BKA Trojaner - Datensicherung - Bereinigung

markusg · 15.02.2013, 13:28

Hi
du hattest im Browser eine Menge müll, toolbars, evtl. lag es daran.
Bitte, programme nur vom Hersteller laden und benutzerdefiniert instalieren, und finger weg von illegalem misst wie movie2k.
wenn du aus der Liste:
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- chrome instalieren.
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.
- passwort manager instaliert.
alles hast, sind wir durch.

jutta76 · 15.02.2013, 13:56

Mit chrome kenn ich mich nicht aus, firefox ist mir lieber. Secunia und file hippo hab ich wieder deinstalliert, das hat den lapi derart blockiert, daß es 10 min gedauert hat bis ich eine seite aufmachen konnte. Welches der programme schützt vor dieser malware?

Sollte man diesen adwcleaner öfter mal durchlaufen lassen? Wir haben noch einen Geschäfts PC, soll ich den auch mal überprüfen? Da ist Norton AV drauf.

markusg · 15.02.2013, 14:20

dann instaliere mal nur file hippo, geht das?
vor allem, das nächste mal einfach mal n ton sagen, woher soll ich von Problemen mit Programmen wissen, wenn es nicht hier steht :-)
bitte mal otl öffnen, bereinigen, remover werden gelöscht.
über gebliebene Remover logs und setups mal löschen.
vor solcher malware schützt nur, dass du dich informierst über das, was du instalierst, dateien nur aus legalen quellen lädsts, also nichts von illegalen streaming seiten wie movie2k und programme nur vom hersteller und benutzerdefiniert instalierst.

jutta76 · 15.02.2013, 15:11

ja mit file hippo allein gehts. Also das bekomm ich nur, wenn ich sachen installier, nicht wenn ich im Internet surfe?

Bin jetzt am FirmenPC, kann ich da das auch mal drüber laufen lassen?

markusg · 15.02.2013, 15:16

Hi
Adware bekommst du, wenn du programme instalierst, die gibts zb als toolbars im zusammenhang mit downloads legitimer software.
andere Schadsoftware bekommst du, wenn du dich auf dubiosen bzw illegalen seiten wie streaming seiten bewegst die illegal kinofilme etc anbieten.
was ist mit dem Rest der Liste, alles durch? backups etc?

jutta76 · 15.02.2013, 15:20

Kannst Du dir das mal anschaun bitte?
Extras.tx.tOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 15.02.2013 15:13:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Benutzerdaten\Gusenbauer\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,17 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 50,84% Memory free
6,33 Gb Paging File | 4,69 Gb Available in Paging File | 74,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 67,79 Gb Free Space | 67,79% Space Free | Partition Type: NTFS
Drive D: | 9,28 Gb Total Space | 1,13 Gb Free Space | 12,21% Space Free | Partition Type: NTFS
Drive E: | 356,38 Gb Total Space | 335,29 Gb Free Space | 94,08% Space Free | Partition Type: NTFS
 
Computer Name: GUSENBAUER-HP | User Name: Gusenbauer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA644B-D22C-423B-8811-932A5C7635FA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0DD379B3-F345-4CF6-ADEA-153C898A3233}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{29179DBA-0974-4AD1-9216-85CE17749626}" = lport=138 | protocol=17 | dir=in | app=system | 
"{382F9FCF-7247-4172-8F2A-2AE4EE14C2B2}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{3CEFDDF2-2A1F-4B9E-8252-45277C39C6D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4919799A-9348-4BDB-9E49-548CA20BFAB5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{49C45833-D88A-4786-8427-FB226E5BE5E2}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{67ABB9D5-B77A-44DC-B77B-9BB80AA8CF04}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7FC716BE-34B3-4EB5-BC1B-A2C4D2D7BA24}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{80847330-3C55-4D1B-99CF-ED3B184662EB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{94134E61-B734-4593-BA65-9621C159762D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{94301F77-9491-40B6-9495-0A35F32C9108}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{AC353990-E532-4DA9-A820-4E1195D58225}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B0C6F218-2DA4-4D65-BD23-57DF65108814}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B5E49402-1CCB-4943-81C1-EA3EAE42CB94}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C3A38A57-6121-40A7-ABD5-0B9472C53C1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C7B565D0-BE00-46A8-B93F-40F671B05E79}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA6786F5-FAB6-48E3-9641-760D8D1EF780}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CAF6B5BE-4B62-4937-B373-7F04109516CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D175F780-8B23-40EC-9A98-E37CEA0B7F0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D1A9359E-C7C0-4530-8392-D49FE6654B8E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D1F93B59-8C49-45B0-BDA2-EF2D3C758F8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D862F3B8-C292-4793-A209-E45F8A2904EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FB17B820-28A2-456B-997E-F55094C99E59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{126C109F-FF65-4B2C-BC87-A33F18D1C5D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CFBB3C3-7B22-4554-9581-29C00DA4BDBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23B7B160-53A6-42C8-A270-C6092931B9FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26B85E89-43C4-49CD-A344-F2EB94FBEBDA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{2BD99362-B650-4915-AEE7-6A6FB0037C02}" = protocol=6 | dir=out | app=system | 
"{524D222D-C477-4ECE-BECC-13CFE79DCC3D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{536846F6-FBBC-4AC9-AC0D-9AD6D697031B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{681F0D4F-FBF6-4924-B3F5-BB6AE82212A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B1530B4-E37D-4485-AC0C-2ED317A53122}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D00C60E-0364-4D24-B39D-D101BEEDB876}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F67DB0C-FFDD-4D86-A013-119D80F71B02}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{6F80D276-FACF-448A-B930-A8B7EF9F0768}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86CED367-C34D-485F-9540-2AA6F08D6952}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{98D41EBF-EE4D-4B7B-B832-2FA64A69FF18}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A42C9535-C4C7-4E80-88D8-6A53D27A4353}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B671A722-AD87-4536-8F49-E6B68D4DB24D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{D076829C-44C6-434B-8140-70E1437FF7B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D23AD7EA-EBA4-4EA6-B286-831485C6B118}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DF994A16-05B5-4E65-A19F-F8D5E20734D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0800D41-D3BE-4200-B50A-0763EE2B19E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E209246F-7B0A-48BA-981C-B9D034E91866}" = dir=out | app=%programfiles%\nero\nero 10\nero burning rom\nero.exe | 
"{FA4AA2E9-708F-43E2-82B8-849E3A6975F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{38A8B92C-350C-4E64-99B0-C34B14A9A1C2}C:\users\gusenbauer\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe" = protocol=6 | dir=in | app=c:\users\gusenbauer\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe | 
"TCP Query User{3C5BB8FC-BC1D-4A7E-A7B2-52A3F4471926}C:\program files\playback\playback.exe" = protocol=6 | dir=in | app=c:\program files\playback\playback.exe | 
"TCP Query User{8848596A-5B2B-418F-A299-75BFD5544253}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{DD3E41B2-92C9-4AA0-AF41-DF9BB821F3C9}C:\users\gusenbauer\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\gusenbauer\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | 
"UDP Query User{5C68839C-8EBC-4C2B-956D-8F71DE89CE01}C:\users\gusenbauer\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe" = protocol=17 | dir=in | app=c:\users\gusenbauer\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe | 
"UDP Query User{7ACC4C7C-2EC8-4EC3-BA83-B4BD5380F270}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{BC37E7FE-597A-4811-A20D-78107143670F}C:\users\gusenbauer\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\gusenbauer\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | 
"UDP Query User{FF8C2301-0A6D-4B57-81DB-78CD56430808}C:\program files\playback\playback.exe" = protocol=17 | dir=in | app=c:\program files\playback\playback.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BA6A83-C7A7-4F85-88F1-150142305229}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.0
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Auto Update Service" = Canon Auto Update Service
"AVG Secure Search" = AVG Security Toolbar
"Borland Database Engine" = Borland Database Engine
"BrowserCompanion" = BrowserCompanion
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly
"ELBA5 (C:_Program Files_ELBA5)" = ELBA5 (C:\Program Files\ELBA5)
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Glarysoft Toolbar" = Glarysoft Toolbar
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"PhotoStitch" = Canon Utilities PhotoStitch
"Playback_is1" = Playback 2.3.0.4
"PROSetDX" = Intel(R) Network Connections 15.7.176.0
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SP46890" = HP Softpaq SP52247 
"TeamViewer 5 Host" = TeamViewer 5 Host
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.01.2013 04:18:19 | Computer Name = Gusenbauer-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 10b0    Startzeit: 01cdf3c02bfdc36a    Endzeit: 23    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 19.01.2013 04:30:36 | Computer Name = Gusenbauer-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUFTRAG.EXE, Version: 1.9.5.9, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83b16  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000812f  ID des fehlerhaften
 Prozesses: 0x15e0  Startzeit der fehlerhaften Anwendung: 0x01cdf60d818dfbce  Pfad der
 fehlerhaften Anwendung: E:\GeOrg\AUFTRAG.EXE  Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung:
 7ecaccdc-6212-11e2-be45-3cd92b67541a
 
