Onlinebanking wird umgeleitet

Grave1 · 09.06.2013, 16:29

Hi,

vor drei Wochen ist mir aufgefallen, dass mein Onlinebanking nicht mehr funktioniert. Die Internet Seite braucht sehr lange zum laden. Wenn sie einmal da ist, sieht sie genauso aus, wie die Originale.
Beim ersten mal ist mir das mit der langen Wartezeit nicht augefallen. Habe meine Benutzerkennung und Passwort eingegebn. Danach kam ein Hinweis in Richtung Wartungsarbeiten und man sollte einen Testzugang nutzen. Ungefähr Zeitgleich bekamm ich eine SMS mit einer TAN für eine Auslandsüberweisung über ca. 6.000€.
Habe dann sofort per Smartphone, Kennung und Passwort geändert und habe zur Sicherheit mein Online Banking sperren lassen.
Dann hab ich mir Malwarebytes Anti-Malware heruntergeladen. Beim Besuch meiner Online Banking Seite popt ein Fenster auf, dass der Zugang zu einer potentiel gefährlichen Webseite gestoppt wurde (Hänge ein Bild bei).

OTL.txt

Code:

ATTFilter

OTL logfile created on: 09.06.2013 13:27:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Grave\Desktop\Trojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,07% Memory free
5,99 Gb Paging File | 4,95 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 157,58 Gb Total Space | 8,72 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive D: | 130,37 Gb Total Space | 21,20 Gb Free Space | 16,26% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,37% Space Free | Partition Type: NTFS
 
Computer Name: GRAVE-PC | User Name: Grave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.09 13:02:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grave\Desktop\Trojaner\OTL.exe
PRC - [2013.05.15 17:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.30 20:19:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.12 05:56:08 | 000,175,624 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.04.13 15:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.18 13:09:22 | 000,330,696 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2010.01.22 13:30:46 | 000,098,304 | ---- | M] (3M Touch Systems, Inc.) -- C:\Programme\MicroTouch\MT 7\TwMonitor.exe
PRC - [2009.11.18 09:45:34 | 000,196,096 | ---- | M] (3M Touch Systems, Inc.) -- C:\Programme\MicroTouch\MT 7\TwService.exe
PRC - [2009.11.12 09:58:10 | 000,044,544 | ---- | M] (3M Touch Systems, Inc.) -- C:\Programme\MicroTouch\MT 7\TwRegSvc.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.03.16 19:59:22 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.03.16 19:59:20 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe
PRC - [2009.03.16 19:59:18 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe
PRC - [2009.03.10 12:24:04 | 000,233,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2009.02.01 00:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2009.01.31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.11.24 13:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.05.31 16:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.12 05:56:18 | 000,095,240 | ---- | M] () -- C:\Programme\Nitro PDF\Professional 7\NPShellExtension.dll
MOD - [2011.11.11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.11.11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.11.11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.11.11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.11.11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.18 21:14:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 19:32:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.12 05:56:08 | 000,175,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Professional 7\NitroPDFDriverService2.exe -- (NitroDriverReadSpool2)
SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.09.22 20:24:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.21 19:55:39 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.18 13:09:22 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.11.18 09:45:34 | 000,196,096 | ---- | M] (3M Touch Systems, Inc.) [Auto | Running] -- C:\PROGRAM FILES\MICROTOUCH\MT 7\TwService.exe -- (TwDrvService)
SRV - [2009.11.12 09:58:10 | 000,044,544 | ---- | M] (3M Touch Systems, Inc.) [Auto | Running] -- C:\PROGRAM FILES\MICROTOUCH\MT 7\TwRegSvc.exe -- (TwRegSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.16 19:59:20 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe -- (STacSV)
SRV - [2009.03.16 19:59:18 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe -- (AESTFilters)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.05.28 21:31:03 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.28 21:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.03.18 14:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011.03.18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.11 12:16:44 | 000,019,456 | ---- | M] (3M) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TwBus.sys -- (TwBus)
DRV - [2009.11.06 18:01:18 | 000,079,872 | ---- | M] (3M) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TwTouch.sys -- (TwTouch)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009.03.25 01:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.03.16 19:59:22 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.03.09 01:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009.03.06 15:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 34 B0 B1 30 55 CE 01  [binary data]
IE - HKCU\..\URLSearchHook: {c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7Bb8cbd8e0-e642-11dd-ba2f-0800200c9a66%7D:2.1
FF - prefs.js..extensions.enabledAddons: bytubed%40cs213.cse.iitk.ac.in:1.1.1
FF - prefs.js..extensions.enabledAddons: %7B5C655500-E712-41e7-9349-CE462F844B19%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 21:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.18 21:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.28 19:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 21:32:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.18 21:14:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.28 19:04:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.07.17 20:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grave\AppData\Roaming\mozilla\Extensions
[2013.02.11 14:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grave\AppData\Roaming\mozilla\Firefox\Profiles\kio8ohcg.default\extensions
[2012.02.23 15:42:50 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Grave\AppData\Roaming\mozilla\Firefox\Profiles\kio8ohcg.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2013.02.11 14:00:11 | 000,000,000 | ---D | M] (MiniclipDE Community Toolbar) -- C:\Users\Grave\AppData\Roaming\mozilla\Firefox\Profiles\kio8ohcg.default\extensions\{c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6}
[2012.09.26 20:07:14 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Grave\AppData\Roaming\mozilla\Firefox\Profiles\kio8ohcg.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2013.01.28 11:56:05 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\Grave\AppData\Roaming\mozilla\firefox\profiles\kio8ohcg.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2012.12.16 12:51:45 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Grave\AppData\Roaming\mozilla\firefox\profiles\kio8ohcg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.18 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.18 21:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.05.18 21:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.18 21:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.05.18 21:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.05.18 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.18 21:14:44 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Lavasoft NewTab = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.8_0\
CHR - Extension: Ad-Aware Security Add-on = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\phegaokedjdajgnfphbnpkcfdgjbidko\1.0.0.6_0\
CHR - Extension: Google Mail = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MiniclipDE Toolbar) - {c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MiniclipDE Toolbar) - {c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MiniclipDE Toolbar) - {C72C2224-72E9-4BD9-B7E0-F5F0AE7258C6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Paceod] C:\Users\Grave\AppData\Roaming\Lonup\yhfyw.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Grave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BC89451-0F68-4406-89F1-52DF088939DB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E4E3BAD-8DCC-4E89-9C7A-378C3FBF112D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.21 19:33:59 | 000,000,000 | ---D | M] - C:\AutoCAD_Architecture_2011_German_Win_32bit -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aa3d7a8e-da41-11e0-9f95-002219db5c6d}\Shell - "" = AutoRun
O33 - MountPoints2\{aa3d7a8e-da41-11e0-9f95-002219db5c6d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 13:02:28 | 000,000,000 | ---D | C] -- C:\Users\Grave\Desktop\Trojaner
[2013.05.28 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Malwarebytes
[2013.05.28 21:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.28 21:39:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.28 21:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.28 21:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.28 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Local\Programs
[2013.05.28 21:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.05.28 21:37:06 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\LavasoftStatistics
[2013.05.28 21:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.05.28 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.05.28 21:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.05.28 21:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.05.28 21:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.05.28 21:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013.05.28 21:32:21 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Local\adawarebp
[2013.05.28 21:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.05.28 21:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013.05.28 21:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013.05.28 21:31:04 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.05.28 21:31:04 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.05.28 21:31:01 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Ad-Aware Antivirus
[2013.05.28 19:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.18 21:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.11 19:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.11 00:59:01 | 000,022,016 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\borlndmm.dll
[2013.05.11 00:59:00 | 001,497,088 | ---- | C] (Borland Corporation) -- C:\Windows\System32\Cc3260mt.dll
[2013.05.11 00:59:00 | 001,326,080 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\Vcl60.bpl
[2013.05.11 00:59:00 | 000,685,056 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\Rtl60.bpl
[2013.05.11 00:59:00 | 000,000,000 | ---D | C] -- C:\WinPC-NC_Economy_Demo
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Peryeg
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Ovsiu
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Lonup
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 13:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 13:24:57 | 000,000,000 | ---- | M] () -- C:\Users\Grave\defogger_reenable
[2013.06.09 12:56:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.09 12:47:32 | 000,002,064 | ---- | M] () -- C:\Users\Grave\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.06.09 12:47:32 | 000,001,993 | ---- | M] () -- C:\Users\Grave\Desktop\Avira DE-Cleaner.lnk
[2013.06.09 10:21:29 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 10:21:29 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 10:14:34 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.06.09 10:13:39 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.09 10:13:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 10:12:08 | 2411,872,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 21:39:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.28 21:31:03 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.05.28 21:31:03 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.05.22 20:12:56 | 000,000,600 | ---- | M] () -- C:\Users\Grave\PUTTY.RND
[2013.05.16 18:20:29 | 000,417,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 08:24:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 08:24:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 08:24:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 08:24:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.09 13:24:57 | 000,000,000 | ---- | C] () -- C:\Users\Grave\defogger_reenable
[2013.06.09 12:47:32 | 000,002,064 | ---- | C] () -- C:\Users\Grave\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.06.09 12:47:32 | 000,001,993 | ---- | C] () -- C:\Users\Grave\Desktop\Avira DE-Cleaner.lnk
[2013.05.28 21:39:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.28 21:32:49 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.05.11 00:59:01 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2013.04.14 20:40:30 | 000,063,637 | ---- | C] () -- C:\Users\Grave\AppData\Local\recently-used.xbel
[2013.02.22 18:14:51 | 000,000,108 | ---- | C] () -- C:\Users\Grave\.iccbutton_history
[2012.06.21 21:54:53 | 000,003,584 | ---- | C] () -- C:\Users\Grave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.21 21:53:51 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe
[2012.04.08 13:59:15 | 000,000,710 | ---- | C] () -- C:\Users\Grave\AppData\Roaming\enigmarc.lua2
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.11.04 23:30:51 | 000,000,600 | ---- | C] () -- C:\Users\Grave\AppData\Roaming\winscp.rnd
[2011.11.04 23:30:14 | 000,000,600 | ---- | C] () -- C:\Users\Grave\PUTTY.RND
[2011.09.19 19:19:38 | 000,040,960 | ---- | C] () -- C:\ProgramData\UninstallFrilo.Exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.18 18:49:20 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011.07.17 19:17:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.28 21:38:27 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Ad-Aware Antivirus
[2011.08.20 18:12:38 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Autodesk
[2012.02.23 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\CadSoft
[2012.06.14 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Canneverbe Limited
[2012.04.22 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Downloaded Installations
[2013.02.16 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Dropbox
[2011.11.22 20:07:35 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\DVDVideoSoft
[2011.11.22 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.29 19:57:57 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\EAC
[2012.09.29 21:39:43 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\FreeFLVConverter
[2012.09.30 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\frilo
[2012.12.30 12:34:37 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\JAM Software
[2012.03.04 19:40:59 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Leadertech
[2013.05.10 23:52:58 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Lonup
[2013.05.28 19:05:29 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Nitro PDF
[2013.05.10 23:52:58 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Ovsiu
[2012.02.22 16:35:43 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\PDF Writer
[2013.06.09 12:33:16 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Peryeg
[2011.09.18 16:04:32 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Playrix Entertainment
[2012.04.08 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\ProtectDISC
[2012.02.22 23:02:09 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Synthesia
[2013.02.07 11:42:44 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\TeamViewer
[2011.07.18 17:31:38 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Thunderbird
[2013.01.02 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\VDR Media Client
[2013.05.05 11:33:31 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Zitat:

