27:51.0608 1668  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:27:51.0655 1668  mrxsmb - ok
20:27:51.0670 1668  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:27:51.0686 1668  mrxsmb10 - ok
20:27:51.0702 1668  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:27:51.0717 1668  mrxsmb20 - ok
20:27:51.0733 1668  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
20:27:51.0748 1668  msahci - ok
20:27:51.0780 1668  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
20:27:51.0795 1668  msdsm - ok
20:27:51.0811 1668  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
20:27:51.0842 1668  MSDTC - ok
20:27:51.0873 1668  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:27:51.0904 1668  Msfs - ok
20:27:51.0920 1668  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:27:51.0967 1668  mshidkmdf - ok
20:27:51.0967 1668  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
20:27:51.0982 1668  msisadrv - ok
20:27:52.0014 1668  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:27:52.0060 1668  MSiSCSI - ok
20:27:52.0060 1668  msiserver - ok
20:27:52.0092 1668  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:27:52.0138 1668  MSKSSRV - ok
20:27:52.0154 1668  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:27:52.0201 1668  MSPCLOCK - ok
20:27:52.0216 1668  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:27:52.0263 1668  MSPQM - ok
20:27:52.0279 1668  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:27:52.0294 1668  MsRPC - ok
20:27:52.0326 1668  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:27:52.0341 1668  mssmbios - ok
20:27:52.0357 1668  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:27:52.0388 1668  MSTEE - ok
20:27:52.0404 1668  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:27:52.0419 1668  MTConfig - ok
20:27:52.0435 1668  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:27:52.0450 1668  Mup - ok
20:27:52.0528 1668  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
20:27:52.0591 1668  napagent - ok
20:27:52.0653 1668  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:27:52.0731 1668  NativeWifiP - ok
20:27:52.0965 1668  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:27:52.0996 1668  NDIS - ok
20:27:53.0059 1668  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:27:53.0090 1668  NdisCap - ok
20:27:53.0184 1668  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:27:53.0262 1668  NdisTapi - ok
20:27:53.0324 1668  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:27:53.0402 1668  Ndisuio - ok
20:27:53.0433 1668  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:27:53.0496 1668  NdisWan - ok
20:27:53.0558 1668  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:27:53.0605 1668  NDProxy - ok
20:27:53.0636 1668  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:27:53.0683 1668  NetBIOS - ok
20:27:53.0730 1668  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:27:53.0761 1668  NetBT - ok
20:27:53.0792 1668  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
20:27:53.0808 1668  Netlogon - ok
20:27:53.0964 1668  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
20:27:54.0010 1668  Netman - ok
20:27:54.0120 1668  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
20:27:54.0182 1668  netprofm - ok
20:27:54.0229 1668  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:27:54.0260 1668  NetTcpPortSharing - ok
20:27:54.0307 1668  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:27:54.0322 1668  nfrd960 - ok
20:27:54.0338 1668  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:27:54.0385 1668  NlaSvc - ok
20:27:54.0416 1668  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:27:54.0447 1668  Npfs - ok
20:27:54.0494 1668  npggsvc - ok
20:27:54.0494 1668  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
20:27:54.0525 1668  nsi - ok
20:27:54.0541 1668  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:27:54.0588 1668  nsiproxy - ok
20:27:54.0634 1668  [ 5126C5402C730C2A953275D8497A4715 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:27:54.0681 1668  Ntfs - ok
20:27:54.0697 1668  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
20:27:54.0728 1668  Null - ok
20:27:54.0759 1668  [ EFF6795CDACB959D1AB89EB9B9C29B57 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
20:27:54.0775 1668  NVHDA - ok
20:27:55.0009 1668  [ 50C1B2DD2A5B3ED82C6E4683C4AD58B8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:27:55.0274 1668  nvlddmkm - ok
20:27:55.0368 1668  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:27:55.0399 1668  nvraid - ok
20:27:55.0414 1668  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:27:55.0446 1668  nvstor - ok
20:27:55.0461 1668  [ D9051D79D19C63B67CA12BD1C3B6FFB3 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:27:55.0492 1668  nvsvc - ok