Error - 19.01.2013 05:52:49 | Computer Name = Gusenbauer-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 12b8    Startzeit: 01cdf6256cc40191    Endzeit: 23    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 19.01.2013 06:15:55 | Computer Name = Gusenbauer-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUFTRAG.EXE, Version: 1.9.5.9, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83b16  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000812f  ID des fehlerhaften
 Prozesses: 0x1624  Startzeit der fehlerhaften Anwendung: 0x01cdf620113e3291  Pfad der
 fehlerhaften Anwendung: E:\GeOrg\AUFTRAG.EXE  Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung:
 35ae9cee-6221-11e2-be45-3cd92b67541a
 
Error - 21.01.2013 11:14:01 | Computer Name = Gusenbauer-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x178ff15f  ID des fehlerhaften
 Prozesses: 0x1320  Startzeit der fehlerhaften Anwendung: 0x01cdf7e208b14229  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 2ef5a20d-63dd-11e2-853a-3cd92b67541a
 
Error - 22.01.2013 12:47:07 | Computer Name = Gusenbauer-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1600    Startzeit: 01cdf8bc5d467036    Endzeit: 25    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 22.01.2013 13:28:37 | Computer Name = Gusenbauer-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 324    Startzeit: 01cdf8c5c5f93054    Endzeit: 12    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 29.01.2013 11:12:17 | Computer Name = Gusenbauer-HP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 146c    Startzeit: 01cdfe2e35b0946c    Endzeit: 58    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 31.01.2013 11:34:53 | Computer Name = Gusenbauer-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUFTRAG.EXE, Version: 1.9.5.9, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0x00000000  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x1630  Startzeit der fehlerhaften Anwendung: 0x01cdff7ba49d5bed  Pfad der fehlerhaften
 Anwendung: E:\GeOrg\AUFTRAG.EXE  Pfad des fehlerhaften Moduls: unknown  Berichtskennung:
 c1d6ad7b-6bbb-11e2-81ae-3cd92b67541a
 
Error - 31.01.2013 11:35:30 | Computer Name = Gusenbauer-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUFTRAG.EXE, Version: 1.9.5.9, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83b16  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000812f  ID des fehlerhaften
 Prozesses: 0x954  Startzeit der fehlerhaften Anwendung: 0x01cdffc896093769  Pfad der
 fehlerhaften Anwendung: E:\GeOrg\AUFTRAG.EXE  Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung:
 d7b08f3f-6bbb-11e2-81ae-3cd92b67541a
 
[ Hewlett-Packard Events ]
Error - 06.04.2012 08:02:57 | Computer Name = Gusenbauer-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 27.07.2012 08:09:03 | Computer Name = Gusenbauer-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/17721da9_3f88_4b11_9ef1_e68f32fdca1a/o3whu14gtca8gbtecly4zkjl_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3242  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String)  
 
[ System Events ]
Error - 15.02.2013 04:58:02 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 04:58:05 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 04:58:05 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 05:12:32 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 07:05:02 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 07:05:08 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 07:05:08 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 07:09:16 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 09:33:22 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 09:34:33 | Computer Name = Gusenbauer-HP | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

--- --- ---

OTL.txtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.02.2013 15:13:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Benutzerdaten\Gusenbauer\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,17 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 50,84% Memory free
6,33 Gb Paging File | 4,69 Gb Available in Paging File | 74,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 67,79 Gb Free Space | 67,79% Space Free | Partition Type: NTFS
Drive D: | 9,28 Gb Total Space | 1,13 Gb Free Space | 12,21% Space Free | Partition Type: NTFS
Drive E: | 356,38 Gb Total Space | 335,29 Gb Free Space | 94,08% Space Free | Partition Type: NTFS
 
Computer Name: GUSENBAUER-HP | User Name: Gusenbauer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Benutzerdaten\Gusenbauer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
PRC - C:\Users\Gusenbauer\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
PRC - E:\GeOrg\AUFTRAG.EXE (Franzmayr OEG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\SiteSafety.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\156a6215a427bcec551e294300c096e6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Gusenbauer\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
MOD - C:\PROGRAM FILES\NORTON IDENTITY SAFE\ENGINE\2013.2.1.33\wincfi39.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - E:\GeOrg\midas.dll ()
MOD - C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL ()
MOD - C:\Program Files\Common Files\Borland Shared\BDE\idsql32.DLL ()
MOD - C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL ()
MOD - C:\Program Files\Common Files\Borland Shared\BDE\IDR20007.DLL ()
MOD - C:\Program Files\Common Files\Borland Shared\BDE\idbat32.DLL ()
MOD - C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (vToolbarUpdater14.1.7) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe (Symantec Corporation)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (PDF Architect Helper Service) -- C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (a5ryknt5) --  File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130214.016\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130214.016\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130214.001\IDSvix86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1402010.016\symds.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NAV\1402010.016\symnets.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1402010.016\ironx86.sys (Symantec Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.sys (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.sys (Symantec Corporation)
DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (pmxdrv) -- C:\Windows\System32\drivers\pmxdrv.sys ()
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (NAL) -- C:\Windows\System32\drivers\iqvw32.sys (Intel Corporation )
DRV - (IFCoEVB) -- C:\Windows\System32\drivers\ifP52x32.sys (Intel(R) Corporation)
DRV - (IFCoEMP) -- C:\Windows\System32\drivers\ifM52x32.sys (Intel(R) Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (NmPar) -- C:\Windows\System32\drivers\NmPar.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Glarysoft Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=115284&tt=4812_8&babsrc=SP_ss&mntrId=786b0d0c0000000000003cd92b67541a
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKCU\..\SearchScopes\{50F83E2C-8A8E-4ADE-83E5-D6E5745FDB31}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=8DD11824-18A8-4E6C-8BD7-AA48137B7E82&apn_sauid=545B3B98-7F17-4BC0-AE15-F7BDB1902DC6
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={65B8CFD9-AE81-4B72-8774-8613FAAF9D64}&mid=128381e03a9847d095a7ed906d83bde9-6172c7d6cf0333b096cbb16588eba9059a5b8025&lang=de&ds=pd011&pr=sa&d=2012-09-22 09:47:51&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKCU\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10 [2013.02.11 07:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\ [2012.11.13 17:02:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2013.02.15 07:16:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.04 08:38:34 | 000,000,000 | ---D | M]
 