OTL Extras logfile created on: 09.06.2013 13:27:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Grave\Desktop\Trojaner
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,07% Memory free
5,99 Gb Paging File | 4,95 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 157,58 Gb Total Space | 8,72 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive D: | 130,37 Gb Total Space | 21,20 Gb Free Space | 16,26% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,37% Space Free | Partition Type: NTFS

Computer Name: GRAVE-PC | User Name: Grave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02652793-A24F-476D-B7A3-48F98E3CAD6A}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F9C25A2-05C6-489F-8747-C8BF512480C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{121920D0-9F60-4A25-8541-21C2E886722B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CD03A83-5025-4B98-8C23-ABA0224F5770}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3EE58409-ED99-4039-BB49-868213D36D89}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{42459486-2C74-436E-936F-586B35294EC2}" = lport=445 | protocol=6 | dir=in | app=system |
"{65955F7E-6C44-4B8A-B6EE-BF8AEF620A5B}" = lport=139 | protocol=6 | dir=in | app=system |
"{75D7FF31-4D79-4122-8059-B70D99D672AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{7AEA0742-E293-4D36-81D3-118C767BF926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CBEB33A-C2CF-41D4-99EF-9C91D6116C02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8CCFB000-938D-4CF9-9101-CF8E10ECF86B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{9DA582B4-DB7C-4332-805C-76F3D6B5906E}" = lport=137 | protocol=17 | dir=in | app=system |
"{A635E838-D02B-4E16-A94A-1BC8CF622406}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB5A9195-F570-488D-A94C-A8CDE5B8706A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2246BCA-ABFB-4EEF-9F02-39D291DD6D59}" = rport=445 | protocol=6 | dir=out | app=system |
"{F42BA01D-F73D-4493-A8E3-D746B4DFF334}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0657292D-77E2-430E-8AD2-6981B4AD18D1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{09736655-7C41-466B-87C5-BF9408F364BC}" = protocol=17 | dir=in | app=c:\users\grave\appdata\roaming\dropbox\bin\dropbox.exe |
"{0AF6057E-1CFD-4E6A-B181-DA517A93D7A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C6EC13A-CF3C-4BD7-9805-093D0F3EF6EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DACA17B-3FC5-49C1-9D28-DB805919FDB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{210307D5-119A-4BEB-82E5-3DD5BB7468FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3290DF78-088A-4DF0-A118-621EEAB77237}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{469FADC2-CC01-425C-A886-BB3F5307042E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BF1A2B1-7D3E-48E4-BB4C-BB1FF2D07AEE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5D775B92-0210-4D3E-975F-BE192FBA0D2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7687A571-118A-44D0-AFCB-6B62118E1DAE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8BACD856-1E44-4907-BBC3-BE23F9996287}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8DD3D369-E413-42FF-A754-8374F591FFEC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C63CCB60-2827-4A1D-94F0-3457EEA36764}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ED601952-C745-4FD0-A158-50F3EC2E9EA9}" = protocol=6 | dir=in | app=c:\users\grave\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1D3C78A0-3C2A-4709-ACBF-57E2A2C53262}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{6DB981EC-EE0E-44A2-A33D-28EF6A99B362}C:\users\grave\desktop\jperf-2.0.0\bin\iperf.exe" = protocol=6 | dir=in | app=c:\users\grave\desktop\jperf-2.0.0\bin\iperf.exe |
"TCP Query User{98C2AE03-BDF3-4DAB-A97B-68F986F47D24}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{DBFD0150-FEF6-4D57-9965-DE0C4A5806E4}D:\winlirc-0.6.4\winlirc.exe" = protocol=6 | dir=in | app=d:\winlirc-0.6.4\winlirc.exe |
"UDP Query User{484C20C4-1778-49A1-B2E2-B54890FBDD58}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{82CAD3BF-1987-46C2-88F0-1A5540D101F0}C:\users\grave\desktop\jperf-2.0.0\bin\iperf.exe" = protocol=17 | dir=in | app=c:\users\grave\desktop\jperf-2.0.0\bin\iperf.exe |
"UDP Query User{B678CCC5-417C-4617-BE2A-807150D461B5}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{D2FC8355-1240-4430-B765-7A2A1B8BDCD6}D:\winlirc-0.6.4\winlirc.exe" = protocol=17 | dir=in | app=d:\winlirc-0.6.4\winlirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D97815-0A14-4BB8-AF3D-3FAF4B8064BB}" = Diplomarbeit - Spannungen E-E
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2B7E7FBD-7E85-A386-AFB5-506DF0A1184B}" = VDR-Remote
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5783F2D7-9004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2011 - Deutsch
"{5783F2D7-9004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2011 Language Pack - Deutsch
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7A87BB-BB10-4991-A89C-E38660A76B05}" = Frilo Installation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE61E024-462A-4E06-A886-660F09C12E28}" = Nitro Pro 7
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFB6614F-6E61-4831-BF71-51633A718B18}" = Nitro Reader 2
"7-Zip" = 7-Zip 9.20
"94a888f0cc14f46f31dbe64760d265e3" = Gardenscapes(TM)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.12.2
"AutoCAD Architecture 2011 - Deutsch" = AutoCAD Architecture 2011 - Deutsch
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"d72520cb767454006c3f77a01e6254fa" = MT 7.13 for Windows
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EAGLE 6.1.0" = EAGLE 6.1.0
"Emergency 3 Demo" = Emergency 3 Demo 1.0
"Emil und Pauline Auf dem Land" = Emil und Pauline Auf dem Land (remove only)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FLAC" = FLAC 1.2.1b (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free Video Converter" = Free Video Converter
"Free YouTube Download_is1" = Free YouTube Download version 3.0.17.1117
"Frilo" = Frilo
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HaaliMkx" = Haali Media Splitter
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"MiniclipDE Toolbar" = MiniclipDE Toolbar
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"OpenAL" = OpenAL
"PROHYBRIDR" = 2007 Microsoft Office system
"Submachine 2_is1" = Submachine 2
"Submachine 5_is1" = Submachine 5
"Synthesia" = Synthesia (remove only)
"TreeSize Free_is1" = TreeSize Free V2.7
"VDR-Remote.C62BE035A77B1829E7DE268E4769758C636745B1.1" = VDR-Remote
"Verbindungsassistent" = Verbindungsassistent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
"WinAce Archiver" = WinAce Archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CW-part" = CW-part
"Dropbox" = Dropbox
"Limbo" = LIMBO

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.02.2013 10:18:38 | Computer Name = Grave-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794,
Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794,
Zeitstempel: 0x511ed0fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00155858 ID des fehlerhaften
Prozesses: 0xc24 Startzeit der fehlerhaften Anwendung: 0x01ce103e2e4e3b26 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 955546f2-7c31-11e2-9845-002219db5c6d

Error - 14.03.2013 15:44:31 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1194 Startzeit:
01ce20e792d85771 Endzeit: 32 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
911c2dc7-8cdf-11e2-84ce-002219db5c6d

Error - 10.04.2013 14:14:10 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm acad.exe, Version 24.1.49.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ba8 Startzeit:
01ce36167c1543e5 Endzeit: 78 Anwendungspfad: C:\Program Files\Autodesk\AutoCAD Architecture
2011\acad.exe Berichts-ID: 5e436077-a20a-11e2-8aaf-002219db5c6d

Error - 10.04.2013 14:15:39 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm acad.exe, Version 24.1.49.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1084 Startzeit:
01ce361737044cab Endzeit: 62 Anwendungspfad: C:\Program Files\Autodesk\AutoCAD Architecture
2011\acad.exe Berichts-ID: a42b09c3-a20a-11e2-8aaf-002219db5c6d

Error - 14.04.2013 04:07:03 | Computer Name = Grave-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gimp-2.8.exe, Version: 2.8.2.0, Zeitstempel:
0x50369de8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00029a4a ID des fehlerhaften Prozesses:
0xce8 Startzeit der fehlerhaften Anwendung: 0x01ce38e4cf30e6f5 Pfad der fehlerhaften
Anwendung: C:\Program Files\GIMP 2\bin\gimp-2.8.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 49cb6b69-a4da-11e2-a2c6-002219db5c6d

Error - 01.05.2013 12:49:44 | Computer Name = Grave-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6668.5000,
Zeitstempel: 0x5083137f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003224d ID des fehlerhaften
Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0x01ce468bd1c8c43b Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 1f8b5bb5-b27f-11e2-a1d3-002219db5c6d

Error - 05.05.2013 05:56:18 | Computer Name = Grave-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Verbindungsassistent.exe, Version:
1.0.0.1, Zeitstempel: 0x4ced219f Name des fehlerhaften Moduls: Verbindungsassistent.exe,
Version: 1.0.0.1, Zeitstempel: 0x4ced219f Ausnahmecode: 0xc00000fd Fehleroffset:
0x000b3007 ID des fehlerhaften Prozesses: 0x1788 Startzeit der fehlerhaften Anwendung:
0x01ce49768132951e Pfad der fehlerhaften Anwendung: C:\Program Files\Verbindungsassistent\Verbindungsassistent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Verbindungsassistent\Verbindungsassistent.exe
Berichtskennung:
079ccaa0-b56a-11e2-a1ac-002219db5c6d

Error - 09.05.2013 15:17:44 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm WinSCP.exe, Version 4.1.8.415 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17bc Startzeit:
01ce4ce56bdd4d82 Endzeit: 31 Anwendungspfad: D:\Linvdr\WinSCP\WinSCP.exe Berichts-ID:
1dfe6251-b8dd-11e2-8acb-002219db5c6d

Error - 11.05.2013 02:22:30 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm SndVol.exe, Version 6.1.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ca4 Startzeit: 01ce4e0fb4139529 Endzeit: 7 Anwendungspfad: C:\Windows\system32\SndVol.exe

Berichts-ID:
1f4fe8ac-ba03-11e2-a62b-002219db5c6d

Error - 11.05.2013 02:30:27 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 20.0.1.4847 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10c0 Startzeit:
01ce4e10f2ee69ce Endzeit: 9 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
4244e99f-ba04-11e2-a62b-002219db5c6d

[ OSession Events ]
Error - 01.05.2013 12:49:41 | Computer Name = Grave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27.05.2013 15:48:05 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 27.05.2013 17:06:04 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 28.05.2013 13:01:11 | Computer Name = Grave-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 28.05.2013 13:01:11 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 28.05.2013 16:35:55 | Computer Name = Grave-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 28.05.2013 16:35:55 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 28.05.2013 16:38:56 | Computer Name = Grave-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 28.05.2013 16:38:56 | Computer Name = Grave-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error - 09.06.2013 04:13:18 | Computer Name = Grave-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 09.06.2013 04:13:18 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

< End of report >

Melung von Malwarebytes

Code:

ATTFilter

2013/06/09 17:01:26 +0200	GRAVE-PC	Grave	IP-BLOCK	92.241.162.52 (Type: outgoing, Port: 49259, Process: firefox.exe)
2013/06/09 17:01:26 +0200	GRAVE-PC	Grave	IP-BLOCK	92.241.162.52 (Type: outgoing, Port: 49265, Process: firefox.exe)
2013/06/09 17:01:26 +0200	GRAVE-PC	Grave	IP-BLOCK	92.241.162.52 (Type: outgoing, Port: 49266, Process: firefox.exe)
2013/06/09 17:01:26 +0200	GRAVE-PC	Grave	IP-BLOCK	92.241.162.52 (Type: outgoing, Port: 49267, Process: firefox.exe)

Gmer.log ist zu gross, um sie zu posten. Deswegen hänge ich sie an.