20:27:55.0492 1668  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
20:27:55.0524 1668  nv_agp - ok
20:27:55.0539 1668  [ F1A718C6C6CD3EDF157FA3D459ADFEF7 ] NW1950          C:\Windows\system32\DRIVERS\NW1950.sys
20:27:55.0555 1668  NW1950 - ok
20:27:55.0789 1668  [ 953E08D5CA0B02697A8145AAA0CA28BE ] NxpCap          C:\Windows\system32\DRIVERS\NxpCap.sys
20:27:55.0882 1668  NxpCap - ok
20:27:55.0898 1668  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:27:55.0945 1668  ohci1394 - ok
20:27:55.0976 1668  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:27:55.0992 1668  ose - ok
20:27:56.0116 1668  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:27:56.0272 1668  osppsvc - ok
20:27:56.0304 1668  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:27:56.0350 1668  p2pimsvc - ok
20:27:56.0382 1668  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:27:56.0397 1668  p2psvc - ok
20:27:56.0428 1668  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:27:56.0460 1668  Parport - ok
20:27:56.0491 1668  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:27:56.0506 1668  partmgr - ok
20:27:56.0538 1668  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:27:56.0569 1668  Parvdm - ok
20:27:56.0584 1668  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:27:56.0631 1668  PcaSvc - ok
20:27:56.0647 1668  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
20:27:56.0678 1668  pci - ok
20:27:56.0678 1668  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
20:27:56.0694 1668  pciide - ok
20:27:56.0709 1668  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:27:56.0725 1668  pcmcia - ok
20:27:56.0740 1668  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
20:27:56.0756 1668  pcw - ok
20:27:56.0787 1668  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:27:56.0850 1668  PEAUTH - ok
20:27:56.0928 1668  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
20:27:57.0006 1668  pla - ok
20:27:57.0052 1668  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:27:57.0084 1668  PlugPlay - ok
20:27:57.0099 1668  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:27:57.0130 1668  PNRPAutoReg - ok
20:27:57.0146 1668  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:27:57.0162 1668  PNRPsvc - ok
20:27:57.0208 1668  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:27:57.0255 1668  PolicyAgent - ok
20:27:57.0302 1668  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
20:27:57.0333 1668  Power - ok
20:27:57.0380 1668  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:27:57.0411 1668  PptpMiniport - ok
20:27:57.0458 1668  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:27:57.0505 1668  Processor - ok
20:27:57.0583 1668  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\Windows\system32\profsvc.dll
20:27:57.0630 1668  ProfSvc - ok
20:27:57.0645 1668  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:27:57.0661 1668  ProtectedStorage - ok
20:27:57.0739 1668  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:27:57.0801 1668  Psched - ok
20:27:58.0004 1668  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:27:58.0035 1668  PSI_SVC_2 - ok
20:27:58.0300 1668  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:27:58.0347 1668  ql2300 - ok
20:27:58.0394 1668  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:27:58.0425 1668  ql40xx - ok
20:27:58.0472 1668  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
20:27:58.0519 1668  QWAVE - ok
20:27:58.0550 1668  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:27:58.0581 1668  QWAVEdrv - ok
20:27:58.0597 1668  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:27:58.0644 1668  RasAcd - ok
20:27:58.0690 1668  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:27:58.0737 1668  RasAgileVpn - ok
20:27:58.0800 1668  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
20:27:58.0846 1668  RasAuto - ok
20:27:58.0878 1668  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:27:58.0924 1668  Rasl2tp - ok
20:27:59.0034 1668  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
20:27:59.0127 1668  RasMan - ok
20:27:59.0143 1668  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:27:59.0174 1668  RasPppoe - ok
20:27:59.0205 1668  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:27:59.0252 1668  RasSstp - ok
20:27:59.0283 1668  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:27:59.0330 1668  rdbss - ok
20:27:59.0361 1668  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:27:59.0392 1668  rdpbus - ok
20:27:59.0408 1668  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:27:59.0470 1668  RDPCDD - ok
20:27:59.0502 1668  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:27:59.0533 1668  RDPENCDD - ok
20:27:59.0564 1668  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:27:59.0595 1668  RDPREFMP - ok