[2012.11.27 17:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Search
CHR - homepage: Search
CHR - Extension: YouTube = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Browser Companion Helper = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DealPly = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: AVG Secure Search = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Norton Identity Protection = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.2.0.18_0\
CHR - Extension: Google Mail = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\Gusenbauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files\Glarysoft Toolbar\tbcore3.dll ()
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files\Glarysoft Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\Gusenbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Gusenbauer\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDCB8136-5CDD-4E91-A10B-D96A3331B53A}: NameServer = 10.0.0.138
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f46e4b25-0ff8-11e1-bdac-3cd92b67541a}\Shell - "" = AutoRun
O33 - MountPoints2\{f46e4b25-0ff8-11e1-bdac-3cd92b67541a}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.07 15:09:13 | 000,000,000 | ---D | C] -- C:\Users\Gusenbauer\AppData\Roaming\ZoomBrowser EX
[2013.02.07 14:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2013.02.07 14:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon_Inc_IC
[2013.02.07 14:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.02.07 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013.02.07 11:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2013.02.07 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\af0.net
[2013.01.21 07:15:28 | 000,000,000 | ---D | C] -- C:\Users\Gusenbauer\AppData\Local\APN
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.15 15:08:28 | 000,698,514 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.15 15:08:28 | 000,652,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.15 15:08:28 | 000,148,570 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.15 15:08:28 | 000,121,428 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.15 14:36:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.15 14:35:53 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGusenbauer.job
[2013.02.15 14:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.15 07:36:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.15 07:23:46 | 000,027,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 07:23:46 | 000,027,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 07:16:32 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.02.15 07:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 07:16:22 | 2549,624,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 07:14:12 | 000,412,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.14 07:13:02 | 001,364,565 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1402010.016\Cat.DB
[2013.02.11 07:13:06 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.02.07 14:49:46 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2013.01.24 12:11:25 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1402010.016\VT20130115.021
[2013.01.21 13:12:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGUSENBAUER-HP$.job
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.07 14:49:46 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2013.01.24 07:13:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2012.10.10 05:32:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012.10.10 05:32:16 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.10.10 05:32:12 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.10.10 05:32:10 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.10.10 05:32:08 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2011.11.16 14:49:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.13 10:36:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.09.23 20:36:45 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys
[2011.09.23 20:29:22 | 000,074,752 | ---- | C] () -- C:\Windows\System32\HPMUIDir.exe
[2011.09.23 20:22:13 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.09.23 20:22:13 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.09.23 20:12:01 | 000,698,514 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.09.23 20:12:01 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.09.23 20:12:01 | 000,148,570 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.09.23 20:12:01 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.08.31 18:46:14 | 000,216,000 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.08.31 18:46:10 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.04 08:38:43 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\APP_NAME_NON_STRING
[2012.11.27 17:58:36 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\Babylon
[2013.02.15 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\BrowserCompanion
[2011.11.16 14:44:01 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\DAEMON Tools Lite
[2012.11.29 14:13:21 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\Downloaded Installations
[2012.11.29 14:14:19 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\FileOpen
[2012.11.29 14:14:19 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\Nitro
[2012.11.30 14:46:26 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\Nitro PDF
[2012.12.04 08:40:16 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\OpenCandy
[2012.12.04 11:46:15 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\PDF Architect
[2012.12.07 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\pdfforge
[2012.12.07 16:04:38 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\QuickStoresToolbar
[2011.10.14 10:26:31 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\SoftGrid Client
[2011.11.16 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\SQL Anywhere 12
[2013.01.10 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\Systweak
[2011.10.19 08:40:03 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\TeamViewer
[2011.10.13 11:02:26 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\TP
[2012.12.04 08:39:02 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\TuneUp Software
[2012.06.23 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Gusenbauer\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

markusg · 15.02.2013, 15:21

kannst du meine Frage beantworten bitte.
nützt ja nichts wenn wir mit dem einen nicht durch sind

jutta76 · 15.02.2013, 15:31

achso ja entschuldige, alles erledigt. hatte eh alles schon gemacht, nur die zwei Sachen wieder deinstalliert. Online Banking mache ich nicht mit dem Laptop.
Danke!

markusg · 15.02.2013, 15:52

Gut
wollte dich keineswegs nerfen, möchte aber auch verhindern, dass du, "nur" weil etwas vergessen wurde, wieder irgendwann vor Problemen stehst.
Wieder ne Menge Toolbars auf dem andern pc, zu dem wir jetzt kommen:
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

jutta76 · 15.02.2013, 16:02

Du meine Güte nein, DU nervst doch nicht, Du bist der Hammer!! Bin sooo froh, daß Du mir hilfst und so viel Geduld hast.
Bin a bissl angespannt, weil ich immer Angst hab es macht einen Knall und dann geht gar nichts mehr, weil ich was falsch gemacht hab.