Gruß Grave

markusg · 09.06.2013, 16:37

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [Paceod] C:\Users\Grave\AppData\Roaming\Lonup\yhfyw.exe (Sysinternals - www.sysinternals.com)
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Peryeg
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Ovsiu
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Lonup
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Grave1 · 09.06.2013, 17:04

Hi,

hab ich gemacht.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Paceod deleted successfully.
C:\Users\Grave\AppData\Roaming\Lonup\yhfyw.exe moved successfully.
C:\Users\Grave\AppData\Roaming\Peryeg folder moved successfully.
C:\Users\Grave\AppData\Roaming\Ovsiu folder moved successfully.
C:\Users\Grave\AppData\Roaming\Lonup folder moved successfully.
C:\Windows\System32\SET5D60.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Grave
->Temp folder emptied: 1698562793 bytes
->Temporary Internet Files folder emptied: 302541165 bytes
->Java cache emptied: 9650585 bytes
->FireFox cache emptied: 424579763 bytes
->Google Chrome cache emptied: 14666781 bytes
->Flash cache emptied: 75027 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 202990471 bytes
RecycleBin emptied: 8074026142 bytes
 
Total Files Cleaned = 10.230,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06092013_175152

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Upload der gmer.log hat auch funktioniert.

markusg · 09.06.2013, 17:08

hochladen solltest du moved files, nicht gmer.log

Grave1 · 09.06.2013, 17:11

Hab ich.

markusg · 09.06.2013, 17:12

thx.
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für onlinebanking , verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Ich würde ihn, wenn es meiner währe, einmal neu aufsetzen und dann absichern, Anleitungen erhältst du, egal wofür du dich entscheidest

Grave1 · 09.06.2013, 17:14

Eigentlich würde ich es lieber mit einer Bereinigung probieren.

markusg · 09.06.2013, 17:16

ok, dir muss aber bewusst sein, dass, wenn wir etwas übersehen, jemand dein Konto plündern kann, währe mir zu risikoreich, ist aber dein Geld.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Grave1 · 09.06.2013, 17:26

Hab zwei logs.

Code:

ATTFilter

18:20:58.0682 4140  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:20:58.0843 4140  ============================================================
18:20:58.0843 4140  Current date / time: 2013/06/09 18:20:58.0843
18:20:58.0843 4140  SystemInfo:
18:20:58.0843 4140  
18:20:58.0844 4140  OS Version: 6.1.7601 ServicePack: 1.0
18:20:58.0844 4140  Product type: Workstation
18:20:58.0844 4140  ComputerName: GRAVE-PC
18:20:58.0844 4140  UserName: Grave
18:20:58.0844 4140  Windows directory: C:\Windows
18:20:58.0844 4140  System windows directory: C:\Windows
18:20:58.0844 4140  Processor architecture: Intel x86
18:20:58.0844 4140  Number of processors: 2
18:20:58.0844 4140  Page size: 0x1000
18:20:58.0844 4140  Boot type: Normal boot
18:20:58.0844 4140  ============================================================
18:21:00.0418 4140  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:21:00.0420 4140  ============================================================
18:21:00.0420 4140  \Device\Harddisk0\DR0:
18:21:00.0421 4140  MBR partitions:
18:21:00.0421 4140  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000
18:21:00.0421 4140  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x13B287F8
18:21:00.0457 4140  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14F70000, BlocksNum 0x104BE000
18:21:00.0457 4140  ============================================================
18:21:00.0511 4140  C: <-> \Device\Harddisk0\DR0\Partition2
18:21:00.0809 4140  D: <-> \Device\Harddisk0\DR0\Partition3
18:21:01.0014 4140  E: <-> \Device\Harddisk0\DR0\Partition1
18:21:01.0014 4140  ============================================================
18:21:01.0014 4140  Initialize success
18:21:01.0014 4140  ============================================================
18:21:03.0213 4176  Deinitialize success

Code:

ATTFilter

18:21:07.0493 0720  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:21:07.0612 0720  ============================================================
18:21:07.0612 0720  Current date / time: 2013/06/09 18:21:07.0612
18:21:07.0612 0720  SystemInfo:
18:21:07.0612 0720  
18:21:07.0612 0720  OS Version: 6.1.7601 ServicePack: 1.0
18:21:07.0612 0720  Product type: Workstation
18:21:07.0612 0720  ComputerName: GRAVE-PC
18:21:07.0613 0720  UserName: Grave
18:21:07.0613 0720  Windows directory: C:\Windows
18:21:07.0613 0720  System windows directory: C:\Windows
18:21:07.0613 0720  Processor architecture: Intel x86
18:21:07.0613 0720  Number of processors: 2
18:21:07.0613 0720  Page size: 0x1000
18:21:07.0613 0720  Boot type: Normal boot
18:21:07.0613 0720  ============================================================
18:21:09.0205 0720  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:21:09.0207 0720  ============================================================
18:21:09.0207 0720  \Device\Harddisk0\DR0:
18:21:09.0207 0720  MBR partitions:
18:21:09.0207 0720  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000
18:21:09.0207 0720  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x13B287F8
18:21:09.0244 0720  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14F70000, BlocksNum 0x104BE000
18:21:09.0244 0720  ============================================================
18:21:09.0298 0720  C: <-> \Device\Harddisk0\DR0\Partition2
18:21:09.0357 0720  D: <-> \Device\Harddisk0\DR0\Partition3
18:21:09.0412 0720  E: <-> \Device\Harddisk0\DR0\Partition1
18:21:09.0413 0720  ============================================================
18:21:09.0413 0720  Initialize success
18:21:09.0413 0720  ============================================================
18:21:33.0680 5412  ============================================================
18:21:33.0680 5412  Scan started
18:21:33.0680 5412  Mode: Manual; SigCheck; TDLFS; 
18:21:33.0680 5412  ============================================================
18:21:34.0511 5412  ================ Scan system memory ========================
18:21:34.0511 5412  System memory - ok
18:21:34.0512 5412  ================ Scan services =============================
18:21:34.0670 5412  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:21:34.0810 5412  1394ohci - ok
18:21:34.0839 5412  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:21:34.0862 5412  ACPI - ok
18:21:34.0899 5412  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:21:34.0965 5412  AcpiPmi - ok
18:21:35.0086 5412  [ 9D90344179ED6A05959DE40FC934A022 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
18:21:35.0114 5412  Ad-Aware Service - ok
18:21:35.0215 5412  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:21:35.0231 5412  AdobeARMservice - ok
18:21:35.0356 5412  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:21:35.0377 5412  AdobeFlashPlayerUpdateSvc - ok
18:21:35.0502 5412  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:21:35.0531 5412  adp94xx - ok
18:21:35.0553 5412  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:21:35.0577 5412  adpahci - ok
18:21:35.0593 5412  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:21:35.0614 5412  adpu320 - ok
18:21:35.0649 5412  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:21:35.0740 5412  AeLookupSvc - ok
18:21:35.0845 5412  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe
18:21:35.0924 5412  AESTFilters - ok
18:21:35.0971 5412  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
18:21:36.0063 5412  AFD - ok
18:21:36.0107 5412  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
18:21:36.0125 5412  agp440 - ok
18:21:36.0160 5412  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
18:21:36.0191 5412  aic78xx - ok
18:21:36.0248 5412  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
18:21:36.0348 5412  ALG - ok
18:21:36.0375 5412  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:21:36.0391 5412  aliide - ok
18:21:36.0432 5412  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:21:36.0499 5412  AMD External Events Utility - ok
18:21:36.0528 5412  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:21:36.0546 5412  amdagp - ok
18:21:36.0551 5412  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:21:36.0567 5412  amdide - ok
18:21:36.0626 5412  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:21:36.0693 5412  AmdK8 - ok
18:21:36.0698 5412  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:21:36.0754 5412  AmdPPM - ok
18:21:36.0797 5412  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:21:36.0817 5412  amdsata - ok
18:21:36.0855 5412  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:21:36.0903 5412  amdsbs - ok
18:21:36.0922 5412  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:21:36.0938 5412  amdxata - ok
18:21:37.0027 5412  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:21:37.0045 5412  AntiVirSchedulerService - ok
18:21:37.0132 5412  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:21:37.0149 5412  AntiVirService - ok
18:21:37.0178 5412  [ D7723A101C5CB4C0FA979E4DDA732EC0 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
18:21:37.0206 5412  ApfiltrService - ok
18:21:37.0262 5412  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
18:21:37.0500 5412  AppID - ok
18:21:37.0559 5412  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:21:37.0624 5412  AppIDSvc - ok
18:21:37.0674 5412  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
18:21:37.0762 5412  Appinfo - ok
18:21:37.0801 5412  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:21:37.0821 5412  arc - ok
18:21:37.0837 5412  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:21:37.0857 5412  arcsas - ok
18:21:37.0895 5412  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:21:38.0043 5412  AsyncMac - ok
18:21:38.0068 5412  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
18:21:38.0080 5412  atapi - ok
18:21:38.0231 5412  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:21:38.0511 5412  atikmdag - ok
18:21:38.0580 5412  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:21:38.0648 5412  AudioEndpointBuilder - ok
18:21:38.0691 5412  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:21:38.0721 5412  Audiosrv - ok
18:21:38.0788 5412  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:21:38.0805 5412  avgntflt - ok
18:21:38.0887 5412  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:21:38.0905 5412  avipbb - ok
18:21:38.0922 5412  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:21:38.0937 5412  avkmgr - ok
18:21:38.0971 5412  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:21:39.0069 5412  AxInstSV - ok
18:21:39.0113 5412  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
18:21:39.0201 5412  b06bdrv - ok
18:21:39.0231 5412  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:21:39.0254 5412  b57nd60x - ok
18:21:39.0332 5412  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:21:39.0431 5412  BDESVC - ok
18:21:39.0473 5412  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:21:39.0528 5412  Beep - ok
18:21:39.0603 5412  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
18:21:39.0666 5412  BFE - ok
18:21:39.0714 5412  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
18:21:39.0784 5412  BITS - ok
18:21:39.0826 5412  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:21:39.0876 5412  blbdrive - ok
18:21:39.0930 5412  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:21:39.0963 5412  bowser - ok
18:21:39.0976 5412  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:21:40.0057 5412  BrFiltLo - ok
18:21:40.0072 5412  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:21:40.0112 5412  BrFiltUp - ok
18:21:40.0155 5412  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
18:21:40.0237 5412  Browser - ok
18:21:40.0274 5412  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:21:40.0338 5412  Brserid - ok
18:21:40.0354 5412  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:21:40.0392 5412  BrSerWdm - ok
18:21:40.0412 5412  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:21:40.0451 5412  BrUsbMdm - ok
18:21:40.0477 5412  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:21:40.0524 5412  BrUsbSer - ok
18:21:40.0529 5412  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:21:40.0557 5412  BTHMODEM - ok
18:21:40.0618 5412  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
18:21:40.0679 5412  bthserv - ok
18:21:40.0734 5412  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:21:40.0766 5412  cdfs - ok
18:21:40.0807 5412  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:21:40.0857 5412  cdrom - ok
18:21:40.0911 5412  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:21:40.0975 5412  CertPropSvc - ok
18:21:41.0025 5412  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:21:41.0045 5412  circlass - ok
18:21:41.0083 5412  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
18:21:41.0106 5412  CLFS - ok
18:21:41.0171 5412  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:21:41.0190 5412  clr_optimization_v2.0.50727_32 - ok
18:21:41.0262 5412  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:21:41.0295 5412  clr_optimization_v4.0.30319_32 - ok
18:21:41.0321 5412  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:21:41.0367 5412  CmBatt - ok
18:21:41.0457 5412  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:21:41.0474 5412  cmdide - ok
18:21:41.0521 5412  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:21:41.0555 5412  CNG - ok
18:21:41.0579 5412  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:21:41.0595 5412  Compbatt - ok
18:21:41.0619 5412  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:21:41.0671 5412  CompositeBus - ok
18:21:41.0700 5412  COMSysApp - ok
18:21:41.0715 5412  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:21:41.0732 5412  crcdisk - ok
18:21:41.0797 5412  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:21:41.0855 5412  CryptSvc - ok
18:21:41.0939 5412  [ A38F95E2A1A459E7F59D5713909C9111 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
18:21:41.0970 5412  dc3d - ok
18:21:42.0093 5412  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:21:42.0139 5412  DcomLaunch - ok
18:21:42.0185 5412  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:21:42.0253 5412  defragsvc - ok
18:21:42.0295 5412  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:21:42.0352 5412  DfsC - ok
18:21:42.0479 5412  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:21:42.0604 5412  Dhcp - ok
18:21:42.0780 5412  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
18:21:42.0860 5412  discache - ok
18:21:42.0920 5412  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:21:42.0938 5412  Disk - ok
18:21:42.0967 5412  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:21:42.0996 5412  Dnscache - ok
18:21:43.0023 5412  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:21:43.0077 5412  dot3svc - ok
18:21:43.0126 5412  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
18:21:43.0207 5412  DPS - ok
18:21:43.0251 5412  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:21:43.0285 5412  drmkaud - ok
18:21:43.0340 5412  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:21:43.0372 5412  DXGKrnl - ok
18:21:43.0402 5412  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
18:21:43.0466 5412  EapHost - ok
18:21:43.0581 5412  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
18:21:43.0743 5412  ebdrv - ok
18:21:43.0799 5412  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
18:21:43.0869 5412  EFS - ok
18:21:43.0961 5412  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:21:44.0043 5412  ehRecvr - ok
18:21:44.0063 5412  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
18:21:44.0131 5412  ehSched - ok
18:21:44.0192 5412  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
18:21:44.0207 5412  ElbyCDIO - ok
18:21:44.0263 5412  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:21:44.0292 5412  elxstor - ok
18:21:44.0331 5412  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:21:44.0363 5412  ErrDev - ok
18:21:44.0425 5412  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
18:21:44.0488 5412  EventSystem - ok
18:21:44.0539 5412  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
18:21:44.0587 5412  exfat - ok
18:21:44.0621 5412  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:21:44.0676 5412  fastfat - ok
18:21:44.0741 5412  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
18:21:44.0822 5412  Fax - ok
18:21:44.0852 5412  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:21:44.0885 5412  fdc - ok
18:21:44.0938 5412  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
18:21:44.0993 5412  fdPHost - ok
18:21:45.0024 5412  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
18:21:45.0078 5412  FDResPub - ok
18:21:45.0109 5412  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:21:45.0126 5412  FileInfo - ok
18:21:45.0138 5412  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:21:45.0169 5412  Filetrace - ok
18:21:45.0221 5412  [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:21:45.0305 5412  FLEXnet Licensing Service - ok
18:21:45.0343 5412  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:21:45.0385 5412  flpydisk - ok
18:21:45.0435 5412  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:21:45.0459 5412  FltMgr - ok
18:21:45.0527 5412  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
18:21:45.0616 5412  FontCache - ok
18:21:45.0684 5412  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:21:45.0700 5412  FontCache3.0.0.0 - ok
18:21:45.0731 5412  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:21:45.0749 5412  FsDepends - ok
18:21:45.0793 5412  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:21:45.0809 5412  Fs_Rec - ok
18:21:45.0849 5412  [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
18:21:45.0864 5412  FTDIBUS - ok
18:21:45.0914 5412  [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
18:21:45.0929 5412  FTSER2K - ok
18:21:45.0987 5412  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:21:46.0016 5412  fvevol - ok
18:21:46.0052 5412  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:21:46.0071 5412  gagp30kx - ok
18:21:46.0110 5412  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\Windows\system32\drivers\gfibto.sys
18:21:46.0124 5412  gfibto - ok
18:21:46.0160 5412  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:21:46.0228 5412  gpsvc - ok
18:21:46.0323 5412  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:21:46.0343 5412  gupdate - ok
18:21:46.0368 5412  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:21:46.0378 5412  gupdatem - ok
18:21:46.0411 5412  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:21:46.0434 5412  gusvc - ok
18:21:46.0464 5412  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:21:46.0519 5412  hcw85cir - ok
18:21:46.0569 5412  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:21:46.0629 5412  HdAudAddService - ok
18:21:46.0681 5412  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:21:46.0728 5412  HDAudBus - ok
18:21:46.0779 5412  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:21:46.0821 5412  HidBatt - ok
18:21:46.0849 5412  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:21:46.0893 5412  HidBth - ok
18:21:46.0936 5412  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:21:46.0956 5412  HidIr - ok
18:21:46.0990 5412  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
18:21:47.0062 5412  hidserv - ok
18:21:47.0120 5412  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:21:47.0156 5412  HidUsb - ok
18:21:47.0202 5412  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:21:47.0263 5412  hkmsvc - ok
18:21:47.0316 5412  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:21:47.0408 5412  HomeGroupListener - ok
18:21:47.0446 5412  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:21:47.0508 5412  HomeGroupProvider - ok
18:21:47.0587 5412  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:21:47.0606 5412  HpSAMD - ok
18:21:47.0668 5412  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:21:47.0714 5412  HTTP - ok
18:21:47.0729 5412  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:21:47.0744 5412  hwpolicy - ok
18:21:47.0774 5412  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:21:47.0794 5412  i8042prt - ok
18:21:47.0824 5412  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:21:47.0895 5412  iaStorV - ok
18:21:47.0978 5412  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:21:48.0047 5412  idsvc - ok