20:27:59.0658 1668  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:27:59.0720 1668  RDPWD - ok
20:27:59.0798 1668  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:27:59.0845 1668  rdyboost - ok
20:27:59.0892 1668  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:27:59.0938 1668  RemoteAccess - ok
20:27:59.0970 1668  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:28:00.0016 1668  RemoteRegistry - ok
20:28:00.0032 1668  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:28:00.0079 1668  RFCOMM - ok
20:28:00.0282 1668  [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
20:28:00.0313 1668  RichVideo - ok
20:28:00.0328 1668  RimUsb - ok
20:28:00.0453 1668  [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
20:28:00.0578 1668  RimVSerPort - ok
20:28:00.0703 1668  [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
20:28:00.0781 1668  ROOTMODEM - ok
20:28:00.0874 1668  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:28:00.0968 1668  RpcEptMapper - ok
20:28:01.0030 1668  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
20:28:01.0124 1668  RpcLocator - ok
20:28:01.0218 1668  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
20:28:01.0264 1668  RpcSs - ok
20:28:01.0389 1668  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:28:01.0452 1668  rspndr - ok
20:28:01.0639 1668  [ B87F999E05DD9C0312C83A8752E8E66B ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:28:01.0670 1668  RSUSBSTOR - ok
20:28:01.0826 1668  [ 06BD46BE6141556125F89DF738333720 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:28:01.0857 1668  RTL8167 - ok
20:28:02.0029 1668  [ CFD6C307BF5DB3B339BE9F92B95433B9 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
20:28:02.0076 1668  rtl8192se - ok
20:28:02.0138 1668  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\Windows\system32\lsass.exe
20:28:02.0154 1668  SamSs - ok
20:28:02.0185 1668  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
20:28:02.0200 1668  sbp2port - ok
20:28:02.0232 1668  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:28:02.0310 1668  SCardSvr - ok
20:28:02.0325 1668  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:28:02.0403 1668  scfilter - ok
20:28:02.0450 1668  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
20:28:02.0559 1668  Schedule - ok
20:28:02.0606 1668  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:28:02.0637 1668  SCPolicySvc - ok
20:28:02.0684 1668  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:28:02.0715 1668  SDRSVC - ok
20:28:02.0731 1668  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:28:02.0778 1668  secdrv - ok
20:28:02.0793 1668  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
20:28:02.0840 1668  seclogon - ok
20:28:02.0871 1668  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
20:28:02.0918 1668  SENS - ok
20:28:02.0934 1668  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:28:02.0965 1668  SensrSvc - ok
20:28:02.0996 1668  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:28:03.0043 1668  Serenum - ok
20:28:03.0058 1668  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:28:03.0090 1668  Serial - ok
20:28:03.0121 1668  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:28:03.0168 1668  sermouse - ok
20:28:03.0199 1668  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
20:28:03.0230 1668  SessionEnv - ok
20:28:03.0246 1668  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
20:28:03.0292 1668  sffdisk - ok
20:28:03.0308 1668  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:28:03.0324 1668  sffp_mmc - ok
20:28:03.0339 1668  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
20:28:03.0355 1668  sffp_sd - ok
20:28:03.0370 1668  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:28:03.0417 1668  sfloppy - ok
20:28:03.0464 1668  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:28:03.0480 1668  Sftfs - ok
20:28:03.0604 1668  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
20:28:03.0620 1668  sftlist - ok
20:28:03.0792 1668  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:28:03.0823 1668  Sftplay - ok
20:28:03.0854 1668  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:28:03.0870 1668  Sftredir - ok
20:28:03.0901 1668  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:28:03.0948 1668  Sftvol - ok
20:28:04.0057 1668  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
20:28:04.0072 1668  sftvsa - ok
20:28:04.0104 1668  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:28:04.0150 1668  SharedAccess - ok
20:28:04.0166 1668  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:28:04.0213 1668  ShellHWDetection - ok
20:28:04.0228 1668  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
20:28:04.0244 1668  sisagp - ok
20:28:04.0275 1668  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:28:04.0291 1668  SiSRaid2 - ok