15:59:40.0185 5928 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:59:40.0455 5928 ============================================================
15:59:40.0455 5928 Current date / time: 2013/02/15 15:59:40.0455
15:59:40.0455 5928 SystemInfo:
15:59:40.0455 5928
15:59:40.0455 5928 OS Version: 6.1.7601 ServicePack: 1.0
15:59:40.0455 5928 Product type: Workstation
15:59:40.0455 5928 ComputerName: GUSENBAUER-HP
15:59:40.0455 5928 UserName: Gusenbauer
15:59:40.0455 5928 Windows directory: C:\Windows
15:59:40.0455 5928 System windows directory: C:\Windows
15:59:40.0455 5928 Processor architecture: Intel x86
15:59:40.0455 5928 Number of processors: 4
15:59:40.0455 5928 Page size: 0x1000
15:59:40.0455 5928 Boot type: Normal boot
15:59:40.0455 5928 ============================================================
15:59:40.0825 5928 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:59:40.0855 5928 ============================================================
15:59:40.0855 5928 \Device\Harddisk0\DR0:
15:59:40.0855 5928 MBR partitions:
15:59:40.0855 5928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:59:40.0855 5928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC800000
15:59:40.0875 5928 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC833000, BlocksNum 0x2C8C4000
15:59:40.0875 5928 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x390F7000, BlocksNum 0x128E800
15:59:40.0875 5928 ============================================================
15:59:40.0915 5928 C: <-> \Device\Harddisk0\DR0\Partition2
15:59:40.0965 5928 D: <-> \Device\Harddisk0\DR0\Partition4
15:59:41.0005 5928 E: <-> \Device\Harddisk0\DR0\Partition3
15:59:41.0005 5928 ============================================================
15:59:41.0005 5928 Initialize success
15:59:41.0005 5928 ============================================================
15:59:52.0593 4816 ============================================================
15:59:52.0593 4816 Scan started
15:59:52.0593 4816 Mode: Manual;
15:59:52.0593 4816 ============================================================
15:59:53.0243 4816 ================ Scan system memory ========================
15:59:53.0243 4816 System memory - ok
15:59:53.0243 4816 ================ Scan services =============================
15:59:53.0533 4816 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:59:53.0533 4816 1394ohci - ok
15:59:53.0583 4816 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:59:53.0583 4816 ACPI - ok
15:59:53.0613 4816 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:59:53.0613 4816 AcpiPmi - ok
15:59:53.0693 4816 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:59:53.0693 4816 AdobeARMservice - ok
15:59:53.0763 4816 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:59:53.0763 4816 AdobeFlashPlayerUpdateSvc - ok
15:59:53.0813 4816 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:59:53.0813 4816 adp94xx - ok
15:59:53.0833 4816 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:59:53.0833 4816 adpahci - ok
15:59:53.0853 4816 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:59:53.0853 4816 adpu320 - ok
15:59:53.0883 4816 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:59:53.0883 4816 AeLookupSvc - ok
15:59:53.0913 4816 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:59:53.0913 4816 AFD - ok
15:59:53.0943 4816 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:59:53.0943 4816 agp440 - ok
15:59:53.0973 4816 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:59:53.0983 4816 aic78xx - ok
15:59:54.0013 4816 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:59:54.0013 4816 ALG - ok
15:59:54.0033 4816 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:59:54.0033 4816 aliide - ok
15:59:54.0053 4816 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:59:54.0053 4816 amdagp - ok
15:59:54.0073 4816 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:59:54.0073 4816 amdide - ok
15:59:54.0093 4816 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:59:54.0093 4816 AmdK8 - ok
15:59:54.0113 4816 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:59:54.0113 4816 AmdPPM - ok
15:59:54.0143 4816 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:59:54.0143 4816 amdsata - ok
15:59:54.0163 4816 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:59:54.0163 4816 amdsbs - ok
15:59:54.0173 4816 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:59:54.0173 4816 amdxata - ok
15:59:54.0213 4816 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:59:54.0213 4816 AppID - ok
15:59:54.0233 4816 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:59:54.0233 4816 AppIDSvc - ok
15:59:54.0253 4816 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:59:54.0253 4816 Appinfo - ok
15:59:54.0273 4816 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
15:59:54.0273 4816 AppMgmt - ok
15:59:54.0303 4816 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
15:59:54.0303 4816 arc - ok
15:59:54.0335 4816 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:59:54.0335 4816 arcsas - ok
15:59:54.0413 4816 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:59:54.0413 4816 aspnet_state - ok
15:59:54.0444 4816 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:54.0444 4816 AsyncMac - ok
15:59:54.0475 4816 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:59:54.0475 4816 atapi - ok
15:59:54.0491 4816 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:59:54.0506 4816 AudioEndpointBuilder - ok
15:59:54.0506 4816 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:59:54.0506 4816 Audiosrv - ok
15:59:54.0569 4816 [ F3D2D8D48E3B0CA83D70A420240E509B ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
15:59:54.0569 4816 avgtp - ok
15:59:54.0584 4816 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:59:54.0600 4816 AxInstSV - ok
15:59:54.0631 4816 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
15:59:54.0631 4816 b06bdrv - ok
15:59:54.0647 4816 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:59:54.0647 4816 b57nd60x - ok
15:59:54.0662 4816 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:59:54.0662 4816 BDESVC - ok
15:59:54.0678 4816 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:59:54.0678 4816 Beep - ok
15:59:54.0709 4816 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:59:54.0709 4816 BFE - ok
15:59:54.0849 4816 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx86.sys
15:59:54.0865 4816 BHDrvx86 - ok
15:59:54.0896 4816 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
15:59:54.0912 4816 BITS - ok
15:59:54.0927 4816 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:59:54.0927 4816 blbdrive - ok
15:59:54.0959 4816 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:59:54.0959 4816 bowser - ok
15:59:54.0990 4816 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:59:54.0990 4816 BrFiltLo - ok
15:59:55.0005 4816 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:59:55.0005 4816 BrFiltUp - ok
15:59:55.0037 4816 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:59:55.0037 4816 Browser - ok
15:59:55.0052 4816 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:59:55.0068 4816 Brserid - ok
15:59:55.0083 4816 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:59:55.0083 4816 BrSerWdm - ok
15:59:55.0099 4816 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:59:55.0099 4816 BrUsbMdm - ok
15:59:55.0115 4816 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:59:55.0115 4816 BrUsbSer - ok
15:59:55.0130 4816 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:59:55.0130 4816 BTHMODEM - ok
15:59:55.0177 4816 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:59:55.0177 4816 bthserv - ok
15:59:55.0255 4816 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
15:59:55.0255 4816 CCALib8 - ok
15:59:55.0317 4816 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NAV C:\Windows\system32\drivers\NAV\1402010.016\ccSetx86.sys
15:59:55.0317 4816 ccSet_NAV - ok
15:59:55.0364 4816 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NST C:\Windows\system32\drivers\NST\7DD02010.021\ccSetx86.sys
15:59:55.0364 4816 ccSet_NST - ok
15:59:55.0380 4816 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:59:55.0380 4816 cdfs - ok
15:59:55.0411 4816 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:59:55.0411 4816 cdrom - ok
15:59:55.0442 4816 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:59:55.0442 4816 CertPropSvc - ok
15:59:55.0473 4816 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
15:59:55.0473 4816 circlass - ok
15:59:55.0489 4816 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:59:55.0489 4816 CLFS - ok
15:59:55.0536 4816 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:55.0536 4816 clr_optimization_v2.0.50727_32 - ok
15:59:55.0583 4816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:55.0583 4816 clr_optimization_v4.0.30319_32 - ok
15:59:55.0598 4816 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:59:55.0598 4816 CmBatt - ok
15:59:55.0614 4816 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:59:55.0614 4816 cmdide - ok
15:59:55.0692 4816 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
15:59:55.0692 4816 CNG - ok
15:59:55.0723 4816 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:59:55.0723 4816 Compbatt - ok
15:59:55.0785 4816 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:59:55.0785 4816 CompositeBus - ok
15:59:55.0785 4816 COMSysApp - ok
15:59:55.0832 4816 [ 651E7A42942D0B0E4571887F40F408B4 ] cphs C:\Windows\system32\IntelCpHeciSvc.exe
15:59:55.0832 4816 cphs - ok
15:59:55.0863 4816 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:59:55.0863 4816 crcdisk - ok
15:59:55.0910 4816 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:59:55.0926 4816 CryptSvc - ok
15:59:55.0941 4816 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
15:59:55.0941 4816 CSC - ok
15:59:55.0988 4816 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
15:59:55.0988 4816 CscService - ok
15:59:56.0019 4816 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:59:56.0019 4816 DcomLaunch - ok
15:59:56.0035 4816 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:59:56.0035 4816 defragsvc - ok
15:59:56.0066 4816 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:59:56.0066 4816 DfsC - ok
15:59:56.0097 4816 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:59:56.0097 4816 Dhcp - ok
15:59:56.0113 4816 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:59:56.0113 4816 discache - ok
15:59:56.0144 4816 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
15:59:56.0144 4816 Disk - ok