18:21:48.0086 5412  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:21:48.0104 5412  iirsp - ok
18:21:48.0145 5412  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:21:48.0214 5412  IKEEXT - ok
18:21:48.0236 5412  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:21:48.0252 5412  intelide - ok
18:21:48.0292 5412  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:21:48.0310 5412  intelppm - ok
18:21:48.0330 5412  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:21:48.0388 5412  IPBusEnum - ok
18:21:48.0410 5412  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:21:48.0459 5412  IpFilterDriver - ok
18:21:48.0562 5412  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:21:48.0634 5412  iphlpsvc - ok
18:21:48.0665 5412  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:21:48.0695 5412  IPMIDRV - ok
18:21:48.0734 5412  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:21:48.0785 5412  IPNAT - ok
18:21:48.0822 5412  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:21:48.0864 5412  IRENUM - ok
18:21:48.0887 5412  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:21:48.0905 5412  isapnp - ok
18:21:48.0954 5412  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:21:48.0979 5412  iScsiPrt - ok
18:21:49.0030 5412  [ C4C95805B85BCE1EB9D20F4A02FC5F9B ] k57nd60x        C:\Windows\system32\DRIVERS\k57nd60x.sys
18:21:49.0083 5412  k57nd60x - ok
18:21:49.0135 5412  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:21:49.0151 5412  kbdclass - ok
18:21:49.0207 5412  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:21:49.0225 5412  kbdhid - ok
18:21:49.0260 5412  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
18:21:49.0273 5412  KeyIso - ok
18:21:49.0294 5412  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:21:49.0312 5412  KSecDD - ok
18:21:49.0345 5412  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:21:49.0405 5412  KSecPkg - ok
18:21:49.0437 5412  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:21:49.0479 5412  KtmRm - ok
18:21:49.0511 5412  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:21:49.0579 5412  LanmanServer - ok
18:21:49.0617 5412  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:21:49.0680 5412  LanmanWorkstation - ok
18:21:49.0761 5412  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:21:49.0815 5412  lltdio - ok
18:21:49.0856 5412  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:21:49.0903 5412  lltdsvc - ok
18:21:49.0929 5412  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:21:49.0987 5412  lmhosts - ok
18:21:50.0033 5412  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:21:50.0052 5412  LSI_FC - ok
18:21:50.0090 5412  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:21:50.0110 5412  LSI_SAS - ok
18:21:50.0125 5412  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:21:50.0144 5412  LSI_SAS2 - ok
18:21:50.0161 5412  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:21:50.0181 5412  LSI_SCSI - ok
18:21:50.0199 5412  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
18:21:50.0233 5412  luafv - ok
18:21:50.0277 5412  [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
18:21:50.0303 5412  LVRS - ok
18:21:50.0388 5412  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\Windows\system32\drivers\massfilter.sys
18:21:50.0438 5412  massfilter - ok
18:21:50.0509 5412  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:21:50.0525 5412  MBAMProtector - ok
18:21:50.0610 5412  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:21:50.0633 5412  MBAMScheduler - ok
18:21:50.0665 5412  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:21:50.0692 5412  MBAMService - ok
18:21:50.0722 5412  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:21:50.0744 5412  Mcx2Svc - ok
18:21:50.0768 5412  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:21:50.0785 5412  megasas - ok
18:21:50.0813 5412  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:21:50.0837 5412  MegaSR - ok
18:21:50.0862 5412  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
18:21:50.0928 5412  MMCSS - ok
18:21:50.0950 5412  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
18:21:50.0999 5412  Modem - ok
18:21:51.0048 5412  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:21:51.0096 5412  monitor - ok
18:21:51.0140 5412  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:21:51.0156 5412  mouclass - ok
18:21:51.0183 5412  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:21:51.0224 5412  mouhid - ok
18:21:51.0270 5412  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:21:51.0290 5412  mountmgr - ok
18:21:51.0394 5412  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:21:51.0414 5412  MozillaMaintenance - ok
18:21:51.0450 5412  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:21:51.0472 5412  mpio - ok
18:21:51.0508 5412  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:21:51.0558 5412  mpsdrv - ok
18:21:51.0619 5412  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:21:51.0751 5412  MpsSvc - ok
18:21:51.0778 5412  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:21:51.0824 5412  MRxDAV - ok
18:21:51.0882 5412  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:21:51.0957 5412  mrxsmb - ok
18:21:51.0982 5412  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:21:52.0030 5412  mrxsmb10 - ok
18:21:52.0072 5412  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:21:52.0112 5412  mrxsmb20 - ok
18:21:52.0162 5412  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
18:21:52.0177 5412  msahci - ok
18:21:52.0203 5412  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:21:52.0224 5412  msdsm - ok
18:21:52.0257 5412  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
18:21:52.0304 5412  MSDTC - ok
18:21:52.0358 5412  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:21:52.0387 5412  Msfs - ok
18:21:52.0408 5412  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:21:52.0460 5412  mshidkmdf - ok
18:21:52.0498 5412  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:21:52.0513 5412  msisadrv - ok
18:21:52.0550 5412  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:21:52.0603 5412  MSiSCSI - ok
18:21:52.0607 5412  msiserver - ok
18:21:52.0668 5412  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:21:52.0696 5412  MSKSSRV - ok
18:21:52.0714 5412  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:21:52.0765 5412  MSPCLOCK - ok
18:21:52.0804 5412  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:21:52.0853 5412  MSPQM - ok
18:21:52.0881 5412  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:21:52.0985 5412  MsRPC - ok
18:21:53.0137 5412  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:21:53.0153 5412  mssmbios - ok
18:21:53.0212 5412  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:21:53.0242 5412  MSTEE - ok
18:21:53.0260 5412  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:21:53.0295 5412  MTConfig - ok
18:21:53.0319 5412  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:21:53.0335 5412  Mup - ok
18:21:53.0365 5412  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
18:21:53.0424 5412  napagent - ok
18:21:53.0495 5412  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:21:53.0524 5412  NativeWifiP - ok
18:21:53.0611 5412  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:21:53.0660 5412  NDIS - ok
18:21:53.0689 5412  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:21:53.0739 5412  NdisCap - ok
18:21:53.0777 5412  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:21:53.0835 5412  NdisTapi - ok
18:21:53.0898 5412  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:21:53.0927 5412  Ndisuio - ok
18:21:53.0955 5412  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:21:54.0004 5412  NdisWan - ok
18:21:54.0038 5412  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:21:54.0090 5412  NDProxy - ok
18:21:54.0128 5412  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:21:54.0183 5412  NetBIOS - ok
18:21:54.0231 5412  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:21:54.0292 5412  NetBT - ok
18:21:54.0331 5412  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
18:21:54.0344 5412  Netlogon - ok
18:21:54.0383 5412  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
18:21:54.0442 5412  Netman - ok
18:21:54.0481 5412  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
18:21:54.0544 5412  netprofm - ok
18:21:54.0599 5412  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:21:54.0619 5412  NetTcpPortSharing - ok
18:21:54.0742 5412  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
18:21:54.0949 5412  netw5v32 - ok
18:21:55.0006 5412  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:21:55.0024 5412  nfrd960 - ok
18:21:55.0149 5412  [ 4DF040B616601996E6CAD18F24311A9F ] NitroDriverReadSpool2 C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
18:21:55.0167 5412  NitroDriverReadSpool2 - ok
18:21:55.0259 5412  [ A027E499F6A62134D31018B1F77AF2AE ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
18:21:55.0276 5412  NitroReaderDriverReadSpool2 - ok
18:21:55.0334 5412  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:21:55.0380 5412  NlaSvc - ok
18:21:55.0433 5412  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:21:55.0464 5412  Npfs - ok
18:21:55.0491 5412  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
18:21:55.0523 5412  nsi - ok
18:21:55.0549 5412  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:21:55.0605 5412  nsiproxy - ok
18:21:55.0684 5412  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:21:55.0771 5412  Ntfs - ok
18:21:55.0819 5412  [ 28613C245D9F26190DCEE18430A4EBBE ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
18:21:55.0882 5412  NuidFltr - ok
18:21:55.0909 5412  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
18:21:55.0957 5412  Null - ok
18:21:56.0027 5412  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:21:56.0047 5412  nvraid - ok
18:21:56.0103 5412  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:21:56.0124 5412  nvstor - ok
18:21:56.0167 5412  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:21:56.0187 5412  nv_agp - ok
18:21:56.0227 5412  [ 2CF21D5F8F1B74BB1922135AC2B12DDB ] OA001Ufd        C:\Windows\system32\DRIVERS\OA001Ufd.sys
18:21:56.0254 5412  OA001Ufd - ok
18:21:56.0304 5412  [ 4075063D25AF9DA64101769854B83787 ] OA001Vid        C:\Windows\system32\DRIVERS\OA001Vid.sys
18:21:56.0361 5412  OA001Vid - ok
18:21:56.0512 5412  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:21:56.0542 5412  odserv - ok
18:21:56.0590 5412  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:21:56.0621 5412  ohci1394 - ok
18:21:56.0756 5412  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:21:56.0777 5412  ose - ok
18:21:56.0819 5412  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:21:56.0889 5412  p2pimsvc - ok
18:21:56.0918 5412  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:21:56.0949 5412  p2psvc - ok
18:21:56.0968 5412  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:21:57.0014 5412  Parport - ok
18:21:57.0061 5412  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:21:57.0080 5412  partmgr - ok
18:21:57.0095 5412  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
18:21:57.0120 5412  Parvdm - ok
18:21:57.0156 5412  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:21:57.0181 5412  PcaSvc - ok
18:21:57.0201 5412  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
18:21:57.0220 5412  pci - ok
18:21:57.0256 5412  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
18:21:57.0272 5412  pciide - ok
18:21:57.0296 5412  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:21:57.0319 5412  pcmcia - ok
18:21:57.0337 5412  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
18:21:57.0356 5412  pcw - ok
18:21:57.0393 5412  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:21:57.0462 5412  PEAUTH - ok
18:21:57.0553 5412  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
18:21:57.0647 5412  pla - ok
18:21:57.0722 5412  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:21:57.0792 5412  PlugPlay - ok
18:21:57.0827 5412  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:21:57.0874 5412  PNRPAutoReg - ok
18:21:57.0907 5412  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:21:57.0923 5412  PNRPsvc - ok
18:21:57.0947 5412  [ 7D7A9C17D5455203DEA11E5EF886CC59 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
18:21:57.0961 5412  Point32 - ok
18:21:58.0006 5412  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:21:58.0045 5412  PolicyAgent - ok
18:21:58.0079 5412  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
18:21:58.0110 5412  Power - ok
18:21:58.0146 5412  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:21:58.0178 5412  PptpMiniport - ok
18:21:58.0195 5412  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:21:58.0300 5412  Processor - ok
18:21:58.0384 5412  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
18:21:58.0456 5412  ProfSvc - ok
18:21:58.0480 5412  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:21:58.0493 5412  ProtectedStorage - ok
18:21:58.0511 5412  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:21:58.0545 5412  Psched - ok
18:21:58.0649 5412  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:21:58.0717 5412  ql2300 - ok
18:21:58.0743 5412  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:21:58.0764 5412  ql40xx - ok
18:21:58.0792 5412  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
18:21:58.0821 5412  QWAVE - ok
18:21:58.0842 5412  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:21:58.0862 5412  QWAVEdrv - ok
18:21:58.0952 5412  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
18:21:58.0970 5412  RapiMgr - ok
18:21:58.0991 5412  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:21:59.0022 5412  RasAcd - ok
18:21:59.0059 5412  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:21:59.0120 5412  RasAgileVpn - ok
18:21:59.0163 5412  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
18:21:59.0197 5412  RasAuto - ok
18:21:59.0217 5412  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:21:59.0269 5412  Rasl2tp - ok
18:21:59.0350 5412  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
18:21:59.0409 5412  RasMan - ok
18:21:59.0462 5412  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:21:59.0494 5412  RasPppoe - ok
18:21:59.0522 5412  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:21:59.0572 5412  RasSstp - ok
18:21:59.0632 5412  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:21:59.0692 5412  rdbss - ok
18:21:59.0715 5412  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:21:59.0748 5412  rdpbus - ok
18:21:59.0792 5412  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:21:59.0846 5412  RDPCDD - ok
18:21:59.0890 5412  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:21:59.0919 5412  RDPENCDD - ok
18:21:59.0931 5412  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:21:59.0990 5412  RDPREFMP - ok
18:22:00.0029 5412  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:22:00.0095 5412  RDPWD - ok
18:22:00.0135 5412  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:22:00.0159 5412  rdyboost - ok
18:22:00.0185 5412  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:22:00.0234 5412  RemoteAccess - ok
18:22:00.0281 5412  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:22:00.0333 5412  RemoteRegistry - ok
18:22:00.0404 5412  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
18:22:00.0461 5412  rismxdp - ok
18:22:00.0500 5412  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:22:00.0567 5412  RpcEptMapper - ok
18:22:00.0611 5412  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
18:22:00.0653 5412  RpcLocator - ok
18:22:00.0697 5412  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
18:22:00.0726 5412  RpcSs - ok
18:22:00.0780 5412  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:22:00.0840 5412  rspndr - ok
18:22:00.0874 5412  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
18:22:00.0887 5412  SamSs - ok
18:22:01.0057 5412  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
18:22:01.0134 5412  SBAMSvc - ok
18:22:01.0193 5412  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:22:01.0213 5412  sbp2port - ok
18:22:01.0250 5412  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:22:01.0316 5412  SCardSvr - ok
18:22:01.0367 5412  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:22:01.0399 5412  scfilter - ok
18:22:01.0471 5412  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