20:28:04.0322 1668  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:28:04.0338 1668  SiSRaid4 - ok
20:28:04.0384 1668  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:28:04.0431 1668  Smb - ok
20:28:04.0525 1668  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:28:04.0587 1668  SNMPTRAP - ok
20:28:04.0603 1668  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:28:04.0618 1668  spldr - ok
20:28:04.0743 1668  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler         C:\Windows\System32\spoolsv.exe
20:28:04.0790 1668  Spooler - ok
20:28:05.0336 1668  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
20:28:05.0414 1668  sppsvc - ok
20:28:05.0430 1668  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:28:05.0539 1668  sppuinotify - ok
20:28:05.0664 1668  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:28:05.0788 1668  srv - ok
20:28:05.0898 1668  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:28:05.0944 1668  srv2 - ok
20:28:06.0007 1668  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:28:06.0054 1668  srvnet - ok
20:28:06.0116 1668  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:28:06.0178 1668  SSDPSRV - ok
20:28:06.0225 1668  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:28:06.0350 1668  SstpSvc - ok
20:28:06.0428 1668  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:28:06.0444 1668  stexstor - ok
20:28:06.0537 1668  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:28:06.0584 1668  StillCam - ok
20:28:06.0709 1668  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:28:06.0771 1668  StiSvc - ok
20:28:06.0787 1668  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:28:06.0802 1668  swenum - ok
20:28:06.0896 1668  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
20:28:06.0958 1668  swprv - ok
20:28:07.0177 1668  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
20:28:07.0224 1668  SysMain - ok
20:28:07.0239 1668  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:28:07.0286 1668  TabletInputService - ok
20:28:07.0348 1668  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:28:07.0411 1668  TapiSrv - ok
20:28:07.0458 1668  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
20:28:07.0504 1668  TBS - ok
20:28:07.0863 1668  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:28:07.0926 1668  Tcpip - ok
20:28:07.0957 1668  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:28:08.0004 1668  TCPIP6 - ok
20:28:08.0019 1668  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:28:08.0066 1668  tcpipreg - ok
20:28:08.0097 1668  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:28:08.0160 1668  TDPIPE - ok
20:28:08.0238 1668  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:28:08.0269 1668  TDTCP - ok
20:28:08.0300 1668  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:28:08.0347 1668  tdx - ok
20:28:08.0378 1668  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:28:08.0394 1668  TermDD - ok
20:28:08.0518 1668  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
20:28:08.0659 1668  TermService - ok
20:28:08.0690 1668  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
20:28:08.0737 1668  Themes - ok
20:28:08.0768 1668  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:28:08.0799 1668  THREADORDER - ok
20:28:08.0908 1668  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
20:28:09.0002 1668  TrkWks - ok
20:28:09.0189 1668  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:28:09.0283 1668  TrustedInstaller - ok
20:28:09.0314 1668  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:28:09.0345 1668  tssecsrv - ok
20:28:09.0439 1668  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:28:09.0517 1668  tunnel - ok
20:28:09.0532 1668  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:28:09.0548 1668  uagp35 - ok
20:28:09.0595 1668  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:28:09.0642 1668  udfs - ok
20:28:09.0720 1668  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:28:09.0751 1668  UI0Detect - ok
20:28:09.0766 1668  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
20:28:09.0782 1668  uliagpkx - ok
20:28:09.0813 1668  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:28:09.0829 1668  umbus - ok
20:28:09.0844 1668  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:28:09.0891 1668  UmPass - ok
20:28:09.0954 1668  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
20:28:10.0000 1668  upnphost - ok
20:28:10.0188 1668  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
20:28:10.0219 1668  USBAAPL - ok
20:28:10.0281 1668  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:28:10.0328 1668  usbccgp - ok
20:28:10.0359 1668  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
20:28:10.0390 1668  usbcir - ok