15:59:56.0160 4816 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:59:56.0160 4816 dmvsc - ok
15:59:56.0175 4816 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:59:56.0175 4816 Dnscache - ok
15:59:56.0191 4816 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:59:56.0207 4816 dot3svc - ok
15:59:56.0207 4816 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:59:56.0207 4816 DPS - ok
15:59:56.0238 4816 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:59:56.0238 4816 drmkaud - ok
15:59:56.0269 4816 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:59:56.0269 4816 dtsoftbus01 - ok
15:59:56.0285 4816 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:59:56.0285 4816 DXGKrnl - ok
15:59:56.0316 4816 [ 1BD726A72DF3EAB9CB0FD396304EC1FB ] e1cexpress C:\Windows\system32\DRIVERS\e1c6232.sys
15:59:56.0316 4816 e1cexpress - ok
15:59:56.0347 4816 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:59:56.0347 4816 EapHost - ok
15:59:56.0425 4816 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
15:59:56.0472 4816 ebdrv - ok
15:59:56.0534 4816 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:59:56.0534 4816 eeCtrl - ok
15:59:56.0550 4816 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:59:56.0565 4816 EFS - ok
15:59:56.0612 4816 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:59:56.0628 4816 ehRecvr - ok
15:59:56.0643 4816 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:59:56.0643 4816 ehSched - ok
15:59:56.0690 4816 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:59:56.0690 4816 elxstor - ok
15:59:56.0737 4816 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:59:56.0737 4816 EraserUtilRebootDrv - ok
15:59:56.0768 4816 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:59:56.0768 4816 ErrDev - ok
15:59:56.0799 4816 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:59:56.0799 4816 EventSystem - ok
15:59:56.0831 4816 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:59:56.0831 4816 exfat - ok
15:59:56.0831 4816 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:59:56.0846 4816 fastfat - ok
15:59:56.0877 4816 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:59:56.0877 4816 Fax - ok
15:59:56.0893 4816 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
15:59:56.0893 4816 fdc - ok
15:59:56.0924 4816 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:59:56.0924 4816 fdPHost - ok
15:59:56.0940 4816 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:59:56.0940 4816 FDResPub - ok
15:59:56.0971 4816 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:59:56.0971 4816 FileInfo - ok
15:59:56.0971 4816 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:59:56.0971 4816 Filetrace - ok
15:59:56.0987 4816 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:59:56.0987 4816 flpydisk - ok
15:59:57.0002 4816 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:59:57.0018 4816 FltMgr - ok
15:59:57.0049 4816 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
15:59:57.0049 4816 FontCache - ok
15:59:57.0111 4816 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:59:57.0111 4816 FontCache3.0.0.0 - ok
15:59:57.0127 4816 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:59:57.0127 4816 FsDepends - ok
15:59:57.0158 4816 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:59:57.0158 4816 Fs_Rec - ok
15:59:57.0174 4816 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:59:57.0174 4816 fvevol - ok
15:59:57.0221 4816 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:59:57.0221 4816 gagp30kx - ok
15:59:57.0236 4816 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:59:57.0252 4816 gpsvc - ok
15:59:57.0361 4816 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:59:57.0361 4816 gupdate - ok
15:59:57.0377 4816 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:59:57.0377 4816 gupdatem - ok
15:59:57.0423 4816 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:59:57.0423 4816 gusvc - ok
15:59:57.0470 4816 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:59:57.0470 4816 hcw85cir - ok
15:59:57.0517 4816 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:59:57.0517 4816 HdAudAddService - ok
15:59:57.0548 4816 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:59:57.0548 4816 HDAudBus - ok
15:59:57.0564 4816 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:59:57.0564 4816 HidBatt - ok
15:59:57.0595 4816 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:59:57.0595 4816 HidBth - ok
15:59:57.0611 4816 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:59:57.0611 4816 HidIr - ok
15:59:57.0626 4816 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:59:57.0626 4816 hidserv - ok
15:59:57.0673 4816 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:59:57.0673 4816 HidUsb - ok
15:59:57.0704 4816 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:59:57.0704 4816 hkmsvc - ok
15:59:57.0720 4816 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:59:57.0720 4816 HomeGroupListener - ok
15:59:57.0751 4816 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:59:57.0751 4816 HomeGroupProvider - ok
15:59:57.0813 4816 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:59:57.0813 4816 HP Support Assistant Service - ok
15:59:57.0876 4816 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
15:59:57.0876 4816 hpqwmiex - ok
15:59:57.0907 4816 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:59:57.0907 4816 HpSAMD - ok
15:59:57.0938 4816 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:59:57.0938 4816 HTTP - ok
15:59:57.0938 4816 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:59:57.0938 4816 hwpolicy - ok
15:59:57.0969 4816 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:59:57.0969 4816 i8042prt - ok
15:59:57.0985 4816 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\Windows\system32\drivers\iaStor.sys
15:59:58.0001 4816 iaStor - ok
15:59:58.0016 4816 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:59:58.0016 4816 iaStorV - ok
15:59:58.0063 4816 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:59:58.0063 4816 idsvc - ok
15:59:58.0141 4816 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130214.001\IDSvix86.sys
15:59:58.0141 4816 IDSVix86 - ok
15:59:58.0172 4816 [ 34953BB9336540D2C029DF4AF01A5240 ] IFCoEMP C:\Windows\system32\drivers\ifM52x32.sys
15:59:58.0172 4816 IFCoEMP - ok
15:59:58.0188 4816 [ 16E1452FD825B6F0BDB7ECA83C73BD24 ] IFCoEVB C:\Windows\system32\drivers\ifP52X32.sys
15:59:58.0188 4816 IFCoEVB - ok
15:59:58.0297 4816 [ 08635472A005E4881FBF0164AA19B44F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:59:58.0328 4816 igfx - ok
15:59:58.0344 4816 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:59:58.0344 4816 iirsp - ok
15:59:58.0375 4816 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:59:58.0391 4816 IKEEXT - ok
15:59:58.0406 4816 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\drivers\Impcd.sys
15:59:58.0406 4816 Impcd - ok
15:59:58.0484 4816 [ 544FCAF4CF73C6EF6A83747CB9274177 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:59:58.0515 4816 IntcAzAudAddService - ok
15:59:58.0531 4816 [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:59:58.0547 4816 IntcDAud - ok
15:59:58.0578 4816 [ F2C6FB081B707863A0A21D639F325475 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
15:59:58.0578 4816 Intel(R) PROSet Monitoring Service - ok
15:59:58.0593 4816 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:59:58.0593 4816 intelide - ok
15:59:58.0640 4816 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:59:58.0640 4816 intelppm - ok
15:59:58.0656 4816 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:59:58.0656 4816 IPBusEnum - ok
15:59:58.0671 4816 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:58.0671 4816 IpFilterDriver - ok
15:59:58.0703 4816 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:59:58.0718 4816 iphlpsvc - ok
15:59:58.0734 4816 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:59:58.0734 4816 IPMIDRV - ok
15:59:58.0734 4816 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:59:58.0749 4816 IPNAT - ok
15:59:58.0765 4816 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:59:58.0765 4816 IRENUM - ok
15:59:58.0796 4816 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:59:58.0796 4816 isapnp - ok
15:59:58.0812 4816 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:59:58.0812 4816 iScsiPrt - ok
15:59:58.0843 4816 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:59:58.0859 4816 IviRegMgr - ok
15:59:58.0874 4816 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:58.0874 4816 kbdclass - ok
15:59:58.0905 4816 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:58.0905 4816 kbdhid - ok
15:59:58.0921 4816 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:59:58.0921 4816 KeyIso - ok
15:59:58.0937 4816 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:59:58.0937 4816 KSecDD - ok
15:59:58.0968 4816 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:59:58.0968 4816 KSecPkg - ok
15:59:58.0999 4816 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:59:58.0999 4816 KtmRm - ok
15:59:59.0046 4816 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:59:59.0046 4816 LanmanServer - ok
15:59:59.0061 4816 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:59:59.0061 4816 LanmanWorkstation - ok
15:59:59.0093 4816 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:59:59.0093 4816 lltdio - ok
15:59:59.0124 4816 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:59:59.0124 4816 lltdsvc - ok
15:59:59.0139 4816 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:59:59.0139 4816 lmhosts - ok
15:59:59.0217 4816 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:59:59.0217 4816 LMS - ok
15:59:59.0249 4816 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:59:59.0264 4816 LSI_FC - ok
15:59:59.0280 4816 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:59:59.0280 4816 LSI_SAS - ok
15:59:59.0311 4816 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:59:59.0311 4816 LSI_SAS2 - ok
15:59:59.0327 4816 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:59:59.0327 4816 LSI_SCSI - ok
15:59:59.0342 4816 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:59:59.0342 4816 luafv - ok
15:59:59.0358 4816 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:59:59.0358 4816 Mcx2Svc - ok
15:59:59.0405 4816 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:59:59.0405 4816 MDM - ok
15:59:59.0420 4816 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
15:59:59.0436 4816 megasas - ok
15:59:59.0451 4816 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:59:59.0451 4816 MegaSR - ok