18:22:01.0554 5412  Schedule - ok
18:22:01.0592 5412  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:22:01.0616 5412  SCPolicySvc - ok
18:22:01.0646 5412  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:22:01.0686 5412  sdbus - ok
18:22:01.0731 5412  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:22:01.0799 5412  SDRSVC - ok
18:22:01.0827 5412  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:22:01.0876 5412  secdrv - ok
18:22:01.0943 5412  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
18:22:01.0994 5412  seclogon - ok
18:22:02.0043 5412  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
18:22:02.0111 5412  SENS - ok
18:22:02.0154 5412  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:22:02.0222 5412  SensrSvc - ok
18:22:02.0249 5412  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:22:02.0291 5412  Serenum - ok
18:22:02.0359 5412  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:22:02.0398 5412  Serial - ok
18:22:02.0462 5412  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:22:02.0479 5412  sermouse - ok
18:22:02.0524 5412  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:22:02.0587 5412  SessionEnv - ok
18:22:02.0609 5412  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
18:22:02.0665 5412  sffdisk - ok
18:22:02.0682 5412  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:22:02.0699 5412  sffp_mmc - ok
18:22:02.0717 5412  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
18:22:02.0753 5412  sffp_sd - ok
18:22:02.0794 5412  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:02.0812 5412  sfloppy - ok
18:22:02.0856 5412  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:22:02.0897 5412  SharedAccess - ok
18:22:02.0912 5412  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:22:02.0980 5412  ShellHWDetection - ok
18:22:03.0038 5412  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:22:03.0056 5412  sisagp - ok
18:22:03.0096 5412  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:03.0114 5412  SiSRaid2 - ok
18:22:03.0131 5412  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:03.0150 5412  SiSRaid4 - ok
18:22:03.0229 5412  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:22:03.0283 5412  SkypeUpdate - ok
18:22:03.0309 5412  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:22:03.0341 5412  Smb - ok
18:22:03.0385 5412  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:22:03.0404 5412  SNMPTRAP - ok
18:22:03.0427 5412  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:22:03.0444 5412  spldr - ok
18:22:03.0483 5412  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
18:22:03.0557 5412  Spooler - ok
18:22:03.0653 5412  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
18:22:03.0722 5412  sppsvc - ok
18:22:03.0757 5412  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:22:03.0791 5412  sppuinotify - ok
18:22:03.0823 5412  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:22:03.0904 5412  srv - ok
18:22:03.0924 5412  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:22:03.0975 5412  srv2 - ok
18:22:04.0021 5412  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:22:04.0041 5412  srvnet - ok
18:22:04.0077 5412  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:22:04.0111 5412  SSDPSRV - ok
18:22:04.0203 5412  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:22:04.0216 5412  ssmdrv - ok
18:22:04.0221 5412  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:22:04.0272 5412  SstpSvc - ok
18:22:04.0380 5412  [ DDEB942850278D67EDC108D57F774BF8 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
18:22:04.0431 5412  STacSV - ok
18:22:04.0479 5412  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:22:04.0496 5412  stexstor - ok
18:22:04.0541 5412  [ C4BE9C3AF8AF6F2E4CDD22FCABF77A1B ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
18:22:04.0593 5412  STHDA - ok
18:22:04.0667 5412  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:22:04.0728 5412  StiSvc - ok
18:22:04.0774 5412  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:22:04.0790 5412  swenum - ok
18:22:04.0821 5412  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
18:22:04.0858 5412  swprv - ok
18:22:04.0902 5412  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
18:22:04.0939 5412  SysMain - ok
18:22:04.0978 5412  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:22:05.0021 5412  TabletInputService - ok
18:22:05.0070 5412  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:22:05.0103 5412  TapiSrv - ok
18:22:05.0128 5412  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
18:22:05.0186 5412  TBS - ok
18:22:05.0307 5412  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:22:05.0394 5412  Tcpip - ok
18:22:05.0452 5412  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:22:05.0481 5412  TCPIP6 - ok
18:22:05.0533 5412  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:22:05.0575 5412  tcpipreg - ok
18:22:05.0631 5412  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:22:05.0698 5412  TDPIPE - ok
18:22:05.0726 5412  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:22:05.0759 5412  TDTCP - ok
18:22:05.0807 5412  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:22:05.0871 5412  tdx - ok
18:22:05.0917 5412  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:22:05.0935 5412  TermDD - ok
18:22:05.0977 5412  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
18:22:06.0046 5412  TermService - ok
18:22:06.0102 5412  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
18:22:06.0123 5412  Themes - ok
18:22:06.0138 5412  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:22:06.0164 5412  THREADORDER - ok
18:22:06.0193 5412  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
18:22:06.0261 5412  TrkWks - ok
18:22:06.0353 5412  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:22:06.0408 5412  TrustedInstaller - ok
18:22:06.0434 5412  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:06.0479 5412  tssecsrv - ok
18:22:06.0544 5412  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:22:06.0570 5412  TsUsbFlt - ok
18:22:06.0622 5412  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:22:06.0715 5412  tunnel - ok
18:22:06.0766 5412  [ 56E601B1B99E63EC28E0DAB06A25568F ] TwBus           C:\Windows\system32\DRIVERS\TwBus.sys
18:22:06.0798 5412  TwBus - ok
18:22:06.0854 5412  TwDrvService - ok
18:22:06.0857 5412  TwRegSvc - ok
18:22:06.0890 5412  [ D7A7B56D18ECA54B682F67759FFB1D08 ] TwTouch         C:\Windows\system32\DRIVERS\TwTouch.sys
18:22:06.0968 5412  TwTouch - ok
18:22:06.0991 5412  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:22:07.0016 5412  uagp35 - ok
18:22:07.0054 5412  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:22:07.0113 5412  udfs - ok
18:22:07.0205 5412  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
18:22:07.0224 5412  UI Assistant Service - ok
18:22:07.0259 5412  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:22:07.0300 5412  UI0Detect - ok
18:22:07.0351 5412  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:22:07.0369 5412  uliagpkx - ok
18:22:07.0409 5412  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:22:07.0460 5412  umbus - ok
18:22:07.0507 5412  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:22:07.0532 5412  UmPass - ok
18:22:07.0569 5412  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
18:22:07.0609 5412  upnphost - ok
18:22:07.0652 5412  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:22:07.0689 5412  usbaudio - ok
18:22:07.0736 5412  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:07.0792 5412  usbccgp - ok
18:22:07.0813 5412  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:22:07.0836 5412  usbcir - ok
18:22:07.0868 5412  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:22:07.0885 5412  usbehci - ok
18:22:07.0921 5412  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:22:07.0971 5412  usbhub - ok
18:22:08.0031 5412  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:22:08.0062 5412  usbohci - ok
18:22:08.0123 5412  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:22:08.0141 5412  usbprint - ok
18:22:08.0169 5412  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:22:08.0210 5412  usbscan - ok
18:22:08.0236 5412  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:08.0294 5412  USBSTOR - ok
18:22:08.0329 5412  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:08.0345 5412  usbuhci - ok
18:22:08.0380 5412  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:22:08.0403 5412  usbvideo - ok
18:22:08.0422 5412  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
18:22:08.0452 5412  UxSms - ok
18:22:08.0463 5412  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
18:22:08.0476 5412  VaultSvc - ok
18:22:08.0510 5412  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
18:22:08.0533 5412  VClone - ok
18:22:08.0555 5412  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:22:08.0573 5412  vdrvroot - ok
18:22:08.0608 5412  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
18:22:08.0673 5412  vds - ok
18:22:08.0722 5412  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:08.0765 5412  vga - ok
18:22:08.0815 5412  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:22:08.0845 5412  VgaSave - ok
18:22:08.0873 5412  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:22:08.0896 5412  vhdmp - ok
18:22:08.0932 5412  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:22:08.0951 5412  viaagp - ok
18:22:08.0968 5412  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
18:22:09.0007 5412  ViaC7 - ok
18:22:09.0060 5412  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
18:22:09.0077 5412  viaide - ok
18:22:09.0114 5412  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:22:09.0133 5412  volmgr - ok
18:22:09.0153 5412  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:22:09.0184 5412  volmgrx - ok
18:22:09.0202 5412  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:22:09.0231 5412  volsnap - ok
18:22:09.0260 5412  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:09.0280 5412  vsmraid - ok
18:22:09.0322 5412  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
18:22:09.0394 5412  VSS - ok
18:22:09.0428 5412  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:22:09.0462 5412  vwifibus - ok
18:22:09.0533 5412  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
18:22:09.0571 5412  W32Time - ok
18:22:09.0596 5412  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:22:09.0628 5412  WacomPen - ok
18:22:09.0674 5412  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:22:09.0704 5412  WANARP - ok
18:22:09.0707 5412  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:22:09.0731 5412  Wanarpv6 - ok
18:22:09.0826 5412  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:22:09.0928 5412  WatAdminSvc - ok
18:22:09.0999 5412  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
18:22:10.0121 5412  wbengine - ok
18:22:10.0150 5412  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:22:10.0198 5412  WbioSrvc - ok
18:22:10.0291 5412  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:22:10.0314 5412  WcesComm - ok
18:22:10.0344 5412  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:22:10.0396 5412  wcncsvc - ok
18:22:10.0442 5412  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:22:10.0499 5412  WcsPlugInService - ok
18:22:10.0518 5412  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:22:10.0535 5412  Wd - ok
18:22:10.0590 5412  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:22:10.0625 5412  Wdf01000 - ok
18:22:10.0638 5412  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:22:10.0725 5412  WdiServiceHost - ok
18:22:10.0738 5412  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:22:10.0754 5412  WdiSystemHost - ok
18:22:10.0778 5412  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
18:22:10.0810 5412  WebClient - ok
18:22:10.0854 5412  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:22:10.0890 5412  Wecsvc - ok
18:22:10.0920 5412  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:22:10.0967 5412  wercplsupport - ok
18:22:11.0019 5412  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:22:11.0085 5412  WerSvc - ok
18:22:11.0141 5412  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:11.0170 5412  WfpLwf - ok
18:22:11.0184 5412  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:22:11.0201 5412  WIMMount - ok
18:22:11.0266 5412  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:22:11.0321 5412  WinDefend - ok
18:22:11.0326 5412  WinHttpAutoProxySvc - ok
18:22:11.0401 5412  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:22:11.0434 5412  Winmgmt - ok
18:22:11.0489 5412  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
18:22:11.0562 5412  WinRM - ok
18:22:11.0644 5412  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB          C:\Windows\system32\DRIVERS\WinUSB.SYS
18:22:11.0679 5412  WINUSB - ok
18:22:11.0729 5412  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:22:11.0819 5412  Wlansvc - ok
18:22:11.0869 5412  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:22:11.0911 5412  WmiAcpi - ok
18:22:11.0960 5412  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:22:12.0004 5412  wmiApSrv - ok
18:22:12.0123 5412  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:22:12.0237 5412  WMPNetworkSvc - ok
18:22:12.0269 5412  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:22:12.0326 5412  WPCSvc - ok
18:22:12.0351 5412  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:22:12.0391 5412  WPDBusEnum - ok
18:22:12.0444 5412  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:22:12.0507 5412  ws2ifsl - ok
18:22:12.0562 5412  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:22:12.0621 5412  wscsvc - ok
18:22:12.0625 5412  WSearch - ok
18:22:12.0733 5412  [ A583F4BF607EBC5709578433207A76A8 ] WTGService      C:\Program Files\Verbindungsassistent\WTGService.exe
18:22:12.0755 5412  WTGService - ok
18:22:12.0844 5412  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:22:12.0897 5412  wuauserv - ok
18:22:12.0946 5412  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:22:12.0994 5412  WudfPf - ok
18:22:13.0065 5412  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:13.0087 5412  WUDFRd - ok
18:22:13.0135 5412  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:22:13.0156 5412  wudfsvc - ok
18:22:13.0190 5412  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:22:13.0259 5412  WwanSvc - ok
18:22:13.0330 5412  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:22:13.0390 5412  ZTEusbmdm6k - ok
18:22:13.0426 5412  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:22:13.0443 5412  ZTEusbnmea - ok
18:22:13.0470 5412  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:22:13.0488 5412  ZTEusbser6k - ok
18:22:13.0493 5412  ================ Scan global ===============================
18:22:13.0520 5412  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:22:13.0580 5412  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:22:13.0610 5412  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:22:13.0636 5412  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:22:13.0673 5412  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:22:13.0683 5412  [Global] - ok
18:22:13.0684 5412  ================ Scan MBR ==================================
18:22:13.0697 5412  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:22:13.0968 5412  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:22:13.0968 5412  \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:22:13.0969 5412  ================ Scan VBR ==================================
18:22:14.0023 5412  [ 386B8501A11F9FC2E98E7D726AB29F1B ] \Device\Harddisk0\DR0\Partition1
18:22:14.0025 5412  \Device\Harddisk0\DR0\Partition1 - ok
18:22:14.0028 5412  [ 007CC6B711EDDD1604A694A9CC091B2F ] \Device\Harddisk0\DR0\Partition2
18:22:14.0029 5412  \Device\Harddisk0\DR0\Partition2 - ok
18:22:14.0066 5412  [ 431A0D143DB34BD803F586BF2FA4CB92 ] \Device\Harddisk0\DR0\Partition3
18:22:14.0067 5412  \Device\Harddisk0\DR0\Partition3 - ok
18:22:14.0068 5412  ============================================================
18:22:14.0068 5412  Scan finished
18:22:14.0068 5412  ============================================================
18:22:14.0078 4188  Detected object count: 1
18:22:14.0078 4188  Actual detected object count: 1
18:22:31.0400 4188  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:22:31.0400 4188  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
18:23:23.0102 4360  Deinitialize success