20:28:10.0437 1668  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:28:10.0468 1668  usbehci - ok
20:28:10.0515 1668  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:28:10.0562 1668  usbhub - ok
20:28:10.0578 1668  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:28:10.0609 1668  usbohci - ok
20:28:10.0656 1668  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:28:10.0687 1668  usbprint - ok
20:28:10.0765 1668  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:28:10.0796 1668  usbscan - ok
20:28:10.0843 1668  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:28:10.0905 1668  USBSTOR - ok
20:28:10.0921 1668  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:28:10.0952 1668  usbuhci - ok
20:28:10.0999 1668  [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:28:11.0030 1668  usbvideo - ok
20:28:11.0046 1668  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
20:28:11.0092 1668  UxSms - ok
20:28:11.0124 1668  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
20:28:11.0155 1668  VaultSvc - ok
20:28:11.0170 1668  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
20:28:11.0186 1668  vdrvroot - ok
20:28:11.0217 1668  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
20:28:11.0311 1668  vds - ok
20:28:11.0358 1668  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:28:11.0404 1668  vga - ok
20:28:11.0420 1668  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:28:11.0467 1668  VgaSave - ok
20:28:11.0514 1668  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
20:28:11.0545 1668  vhdmp - ok
20:28:11.0576 1668  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
20:28:11.0592 1668  viaagp - ok
20:28:11.0607 1668  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:28:11.0623 1668  ViaC7 - ok
20:28:11.0638 1668  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
20:28:11.0654 1668  viaide - ok
20:28:11.0670 1668  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
20:28:11.0685 1668  volmgr - ok
20:28:11.0716 1668  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:28:11.0748 1668  volmgrx - ok
20:28:11.0779 1668  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
20:28:11.0794 1668  volsnap - ok
20:28:11.0826 1668  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:28:11.0841 1668  vsmraid - ok
20:28:11.0872 1668  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
20:28:11.0919 1668  VSS - ok
20:28:11.0966 1668  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:28:12.0060 1668  vwifibus - ok
20:28:12.0106 1668  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:28:12.0153 1668  vwififlt - ok
20:28:12.0200 1668  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
20:28:12.0262 1668  W32Time - ok
20:28:12.0309 1668  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:28:12.0325 1668  WacomPen - ok
20:28:12.0340 1668  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:28:12.0387 1668  WANARP - ok
20:28:12.0387 1668  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:28:12.0418 1668  Wanarpv6 - ok
20:28:12.0528 1668  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:28:12.0590 1668  WatAdminSvc - ok
20:28:12.0652 1668  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
20:28:12.0777 1668  wbengine - ok
20:28:12.0793 1668  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:28:12.0808 1668  WbioSrvc - ok
20:28:12.0840 1668  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:28:12.0933 1668  wcncsvc - ok
20:28:12.0964 1668  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:28:13.0011 1668  WcsPlugInService - ok
20:28:13.0027 1668  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:28:13.0042 1668  Wd - ok
20:28:13.0074 1668  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:28:13.0105 1668  Wdf01000 - ok
20:28:13.0120 1668  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:28:13.0152 1668  WdiServiceHost - ok
20:28:13.0167 1668  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:28:13.0183 1668  WdiSystemHost - ok
20:28:13.0230 1668  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
20:28:13.0276 1668  WebClient - ok
20:28:13.0292 1668  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:28:13.0323 1668  Wecsvc - ok
20:28:13.0354 1668  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:28:13.0401 1668  wercplsupport - ok
20:28:13.0432 1668  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:28:13.0464 1668  WerSvc - ok
20:28:13.0495 1668  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:28:13.0526 1668  WfpLwf - ok
20:28:13.0557 1668  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:28:13.0573 1668  WIMMount - ok
20:28:13.0604 1668  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:28:13.0635 1668  WinDefend - ok
20:28:13.0635 1668  WinHttpAutoProxySvc - ok