15:59:59.0483 4816 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
15:59:59.0483 4816 MEI - ok
15:59:59.0514 4816 [ 26F4CA8A0B33658382424BF0B4326C0A ] mf C:\Windows\system32\DRIVERS\mf.sys
15:59:59.0514 4816 mf - ok
15:59:59.0545 4816 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:59:59.0545 4816 MMCSS - ok
15:59:59.0561 4816 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:59:59.0561 4816 Modem - ok
15:59:59.0592 4816 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:59:59.0592 4816 monitor - ok
15:59:59.0623 4816 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:59:59.0623 4816 mouclass - ok
15:59:59.0654 4816 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:59:59.0654 4816 mouhid - ok
15:59:59.0685 4816 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:59:59.0685 4816 mountmgr - ok
15:59:59.0701 4816 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:59:59.0701 4816 mpio - ok
15:59:59.0732 4816 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:59:59.0732 4816 mpsdrv - ok
15:59:59.0763 4816 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:59:59.0763 4816 MpsSvc - ok
15:59:59.0795 4816 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:59:59.0795 4816 MRxDAV - ok
15:59:59.0826 4816 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:59.0826 4816 mrxsmb - ok
15:59:59.0857 4816 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:59.0857 4816 mrxsmb10 - ok
15:59:59.0873 4816 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:59.0873 4816 mrxsmb20 - ok
15:59:59.0888 4816 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:59:59.0888 4816 msahci - ok
15:59:59.0919 4816 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:59:59.0919 4816 msdsm - ok
15:59:59.0935 4816 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:59:59.0935 4816 MSDTC - ok
15:59:59.0951 4816 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:59:59.0951 4816 Msfs - ok
15:59:59.0951 4816 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:59:59.0951 4816 mshidkmdf - ok
15:59:59.0966 4816 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:59:59.0966 4816 msisadrv - ok
15:59:59.0997 4816 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:59:59.0997 4816 MSiSCSI - ok
16:00:00.0013 4816 msiserver - ok
16:00:00.0029 4816 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:00:00.0029 4816 MSKSSRV - ok
16:00:00.0044 4816 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:00:00.0044 4816 MSPCLOCK - ok
16:00:00.0060 4816 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:00:00.0060 4816 MSPQM - ok
16:00:00.0075 4816 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:00:00.0075 4816 MsRPC - ok
16:00:00.0091 4816 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:00:00.0091 4816 mssmbios - ok
16:00:00.0107 4816 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:00:00.0107 4816 MSTEE - ok
16:00:00.0122 4816 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:00:00.0122 4816 MTConfig - ok
16:00:00.0138 4816 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:00:00.0138 4816 Mup - ok
16:00:00.0169 4816 [ F0E577D6F55806FFFD64C74A48F4B42D ] NAL C:\Windows\system32\Drivers\iqvw32.sys
16:00:00.0169 4816 NAL - ok
16:00:00.0185 4816 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:00:00.0200 4816 napagent - ok
16:00:00.0216 4816 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:00:00.0216 4816 NativeWifiP - ok
16:00:00.0278 4816 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
16:00:00.0294 4816 NAUpdate - ok
16:00:00.0356 4816 [ 4BA84C832E0741A294C4444556DFE993 ] NAV C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
16:00:00.0356 4816 NAV - ok
16:00:00.0419 4816 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130214.016\NAVENG.SYS
16:00:00.0419 4816 NAVENG - ok
16:00:00.0465 4816 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130214.016\NAVEX15.SYS
16:00:00.0481 4816 NAVEX15 - ok
16:00:00.0528 4816 [ 4BA84C832E0741A294C4444556DFE993 ] NCO C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe
16:00:00.0528 4816 NCO - ok
16:00:00.0559 4816 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:00:00.0575 4816 NDIS - ok
16:00:00.0606 4816 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:00:00.0606 4816 NdisCap - ok
16:00:00.0621 4816 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:00:00.0621 4816 NdisTapi - ok
16:00:00.0637 4816 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:00:00.0637 4816 Ndisuio - ok
16:00:00.0668 4816 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:00:00.0668 4816 NdisWan - ok
16:00:00.0668 4816 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:00:00.0684 4816 NDProxy - ok
16:00:00.0715 4816 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:00:00.0715 4816 NetBIOS - ok
16:00:00.0731 4816 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:00:00.0731 4816 NetBT - ok
16:00:00.0746 4816 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:00:00.0746 4816 Netlogon - ok
16:00:00.0777 4816 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:00:00.0793 4816 Netman - ok
16:00:00.0809 4816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:00:00.0809 4816 NetMsmqActivator - ok
16:00:00.0824 4816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:00:00.0824 4816 NetPipeActivator - ok
16:00:00.0840 4816 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:00:00.0840 4816 netprofm - ok
16:00:00.0840 4816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:00:00.0855 4816 NetTcpActivator - ok
16:00:00.0855 4816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:00:00.0855 4816 NetTcpPortSharing - ok
16:00:00.0871 4816 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:00:00.0871 4816 nfrd960 - ok
16:00:00.0902 4816 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:00:00.0902 4816 NlaSvc - ok
16:00:00.0933 4816 [ 2497646E228C3E9E50ED3137E25EA9BE ] NmPar C:\Windows\system32\DRIVERS\NmPar.sys
16:00:00.0933 4816 NmPar - ok
16:00:00.0949 4816 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:00:00.0949 4816 Npfs - ok
16:00:00.0980 4816 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:00:00.0980 4816 nsi - ok
16:00:00.0980 4816 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:00:00.0980 4816 nsiproxy - ok
16:00:01.0027 4816 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:00:01.0043 4816 Ntfs - ok
16:00:01.0058 4816 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:00:01.0058 4816 Null - ok
16:00:01.0074 4816 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:00:01.0074 4816 nvraid - ok
16:00:01.0089 4816 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:00:01.0105 4816 nvstor - ok
16:00:01.0121 4816 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:00:01.0121 4816 nv_agp - ok
16:00:01.0152 4816 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:00:01.0152 4816 ohci1394 - ok
16:00:01.0183 4816 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:00:01.0183 4816 ose - ok
16:00:01.0214 4816 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:00:01.0214 4816 p2pimsvc - ok
16:00:01.0245 4816 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:00:01.0261 4816 p2psvc - ok
16:00:01.0261 4816 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
16:00:01.0277 4816 Parport - ok
16:00:01.0292 4816 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:00:01.0292 4816 partmgr - ok
16:00:01.0308 4816 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:00:01.0308 4816 Parvdm - ok
16:00:01.0339 4816 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:00:01.0339 4816 PcaSvc - ok
16:00:01.0370 4816 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:00:01.0370 4816 pci - ok
16:00:01.0386 4816 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:00:01.0386 4816 pciide - ok
16:00:01.0401 4816 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:00:01.0401 4816 pcmcia - ok
16:00:01.0417 4816 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:00:01.0417 4816 pcw - ok
16:00:01.0495 4816 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe
16:00:01.0526 4816 PDF Architect Helper Service - ok
16:00:01.0542 4816 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe
16:00:01.0542 4816 PDF Architect Service - ok
16:00:01.0557 4816 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:00:01.0573 4816 PEAUTH - ok
16:00:01.0604 4816 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:00:01.0604 4816 PeerDistSvc - ok
16:00:01.0635 4816 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:00:01.0651 4816 pla - ok
16:00:01.0682 4816 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:00:01.0698 4816 PlugPlay - ok
16:00:01.0745 4816 [ B4079D61B5C6B4919BDE17C38202E236 ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
16:00:01.0760 4816 pmxdrv - ok
16:00:01.0776 4816 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:00:01.0791 4816 PNRPAutoReg - ok
16:00:01.0807 4816 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:00:01.0807 4816 PNRPsvc - ok
16:00:01.0838 4816 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:00:01.0838 4816 PolicyAgent - ok
16:00:01.0869 4816 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:00:01.0885 4816 Power - ok
16:00:01.0901 4816 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:00:01.0901 4816 PptpMiniport - ok
16:00:01.0932 4816 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
16:00:01.0932 4816 Processor - ok
16:00:01.0979 4816 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:00:01.0979 4816 ProfSvc - ok
16:00:01.0994 4816 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:00:01.0994 4816 ProtectedStorage - ok
16:00:02.0010 4816 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:00:02.0010 4816 Psched - ok
16:00:02.0041 4816 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:00:02.0041 4816 PSI_SVC_2 - ok
16:00:02.0072 4816 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:00:02.0088 4816 ql2300 - ok
16:00:02.0103 4816 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:00:02.0103 4816 ql40xx - ok
16:00:02.0135 4816 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:00:02.0135 4816 QWAVE - ok
16:00:02.0150 4816 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:00:02.0150 4816 QWAVEdrv - ok
16:00:02.0166 4816 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:00:02.0166 4816 RasAcd - ok
16:00:02.0181 4816 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:00:02.0181 4816 RasAgileVpn - ok
16:00:02.0197 4816 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:00:02.0197 4816 RasAuto - ok
16:00:02.0213 4816 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:00:02.0213 4816 Rasl2tp - ok