markusg · 09.06.2013, 17:28

hi
tdss killer konfigurieren wie beschrieben.
scannen, dann delete wählen für:
TDSS File System
neustarten und neues tdss killer nach Anleitung.
übrigens kann ich dir nach diesem Fund noch mal nur zum formatieren raten, da jetzt noch ein Rootkit dazugekommen ist und damit wohl mehr als eine kriminelle Gruppe zugriff auf dein System hatt.

Grave1 · 09.06.2013, 17:37

Ok, hast mich überzeugt. Mach ne Neuinstallation. Du sprachst davon, dass du auch bei einem Backup nach der Neuinstallation Tips hättest.
Da ich mehrere Partitionen habe, müsste ich doch meine nicht Systempartition nicht sichern, oder?

markusg · 09.06.2013, 17:43

bitte trotzdem noch mal den tdss killer laufen lassen.
sind auf der nicht systempartition programme instaliert? dann müssen die mit drann.

Grave1 · 09.06.2013, 17:52

Hab ich gemacht. Hier das neue Log.

Code:

ATTFilter

18:50:16.0277 2408  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:50:16.0410 2408  ============================================================
18:50:16.0410 2408  Current date / time: 2013/06/09 18:50:16.0410
18:50:16.0410 2408  SystemInfo:
18:50:16.0410 2408  
18:50:16.0410 2408  OS Version: 6.1.7601 ServicePack: 1.0
18:50:16.0410 2408  Product type: Workstation
18:50:16.0410 2408  ComputerName: GRAVE-PC
18:50:16.0410 2408  UserName: Grave
18:50:16.0410 2408  Windows directory: C:\Windows
18:50:16.0410 2408  System windows directory: C:\Windows
18:50:16.0410 2408  Processor architecture: Intel x86
18:50:16.0410 2408  Number of processors: 2
18:50:16.0410 2408  Page size: 0x1000
18:50:16.0410 2408  Boot type: Normal boot
18:50:16.0410 2408  ============================================================
18:50:18.0977 2408  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:50:18.0988 2408  ============================================================
18:50:18.0988 2408  \Device\Harddisk0\DR0:
18:50:18.0988 2408  MBR partitions:
18:50:18.0988 2408  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000
18:50:18.0988 2408  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x13B287F8
18:50:19.0061 2408  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14F70000, BlocksNum 0x104BE000
18:50:19.0061 2408  ============================================================
18:50:19.0204 2408  C: <-> \Device\Harddisk0\DR0\Partition2
18:50:19.0529 2408  D: <-> \Device\Harddisk0\DR0\Partition3
18:50:19.0685 2408  E: <-> \Device\Harddisk0\DR0\Partition1
18:50:19.0685 2408  ============================================================
18:50:19.0685 2408  Initialize success
18:50:19.0685 2408  ============================================================
18:50:26.0511 3764  ============================================================
18:50:26.0511 3764  Scan started
18:50:26.0511 3764  Mode: Manual; SigCheck; TDLFS; 
18:50:26.0511 3764  ============================================================
18:50:29.0274 3764  ================ Scan system memory ========================
18:50:29.0274 3764  System memory - ok
18:50:29.0274 3764  ================ Scan services =============================
18:50:29.0533 3764  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:50:29.0698 3764  1394ohci - ok
18:50:29.0738 3764  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:50:29.0765 3764  ACPI - ok
18:50:29.0798 3764  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:50:29.0853 3764  AcpiPmi - ok
18:50:30.0040 3764  [ 9D90344179ED6A05959DE40FC934A022 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
18:50:30.0076 3764  Ad-Aware Service - ok
18:50:30.0169 3764  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:50:30.0185 3764  AdobeARMservice - ok
18:50:30.0310 3764  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:50:30.0358 3764  AdobeFlashPlayerUpdateSvc - ok
18:50:30.0446 3764  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:50:30.0476 3764  adp94xx - ok
18:50:30.0499 3764  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:50:30.0524 3764  adpahci - ok
18:50:30.0544 3764  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:50:30.0565 3764  adpu320 - ok
18:50:30.0592 3764  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:50:30.0695 3764  AeLookupSvc - ok
18:50:30.0841 3764  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe
18:50:30.0908 3764  AESTFilters - ok
18:50:30.0956 3764  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
18:50:31.0048 3764  AFD - ok
18:50:31.0091 3764  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
18:50:31.0109 3764  agp440 - ok
18:50:31.0144 3764  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
18:50:31.0163 3764  aic78xx - ok
18:50:31.0211 3764  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
18:50:31.0299 3764  ALG - ok
18:50:31.0327 3764  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:50:31.0344 3764  aliide - ok
18:50:31.0394 3764  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:50:31.0472 3764  AMD External Events Utility - ok
18:50:31.0490 3764  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:50:31.0509 3764  amdagp - ok
18:50:31.0513 3764  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:50:31.0529 3764  amdide - ok
18:50:31.0588 3764  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:50:31.0655 3764  AmdK8 - ok
18:50:31.0667 3764  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:50:31.0716 3764  AmdPPM - ok
18:50:31.0760 3764  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:50:31.0779 3764  amdsata - ok
18:50:31.0817 3764  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:50:31.0838 3764  amdsbs - ok
18:50:31.0852 3764  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:50:31.0868 3764  amdxata - ok
18:50:31.0980 3764  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:50:31.0997 3764  AntiVirSchedulerService - ok
18:50:32.0096 3764  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:50:32.0112 3764  AntiVirService - ok
18:50:32.0164 3764  [ D7723A101C5CB4C0FA979E4DDA732EC0 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
18:50:32.0187 3764  ApfiltrService - ok
18:50:32.0247 3764  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
18:50:32.0419 3764  AppID - ok
18:50:32.0478 3764  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:50:32.0532 3764  AppIDSvc - ok
18:50:32.0582 3764  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
18:50:32.0692 3764  Appinfo - ok
18:50:32.0743 3764  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:50:32.0761 3764  arc - ok
18:50:32.0778 3764  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:50:32.0798 3764  arcsas - ok
18:50:32.0825 3764  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:50:32.0962 3764  AsyncMac - ok
18:50:32.0987 3764  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
18:50:32.0998 3764  atapi - ok
18:50:33.0195 3764  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:50:33.0474 3764  atikmdag - ok
18:50:33.0544 3764  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:50:33.0645 3764  AudioEndpointBuilder - ok
18:50:33.0653 3764  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:50:33.0681 3764  Audiosrv - ok
18:50:33.0766 3764  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:50:33.0783 3764  avgntflt - ok
18:50:33.0866 3764  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:50:33.0883 3764  avipbb - ok
18:50:33.0900 3764  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:50:33.0915 3764  avkmgr - ok
18:50:33.0961 3764  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:50:34.0058 3764  AxInstSV - ok
18:50:34.0103 3764  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
18:50:34.0179 3764  b06bdrv - ok
18:50:34.0209 3764  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:50:34.0232 3764  b57nd60x - ok
18:50:34.0322 3764  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:50:34.0455 3764  BDESVC - ok
18:50:34.0485 3764  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:50:34.0541 3764  Beep - ok
18:50:34.0637 3764  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
18:50:34.0723 3764  BFE - ok
18:50:34.0771 3764  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
18:50:34.0840 3764  BITS - ok
18:50:34.0894 3764  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:50:34.0940 3764  blbdrive - ok
18:50:34.0995 3764  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:50:35.0028 3764  bowser - ok
18:50:35.0040 3764  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:50:35.0110 3764  BrFiltLo - ok
18:50:35.0136 3764  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:50:35.0177 3764  BrFiltUp - ok
18:50:35.0219 3764  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
18:50:35.0301 3764  Browser - ok
18:50:35.0327 3764  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:50:35.0391 3764  Brserid - ok
18:50:35.0407 3764  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:50:35.0445 3764  BrSerWdm - ok
18:50:35.0465 3764  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:50:35.0504 3764  BrUsbMdm - ok
18:50:35.0531 3764  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:50:35.0578 3764  BrUsbSer - ok
18:50:35.0597 3764  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:50:35.0632 3764  BTHMODEM - ok
18:50:35.0693 3764  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
18:50:35.0755 3764  bthserv - ok
18:50:35.0799 3764  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:50:35.0831 3764  cdfs - ok
18:50:35.0872 3764  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:50:35.0956 3764  cdrom - ok
18:50:35.0998 3764  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:50:36.0051 3764  CertPropSvc - ok
18:50:36.0111 3764  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:50:36.0137 3764  circlass - ok
18:50:36.0170 3764  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
18:50:36.0194 3764  CLFS - ok
18:50:36.0280 3764  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:50:36.0301 3764  clr_optimization_v2.0.50727_32 - ok
18:50:36.0372 3764  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:50:36.0450 3764  clr_optimization_v4.0.30319_32 - ok
18:50:36.0474 3764  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:50:36.0520 3764  CmBatt - ok
18:50:36.0621 3764  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:50:36.0639 3764  cmdide - ok
18:50:36.0685 3764  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:50:36.0719 3764  CNG - ok
18:50:36.0744 3764  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:50:36.0759 3764  Compbatt - ok
18:50:36.0795 3764  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:50:36.0836 3764  CompositeBus - ok
18:50:36.0864 3764  COMSysApp - ok
18:50:36.0879 3764  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:50:36.0896 3764  crcdisk - ok
18:50:36.0961 3764  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:50:37.0019 3764  CryptSvc - ok
18:50:37.0104 3764  [ A38F95E2A1A459E7F59D5713909C9111 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
18:50:37.0124 3764  dc3d - ok
18:50:37.0169 3764  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:50:37.0225 3764  DcomLaunch - ok
18:50:37.0272 3764  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:50:37.0340 3764  defragsvc - ok
18:50:37.0393 3764  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:50:37.0450 3764  DfsC - ok
18:50:37.0506 3764  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:50:37.0569 3764  Dhcp - ok
18:50:37.0601 3764  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
18:50:37.0650 3764  discache - ok