20:28:13.0838 1668  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:28:13.0885 1668  Winmgmt - ok
20:28:13.0932 1668  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:28:13.0994 1668  WinRM - ok
20:28:14.0056 1668  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:28:14.0072 1668  WinUsb - ok
20:28:14.0103 1668  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:28:14.0166 1668  Wlansvc - ok
20:28:14.0259 1668  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:28:14.0322 1668  wlidsvc - ok
20:28:14.0337 1668  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:28:14.0368 1668  WmiAcpi - ok
20:28:14.0400 1668  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:28:14.0431 1668  wmiApSrv - ok
20:28:14.0462 1668  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:28:14.0524 1668  WMPNetworkSvc - ok
20:28:14.0556 1668  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:28:14.0602 1668  WPCSvc - ok
20:28:14.0618 1668  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:28:14.0649 1668  WPDBusEnum - ok
20:28:14.0665 1668  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:28:14.0712 1668  ws2ifsl - ok
20:28:14.0758 1668  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\system32\wscsvc.dll
20:28:14.0821 1668  wscsvc - ok
20:28:14.0821 1668  WSearch - ok
20:28:14.0883 1668  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:28:14.0946 1668  wuauserv - ok
20:28:14.0992 1668  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:28:15.0024 1668  WudfPf - ok
20:28:15.0055 1668  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:28:15.0070 1668  WUDFRd - ok
20:28:15.0117 1668  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:28:15.0148 1668  wudfsvc - ok
20:28:15.0164 1668  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:28:15.0211 1668  WwanSvc - ok
20:28:15.0258 1668  [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid          C:\Windows\System32\Drivers\x10hid.sys
20:28:15.0258 1668  X10Hid - ok
20:28:15.0320 1668  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
20:28:15.0336 1668  x10nets ( UnsignedFile.Multi.Generic ) - warning
20:28:15.0336 1668  x10nets - detected UnsignedFile.Multi.Generic (1)
20:28:15.0367 1668  [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF            C:\Windows\System32\Drivers\x10ufx2.sys
20:28:15.0382 1668  XUIF - ok
20:28:15.0445 1668  [ 74EC37B9EAF9FCA015B933A526825C7A ] {60DB6561-0A84-4c94-AF33-288405CFD56D} C:\Program Files\CyberLink\PowerCinema Movie\000.fcl
20:28:15.0476 1668  {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok
20:28:15.0476 1668  ================ Scan global ===============================
20:28:15.0523 1668  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
20:28:15.0554 1668  [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
20:28:15.0570 1668  [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
20:28:15.0601 1668  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:28:15.0632 1668  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:28:15.0632 1668  [Global] - ok
20:28:15.0632 1668  ================ Scan MBR ==================================
20:28:15.0648 1668  [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
20:28:18.0378 1668  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:28:18.0378 1668  \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:28:18.0378 1668  ================ Scan VBR ==================================
20:28:18.0378 1668  [ F758BEADF2690C37F4DF05E0F5DF705F ] \Device\Harddisk0\DR0\Partition1
20:28:18.0409 1668  \Device\Harddisk0\DR0\Partition1 - ok
20:28:18.0440 1668  [ 99D413A8D4AFC5955094E5A36C9C1B89 ] \Device\Harddisk0\DR0\Partition2
20:28:18.0471 1668  \Device\Harddisk0\DR0\Partition2 - ok
20:28:18.0502 1668  [ BFF9B73ACA102FB0972D90EEFCEC23CF ] \Device\Harddisk0\DR0\Partition3
20:28:18.0502 1668  \Device\Harddisk0\DR0\Partition3 - ok
20:28:18.0502 1668  ============================================================
20:28:18.0502 1668  Scan finished
20:28:18.0502 1668  ============================================================
20:28:18.0518 3256  Detected object count: 3
20:28:18.0518 3256  Actual detected object count: 3
20:28:31.0669 3256  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:31.0669 3256  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:28:31.0669 3256  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:31.0669 3256  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:28:31.0669 3256  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:28:31.0669 3256  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus · 29.11.2012, 10:51

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

tiniii · 29.11.2012, 20:43

Ich habe FIXMBR gemacht und danach neugestartet und habe mit aswMBR einen neuen scan gemacht, aber mitten im scan startet mir der pc auf einmal neu?