16:00:02.0228 4816 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:00:02.0244 4816 RasMan - ok
16:00:02.0244 4816 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:00:02.0244 4816 RasPppoe - ok
16:00:02.0275 4816 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:00:02.0275 4816 RasSstp - ok
16:00:02.0275 4816 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:00:02.0291 4816 rdbss - ok
16:00:02.0306 4816 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:00:02.0306 4816 rdpbus - ok
16:00:02.0306 4816 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:00:02.0306 4816 RDPCDD - ok
16:00:02.0322 4816 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:00:02.0337 4816 RDPDR - ok
16:00:02.0353 4816 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:00:02.0353 4816 RDPENCDD - ok
16:00:02.0369 4816 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:00:02.0369 4816 RDPREFMP - ok
16:00:02.0400 4816 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:00:02.0400 4816 RdpVideoMiniport - ok
16:00:02.0431 4816 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:00:02.0431 4816 RDPWD - ok
16:00:02.0493 4816 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:00:02.0493 4816 rdyboost - ok
16:00:02.0525 4816 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\Windows\system32\drivers\regi.sys
16:00:02.0525 4816 regi - ok
16:00:02.0540 4816 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:00:02.0556 4816 RemoteAccess - ok
16:00:02.0571 4816 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:00:02.0571 4816 RemoteRegistry - ok
16:00:02.0587 4816 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:00:02.0587 4816 RpcEptMapper - ok
16:00:02.0603 4816 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:00:02.0603 4816 RpcLocator - ok
16:00:02.0618 4816 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:00:02.0618 4816 RpcSs - ok
16:00:02.0649 4816 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:00:02.0649 4816 rspndr - ok
16:00:02.0665 4816 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:00:02.0665 4816 s3cap - ok
16:00:02.0696 4816 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:00:02.0696 4816 SamSs - ok
16:00:02.0727 4816 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:00:02.0727 4816 sbp2port - ok
16:00:02.0774 4816 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:00:02.0774 4816 SCardSvr - ok
16:00:02.0774 4816 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:00:02.0774 4816 scfilter - ok
16:00:02.0805 4816 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:00:02.0805 4816 Schedule - ok
16:00:02.0837 4816 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:00:02.0837 4816 SCPolicySvc - ok
16:00:02.0852 4816 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:00:02.0852 4816 SDRSVC - ok
16:00:02.0883 4816 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:00:02.0883 4816 secdrv - ok
16:00:02.0899 4816 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:00:02.0915 4816 seclogon - ok
16:00:02.0930 4816 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:00:02.0930 4816 SENS - ok
16:00:02.0930 4816 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:00:02.0930 4816 SensrSvc - ok
16:00:02.0961 4816 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:00:02.0961 4816 Serenum - ok
16:00:02.0977 4816 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:00:02.0977 4816 Serial - ok
16:00:03.0008 4816 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:00:03.0008 4816 sermouse - ok
16:00:03.0039 4816 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:00:03.0039 4816 SessionEnv - ok
16:00:03.0055 4816 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:00:03.0055 4816 sffdisk - ok
16:00:03.0071 4816 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:00:03.0071 4816 sffp_mmc - ok
16:00:03.0086 4816 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:00:03.0086 4816 sffp_sd - ok
16:00:03.0102 4816 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:00:03.0102 4816 sfloppy - ok
16:00:03.0133 4816 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:00:03.0133 4816 SharedAccess - ok
16:00:03.0149 4816 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:00:03.0164 4816 ShellHWDetection - ok
16:00:03.0180 4816 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:00:03.0180 4816 sisagp - ok
16:00:03.0211 4816 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:00:03.0211 4816 SiSRaid2 - ok
16:00:03.0258 4816 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:00:03.0258 4816 SiSRaid4 - ok
16:00:03.0336 4816 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:00:03.0336 4816 SkypeUpdate - ok
16:00:03.0414 4816 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:00:03.0414 4816 Smb - ok
16:00:03.0445 4816 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:00:03.0445 4816 SNMPTRAP - ok
16:00:03.0445 4816 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:00:03.0445 4816 spldr - ok
16:00:03.0476 4816 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:00:03.0492 4816 Spooler - ok
16:00:03.0539 4816 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:00:03.0570 4816 sppsvc - ok
16:00:03.0601 4816 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:00:03.0601 4816 sppuinotify - ok
16:00:03.0632 4816 [ F42EFEFB765235F24B24E1D2B6F99F46 ] sptd C:\Windows\System32\Drivers\sptd.sys
16:00:03.0632 4816 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: F42EFEFB765235F24B24E1D2B6F99F46
16:00:03.0632 4816 sptd ( LockedFile.Multi.Generic ) - warning
16:00:03.0632 4816 sptd - detected LockedFile.Multi.Generic (1)
16:00:03.0710 4816 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\Windows\System32\Drivers\NAV\1402010.016\SRTSP.SYS
16:00:03.0710 4816 SRTSP - ok
16:00:03.0726 4816 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\NAV\1402010.016\SRTSPX.SYS
16:00:03.0726 4816 SRTSPX - ok
16:00:03.0757 4816 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:00:03.0757 4816 srv - ok
16:00:03.0788 4816 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:00:03.0804 4816 srv2 - ok
16:00:03.0804 4816 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:00:03.0819 4816 srvnet - ok
16:00:03.0835 4816 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:00:03.0851 4816 SSDPSRV - ok
16:00:03.0866 4816 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:00:03.0866 4816 SstpSvc - ok
16:00:03.0882 4816 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:00:03.0882 4816 stexstor - ok
16:00:03.0929 4816 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:00:03.0929 4816 StiSvc - ok
16:00:03.0944 4816 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:00:03.0944 4816 storflt - ok
16:00:03.0960 4816 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
16:00:03.0960 4816 StorSvc - ok
16:00:03.0991 4816 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:00:03.0991 4816 storvsc - ok
16:00:04.0007 4816 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:00:04.0007 4816 swenum - ok
16:00:04.0022 4816 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:00:04.0022 4816 swprv - ok
16:00:04.0053 4816 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\Windows\system32\drivers\NAV\1402010.016\SYMDS.SYS
16:00:04.0069 4816 SymDS - ok
16:00:04.0100 4816 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\Windows\system32\drivers\NAV\1402010.016\SYMEFA.SYS
16:00:04.0100 4816 SymEFA - ok
16:00:04.0147 4816 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
16:00:04.0147 4816 SymEvent - ok
16:00:04.0163 4816 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\NAV\1402010.016\Ironx86.SYS
16:00:04.0178 4816 SymIRON - ok
16:00:04.0209 4816 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\Windows\System32\Drivers\NAV\1402010.016\SYMNETS.SYS
16:00:04.0209 4816 SymNetS - ok
16:00:04.0241 4816 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:00:04.0256 4816 SysMain - ok
16:00:04.0256 4816 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:00:04.0272 4816 TabletInputService - ok
16:00:04.0272 4816 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:00:04.0272 4816 TapiSrv - ok
16:00:04.0287 4816 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:00:04.0287 4816 TBS - ok
16:00:04.0319 4816 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:00:04.0319 4816 Tcpip - ok
16:00:04.0350 4816 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:00:04.0350 4816 TCPIP6 - ok
16:00:04.0381 4816 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:00:04.0381 4816 tcpipreg - ok
16:00:04.0412 4816 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:00:04.0412 4816 TDPIPE - ok
16:00:04.0428 4816 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:00:04.0428 4816 TDTCP - ok
16:00:04.0443 4816 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:00:04.0443 4816 tdx - ok
16:00:04.0506 4816 [ 3913BF962B51BD5D30018E470BA522B3 ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
16:00:04.0521 4816 TeamViewer5 - ok
16:00:04.0553 4816 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:00:04.0553 4816 TermDD - ok
16:00:04.0584 4816 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:00:04.0584 4816 TermService - ok
16:00:04.0599 4816 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:00:04.0599 4816 Themes - ok
16:00:04.0599 4816 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:00:04.0615 4816 THREADORDER - ok
16:00:04.0631 4816 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
16:00:04.0631 4816 TPM - ok
16:00:04.0662 4816 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:00:04.0662 4816 TrkWks - ok
16:00:04.0693 4816 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:00:04.0693 4816 TrustedInstaller - ok
16:00:04.0724 4816 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:00:04.0724 4816 tssecsrv - ok
16:00:04.0755 4816 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:00:04.0755 4816 TsUsbFlt - ok
16:00:04.0771 4816 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:00:04.0787 4816 TsUsbGD - ok
16:00:04.0802 4816 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:00:04.0802 4816 tunnel - ok
16:00:04.0818 4816 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:00:04.0818 4816 uagp35 - ok
16:00:04.0833 4816 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:00:04.0833 4816 udfs - ok
16:00:04.0865 4816 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:00:04.0865 4816 UI0Detect - ok
16:00:04.0880 4816 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:00:04.0880 4816 uliagpkx - ok
16:00:04.0911 4816 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:00:04.0911 4816 umbus - ok