habe den vorgang dann wiederholt, und er hat wieder mittendrin neugestartet7

woran kann das liegen? oder habe ich etwas wohl falsch gemacht?

cosinus · 29.11.2012, 22:16

Wie lange scannt aswMBR denn wenn es abstürzt? Nur einen Wimpernschlag oder schon eitwas länger?
Unten aswMBR mal so eingestellt dass bei "AV Scan" none ausgewählt ist?

tiniii · 29.11.2012, 22:31

tut mir leid, ich habe vergessen beim 2ten durchlauf 'none' auszuwählen und es so zu versuchen - sorry :/
(gescannt hat es übrigens nur etwa 1min bis zum absturz)
hat eben geklappt!

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 22:30:42
-----------------------------
22:30:42.661    OS Version: Windows 6.1.7600 
22:30:42.661    Number of processors: 2 586 0x170A
22:30:42.671    ComputerName: TINI-PC  UserName: Tini
22:30:43.961    Initialize success
22:30:50.566    AVAST engine defs: 12112701
22:31:05.386    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:31:05.386    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
22:31:05.402    Disk 0 MBR read successfully
22:31:05.402    Disk 0 MBR scan
22:31:05.417    Disk 0 unknown MBR code
22:31:05.417    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           99 MB offset 2048
22:31:05.433    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       922022 MB offset 204800
22:31:05.464    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 1888505856
22:31:05.480    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 1951420416
22:31:05.480    Disk 0 scanning sectors +1953523120
22:31:05.604    Disk 0 scanning C:\Windows\system32\drivers
22:31:14.818    Service scanning
22:31:21.797    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:31:22.405    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:31:22.436    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
22:31:22.483    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:31:22.530    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
22:31:22.577    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
22:31:34.840    Modules scanning
22:31:42.072    Disk 0 trace - called modules:
22:31:42.102    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
22:31:42.112    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88dac030]
22:31:42.112    3 CLASSPNP.SYS[8cb7c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86599028]
22:31:43.937    AVAST engine scan C:\Windows
22:31:47.709    AVAST engine scan C:\Windows\system32
22:34:32.355    AVAST engine scan C:\Windows\system32\drivers
22:34:45.320    AVAST engine scan C:\Users\Tini
22:41:10.310    AVAST engine scan C:\ProgramData
22:42:15.500    Scan finished successfully
22:43:44.749    Disk 0 MBR has been saved successfully to "C:\Users\Tini\Desktop\MBR.dat"
22:43:44.765    The log file has been saved successfully to "C:\Users\Tini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 20:13:58
-----------------------------
20:13:58.280    OS Version: Windows 6.1.7600 
20:13:58.280    Number of processors: 2 586 0x170A
20:13:58.280    ComputerName: TINI-PC  UserName: Tini
20:13:59.715    Initialize success
20:14:10.073    AVAST engine defs: 12112800
20:14:14.925    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:14:14.941    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
20:14:14.956    Disk 0 MBR read successfully
20:14:14.956    Disk 0 MBR scan
20:14:14.972    Disk 0 unknown MBR code
20:14:14.987    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           99 MB offset 2048
20:14:14.987    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       922022 MB offset 204800
20:14:15.019    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 1888505856
20:14:15.050    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 1951420416
20:14:15.050    Disk 0 scanning sectors +1953523120
20:14:15.128    Disk 0 scanning C:\Windows\system32\drivers
20:14:24.722    Service scanning
20:14:35.236    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
20:14:35.860    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
20:14:35.907    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
20:14:35.938    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
20:14:35.985    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
20:14:36.032    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
20:14:47.670    Modules scanning
20:14:54.705    Disk 0 trace - called modules:
20:14:54.721    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
20:14:54.736    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88da7310]
20:14:54.736    3 CLASSPNP.SYS[8cb7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8659a028]
20:14:56.749    AVAST engine scan C:\Windows
20:15:00.228    AVAST engine scan C:\Windows\system32
20:18:08.147    AVAST engine scan C:\Windows\system32\drivers
20:18:31.064    AVAST engine scan C:\Users\Tini
20:22:32.819    AVAST engine scan C:\ProgramData
20:23:39.864    Scan finished successfully
20:25:31.265    Disk 0 MBR has been saved successfully to "C:\Users\Tini\Desktop\MBR.dat"
20:25:31.296    The log file has been saved successfully to "C:\Users\Tini\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-29 22:28:55
-----------------------------
22:28:55.313    OS Version: Windows 6.1.7600 
22:28:55.313    Number of processors: 2 586 0x170A
22:28:55.313    ComputerName: TINI-PC  UserName: Tini
22:28:56.904    Initialize success
22:29:04.298    AVAST engine defs: 12112800
22:29:11.206    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:29:11.222    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
22:29:11.237    Disk 0 MBR read successfully
22:29:11.237    Disk 0 MBR scan
22:29:11.237    Disk 0 Windows 7 default MBR code
22:29:11.237    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           99 MB offset 2048
22:29:11.253    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       922022 MB offset 204800
22:29:11.284    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 1888505856
22:29:11.300    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 1951420416
22:29:11.300    Disk 0 scanning sectors +1953523120
22:29:11.393    Disk 0 scanning C:\Windows\system32\drivers
22:29:19.609    Service scanning
22:29:26.398    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:29:26.991    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:29:27.022    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
22:29:27.053    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:29:27.115    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
22:29:27.147    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
22:29:38.210    Modules scanning
22:29:44.061    Disk 0 trace - called modules:
22:29:44.081    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
22:29:44.091    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88da2388]
22:29:44.091    3 CLASSPNP.SYS[8cc0759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8658a028]
22:29:44.101    Scan finished successfully
22:29:57.615    Disk 0 MBR has been saved successfully to "C:\Users\Tini\Desktop\MBR.dat"
22:29:57.646    The log file has been saved successfully to "C:\Users\Tini\Desktop\aswMBR.txt"

28.11.2012, 16:54	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TrojanDownloader:Win32/Adload.DA !? Mach bitte neue Logs mit aswMBR und TDSS-Killer __________________ Logfiles bitte immer in CODE-Tags posten

29.11.2012, 22:16	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TrojanDownloader:Win32/Adload.DA !? Wie lange scannt aswMBR denn wenn es abstürzt? Nur einen Wimpernschlag oder schon eitwas länger? Unten aswMBR mal so eingestellt dass bei "AV Scan" none ausgewählt ist? __________________ Logfiles bitte immer in CODE-Tags posten

TrojanDownloader:Win32/Adload.DA !?

Plagegeister aller Art und deren Bekämpfung: TrojanDownloader:Win32/Adload.DA !?