16:00:04.0943 4816 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
16:00:04.0943 4816 UmPass - ok
16:00:04.0958 4816 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:00:04.0958 4816 UmRdpService - ok
16:00:05.0052 4816 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:00:05.0067 4816 UNS - ok
16:00:05.0099 4816 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:00:05.0099 4816 upnphost - ok
16:00:05.0114 4816 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:00:05.0114 4816 usbccgp - ok
16:00:05.0145 4816 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:00:05.0145 4816 usbcir - ok
16:00:05.0161 4816 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:00:05.0177 4816 usbehci - ok
16:00:05.0208 4816 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\drivers\usbhub.sys
16:00:05.0208 4816 usbhub - ok
16:00:05.0223 4816 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:00:05.0223 4816 usbohci - ok
16:00:05.0239 4816 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:00:05.0239 4816 usbprint - ok
16:00:05.0270 4816 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:00:05.0270 4816 usbscan - ok
16:00:05.0301 4816 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:00:05.0301 4816 USBSTOR - ok
16:00:05.0301 4816 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:00:05.0301 4816 usbuhci - ok
16:00:05.0348 4816 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:00:05.0348 4816 UxSms - ok
16:00:05.0364 4816 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:00:05.0364 4816 VaultSvc - ok
16:00:05.0395 4816 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:00:05.0395 4816 vdrvroot - ok
16:00:05.0395 4816 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:00:05.0411 4816 vds - ok
16:00:05.0426 4816 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:00:05.0426 4816 vga - ok
16:00:05.0442 4816 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:00:05.0442 4816 VgaSave - ok
16:00:05.0457 4816 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:00:05.0457 4816 vhdmp - ok
16:00:05.0489 4816 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:00:05.0489 4816 viaagp - ok
16:00:05.0520 4816 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:00:05.0520 4816 ViaC7 - ok
16:00:05.0520 4816 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:00:05.0520 4816 viaide - ok
16:00:05.0535 4816 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:00:05.0551 4816 vmbus - ok
16:00:05.0551 4816 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:00:05.0551 4816 VMBusHID - ok
16:00:05.0582 4816 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:00:05.0582 4816 volmgr - ok
16:00:05.0598 4816 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:00:05.0598 4816 volmgrx - ok
16:00:05.0629 4816 [ C37AEE5966EB5929E2051AC7409B5730 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:00:05.0629 4816 volsnap - ok
16:00:05.0645 4816 [ 33E74DF34753FCAAB06F6F2BDC8CABF5 ] vpcbus C:\Windows\system32\drivers\vpchbus.sys
16:00:05.0645 4816 vpcbus - ok
16:00:05.0676 4816 [ 5F04362CEB5FB5901037E9D9EADD3760 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
16:00:05.0676 4816 vpcnfltr - ok
16:00:05.0691 4816 [ 625088D6EE9EDE977FD03CF18D1CD5C5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
16:00:05.0691 4816 vpcusb - ok
16:00:05.0707 4816 [ B21E23C100D6D5162B95CF6F05B4E035 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
16:00:05.0723 4816 vpcvmm - ok
16:00:05.0754 4816 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:00:05.0754 4816 vsmraid - ok
16:00:05.0785 4816 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:00:05.0801 4816 VSS - ok
16:00:05.0894 4816 [ 87C57CBE385E00726A2113614F6C6BD2 ] vToolbarUpdater14.1.7 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
16:00:05.0910 4816 vToolbarUpdater14.1.7 - ok
16:00:05.0925 4816 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:00:05.0925 4816 vwifibus - ok
16:00:05.0957 4816 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:00:05.0972 4816 W32Time - ok
16:00:05.0988 4816 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:00:05.0988 4816 WacomPen - ok
16:00:06.0003 4816 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:00:06.0003 4816 WANARP - ok
16:00:06.0003 4816 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:00:06.0003 4816 Wanarpv6 - ok
16:00:06.0066 4816 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:00:06.0081 4816 WatAdminSvc - ok
16:00:06.0113 4816 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:00:06.0128 4816 wbengine - ok
16:00:06.0144 4816 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:00:06.0144 4816 WbioSrvc - ok
16:00:06.0159 4816 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:00:06.0159 4816 wcncsvc - ok
16:00:06.0175 4816 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:00:06.0175 4816 WcsPlugInService - ok
16:00:06.0191 4816 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
16:00:06.0191 4816 Wd - ok
16:00:06.0222 4816 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:00:06.0237 4816 Wdf01000 - ok
16:00:06.0253 4816 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:00:06.0253 4816 WdiServiceHost - ok
16:00:06.0269 4816 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:00:06.0269 4816 WdiSystemHost - ok
16:00:06.0284 4816 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:00:06.0284 4816 WebClient - ok
16:00:06.0300 4816 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:00:06.0300 4816 Wecsvc - ok
16:00:06.0315 4816 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:00:06.0315 4816 wercplsupport - ok
16:00:06.0331 4816 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:00:06.0331 4816 WerSvc - ok
16:00:06.0362 4816 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:00:06.0362 4816 WfpLwf - ok
16:00:06.0362 4816 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:00:06.0378 4816 WIMMount - ok
16:00:06.0409 4816 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:00:06.0425 4816 WinDefend - ok
16:00:06.0440 4816 WinHttpAutoProxySvc - ok
16:00:06.0487 4816 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:00:06.0487 4816 Winmgmt - ok
16:00:06.0534 4816 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:00:06.0549 4816 WinRM - ok
16:00:06.0581 4816 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:00:06.0581 4816 WinUsb - ok
16:00:06.0612 4816 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:00:06.0612 4816 Wlansvc - ok
16:00:06.0643 4816 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:00:06.0643 4816 WmiAcpi - ok
16:00:06.0659 4816 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:00:06.0659 4816 wmiApSrv - ok
16:00:06.0721 4816 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:00:06.0737 4816 WMPNetworkSvc - ok
16:00:06.0768 4816 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:00:06.0768 4816 WPCSvc - ok
16:00:06.0783 4816 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:00:06.0783 4816 WPDBusEnum - ok
16:00:06.0815 4816 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:00:06.0815 4816 ws2ifsl - ok
16:00:06.0815 4816 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:00:06.0815 4816 wscsvc - ok
16:00:06.0830 4816 WSearch - ok
16:00:06.0893 4816 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:00:06.0908 4816 wuauserv - ok
16:00:06.0924 4816 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:00:06.0924 4816 WudfPf - ok
16:00:06.0955 4816 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:00:06.0955 4816 WUDFRd - ok
16:00:06.0971 4816 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:00:06.0971 4816 wudfsvc - ok
16:00:06.0986 4816 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:00:07.0002 4816 WwanSvc - ok
16:00:07.0002 4816 ================ Scan global ===============================
16:00:07.0017 4816 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:00:07.0049 4816 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:00:07.0064 4816 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:00:07.0080 4816 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:00:07.0095 4816 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:00:07.0095 4816 [Global] - ok
16:00:07.0095 4816 ================ Scan MBR ==================================
16:00:07.0111 4816 [ 97D6290A850A0EAE136460E263650E7C ] \Device\Harddisk0\DR0
16:00:07.0345 4816 \Device\Harddisk0\DR0 - ok
16:00:07.0345 4816 ================ Scan VBR ==================================
16:00:07.0361 4816 [ 31B6DA26F8CCBEA522044DB264C9C60A ] \Device\Harddisk0\DR0\Partition1
16:00:07.0361 4816 \Device\Harddisk0\DR0\Partition1 - ok
16:00:07.0376 4816 [ FA72D8E5AEC3E25F971078E99E17C81B ] \Device\Harddisk0\DR0\Partition2
16:00:07.0376 4816 \Device\Harddisk0\DR0\Partition2 - ok
16:00:07.0392 4816 [ FD848EC099F7F5EF50644939023C4C3C ] \Device\Harddisk0\DR0\Partition3
16:00:07.0392 4816 \Device\Harddisk0\DR0\Partition3 - ok
16:00:07.0423 4816 [ FF572612ADB79A2EC80BB4A2666249D6 ] \Device\Harddisk0\DR0\Partition4
16:00:07.0423 4816 \Device\Harddisk0\DR0\Partition4 - ok
16:00:07.0423 4816 ============================================================
16:00:07.0423 4816 Scan finished
16:00:07.0423 4816 ============================================================
16:00:07.0439 3692 Detected object count: 1
16:00:07.0439 3692 Actual detected object count: 1
16:00:35.0694 3692 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:00:35.0694 3692 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

markusg · 15.02.2013, 16:08

Hi,
Frage:
ist dir denn irgendwas mit dem PC aufgefallen, ich hab zwar schon Kleinigkeiten gesehen, aber es ist immer günstig zu wissen, was der Nutzer selbst bemerkt hatt.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

jutta76 · 15.02.2013, 16:13

Nein eigentlich ist uns nichts aufgefallen, nur die Canon Camera wird nicht mehr erkannt seit einer Weile. Sonst keine Probleme.

Hab den norton für 15 min ausgeschaltet, dennoch schreibt das Programm mir, daß es eingeschaltet ist.

markusg · 15.02.2013, 16:26

dann einfach auf ok klicken.
hattest versucht, die software für die cam zu reinstalieren?

jutta76 · 15.02.2013, 16:29

Ja, hab ich gemacht, erst mit der mitgelieferten CD und dann noch den Treiber upgedatet, erkennt das Laufwerk nicht.

markusg · 15.02.2013, 16:32

is das ne usb cam? evtl. mal anderen anschluss nemen, hörst du denn dieses typische USB Geräusch wenn du sie anschließt?

BKA Trojaner - Datensicherung - Bereinigung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner - Datensicherung - Bereinigung