18:50:37.0710 3764  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:50:37.0727 3764  Disk - ok
18:50:37.0757 3764  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:50:37.0797 3764  Dnscache - ok
18:50:37.0824 3764  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:50:37.0878 3764  dot3svc - ok
18:50:37.0938 3764  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
18:50:37.0997 3764  DPS - ok
18:50:38.0052 3764  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:50:38.0086 3764  drmkaud - ok
18:50:38.0153 3764  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:50:38.0182 3764  DXGKrnl - ok
18:50:38.0237 3764  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
18:50:38.0289 3764  EapHost - ok
18:50:38.0449 3764  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
18:50:38.0710 3764  ebdrv - ok
18:50:38.0789 3764  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
18:50:38.0870 3764  EFS - ok
18:50:39.0024 3764  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:50:39.0129 3764  ehRecvr - ok
18:50:39.0149 3764  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
18:50:39.0217 3764  ehSched - ok
18:50:39.0278 3764  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
18:50:39.0292 3764  ElbyCDIO - ok
18:50:39.0349 3764  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:50:39.0377 3764  elxstor - ok
18:50:39.0417 3764  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:50:39.0449 3764  ErrDev - ok
18:50:39.0511 3764  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
18:50:39.0574 3764  EventSystem - ok
18:50:39.0614 3764  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
18:50:39.0673 3764  exfat - ok
18:50:39.0707 3764  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:50:39.0773 3764  fastfat - ok
18:50:39.0860 3764  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
18:50:39.0952 3764  Fax - ok
18:50:39.0971 3764  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:50:40.0005 3764  fdc - ok
18:50:40.0057 3764  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
18:50:40.0111 3764  fdPHost - ok
18:50:40.0142 3764  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
18:50:40.0207 3764  FDResPub - ok
18:50:40.0238 3764  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:50:40.0255 3764  FileInfo - ok
18:50:40.0300 3764  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:50:40.0330 3764  Filetrace - ok
18:50:40.0742 3764  [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:50:41.0034 3764  FLEXnet Licensing Service - ok
18:50:41.0160 3764  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:50:41.0302 3764  flpydisk - ok
18:50:41.0566 3764  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:50:41.0593 3764  FltMgr - ok
18:50:41.0922 3764  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
18:50:42.0267 3764  FontCache - ok
18:50:42.0356 3764  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:50:42.0372 3764  FontCache3.0.0.0 - ok
18:50:42.0404 3764  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:50:42.0424 3764  FsDepends - ok
18:50:42.0499 3764  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:50:42.0515 3764  Fs_Rec - ok
18:50:42.0744 3764  [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
18:50:42.0760 3764  FTDIBUS - ok
18:50:42.0798 3764  [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
18:50:42.0833 3764  FTSER2K - ok
18:50:42.0893 3764  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:50:42.0923 3764  fvevol - ok
18:50:42.0969 3764  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:50:42.0987 3764  gagp30kx - ok
18:50:43.0023 3764  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\Windows\system32\drivers\gfibto.sys
18:50:43.0035 3764  gfibto - ok
18:50:43.0106 3764  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:50:43.0207 3764  gpsvc - ok
18:50:43.0303 3764  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:50:43.0322 3764  gupdate - ok
18:50:43.0337 3764  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:50:43.0347 3764  gupdatem - ok
18:50:43.0401 3764  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:50:43.0425 3764  gusvc - ok
18:50:43.0454 3764  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:50:43.0488 3764  hcw85cir - ok
18:50:43.0526 3764  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:50:43.0586 3764  HdAudAddService - ok
18:50:43.0650 3764  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:50:43.0719 3764  HDAudBus - ok
18:50:43.0770 3764  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:50:43.0834 3764  HidBatt - ok
18:50:43.0884 3764  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:50:43.0942 3764  HidBth - ok
18:50:43.0996 3764  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:50:44.0019 3764  HidIr - ok
18:50:44.0050 3764  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
18:50:44.0122 3764  hidserv - ok
18:50:44.0258 3764  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:50:44.0306 3764  HidUsb - ok
18:50:44.0362 3764  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:50:44.0467 3764  hkmsvc - ok
18:50:44.0531 3764  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:50:44.0658 3764  HomeGroupListener - ok
18:50:44.0695 3764  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:50:44.0784 3764  HomeGroupProvider - ok
18:50:44.0858 3764  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:50:44.0877 3764  HpSAMD - ok
18:50:44.0995 3764  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:50:45.0058 3764  HTTP - ok
18:50:45.0100 3764  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:50:45.0115 3764  hwpolicy - ok
18:50:45.0156 3764  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:50:45.0342 3764  i8042prt - ok
18:50:45.0516 3764  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:50:45.0575 3764  iaStorV - ok
18:50:45.0815 3764  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:50:46.0107 3764  idsvc - ok
18:50:46.0150 3764  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:50:46.0192 3764  iirsp - ok
18:50:46.0249 3764  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:50:46.0440 3764  IKEEXT - ok
18:50:46.0473 3764  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:50:46.0526 3764  intelide - ok
18:50:46.0629 3764  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:50:46.0723 3764  intelppm - ok
18:50:46.0767 3764  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:50:46.0881 3764  IPBusEnum - ok
18:50:46.0902 3764  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:50:46.0974 3764  IpFilterDriver - ok
18:50:47.0140 3764  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:50:47.0311 3764  iphlpsvc - ok
18:50:47.0376 3764  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:50:47.0473 3764  IPMIDRV - ok
18:50:47.0533 3764  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:50:47.0595 3764  IPNAT - ok
18:50:47.0699 3764  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:50:47.0868 3764  IRENUM - ok
18:50:47.0930 3764  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:50:47.0985 3764  isapnp - ok
18:50:48.0030 3764  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:50:48.0127 3764  iScsiPrt - ok
18:50:48.0185 3764  [ C4C95805B85BCE1EB9D20F4A02FC5F9B ] k57nd60x        C:\Windows\system32\DRIVERS\k57nd60x.sys
18:50:48.0260 3764  k57nd60x - ok
18:50:48.0312 3764  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:50:48.0358 3764  kbdclass - ok
18:50:48.0495 3764  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:50:48.0600 3764  kbdhid - ok
18:50:48.0637 3764  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
18:50:48.0650 3764  KeyIso - ok
18:50:48.0715 3764  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:50:48.0734 3764  KSecDD - ok
18:50:48.0777 3764  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:50:48.0813 3764  KSecPkg - ok
18:50:48.0869 3764  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:50:48.0954 3764  KtmRm - ok
18:50:49.0000 3764  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:50:49.0067 3764  LanmanServer - ok
18:50:49.0105 3764  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:50:49.0197 3764  LanmanWorkstation - ok
18:50:49.0271 3764  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:50:49.0348 3764  lltdio - ok
18:50:49.0379 3764  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:50:49.0470 3764  lltdsvc - ok
18:50:49.0484 3764  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:50:49.0542 3764  lmhosts - ok
18:50:49.0577 3764  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:50:49.0609 3764  LSI_FC - ok
18:50:49.0659 3764  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:50:49.0718 3764  LSI_SAS - ok
18:50:49.0723 3764  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:50:49.0744 3764  LSI_SAS2 - ok
18:50:49.0752 3764  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:50:49.0772 3764  LSI_SCSI - ok
18:50:49.0788 3764  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
18:50:49.0905 3764  luafv - ok
18:50:49.0988 3764  [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
18:50:50.0037 3764  LVRS - ok
18:50:50.0133 3764  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\Windows\system32\drivers\massfilter.sys
18:50:50.0215 3764  massfilter - ok
18:50:50.0387 3764  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:50:50.0401 3764  MBAMProtector - ok
18:50:50.0510 3764  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:50:50.0534 3764  MBAMScheduler - ok
18:50:50.0642 3764  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:50:50.0706 3764  MBAMService - ok
18:50:50.0732 3764  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:50:50.0813 3764  Mcx2Svc - ok
18:50:50.0845 3764  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:50:50.0902 3764  megasas - ok
18:50:50.0923 3764  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:50:50.0962 3764  MegaSR - ok
18:50:51.0040 3764  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
18:50:51.0104 3764  MMCSS - ok
18:50:51.0119 3764  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
18:50:51.0230 3764  Modem - ok
18:50:51.0302 3764  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:50:51.0461 3764  monitor - ok
18:50:51.0505 3764  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:50:51.0522 3764  mouclass - ok
18:50:51.0593 3764  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:50:51.0656 3764  mouhid - ok
18:50:51.0757 3764  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:50:51.0786 3764  mountmgr - ok
18:50:51.0914 3764  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:50:51.0936 3764  MozillaMaintenance - ok
18:50:51.0982 3764  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:50:52.0015 3764  mpio - ok
18:50:52.0051 3764  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:50:52.0102 3764  mpsdrv - ok
18:50:52.0295 3764  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:50:52.0404 3764  MpsSvc - ok
18:50:52.0432 3764  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:50:52.0489 3764  MRxDAV - ok
18:50:52.0547 3764  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:50:52.0766 3764  mrxsmb - ok
18:50:52.0791 3764  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:50:52.0850 3764  mrxsmb10 - ok
18:50:52.0948 3764  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:50:52.0998 3764  mrxsmb20 - ok
18:50:53.0060 3764  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
18:50:53.0076 3764  msahci - ok
18:50:53.0101 3764  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:50:53.0122 3764  msdsm - ok
18:50:53.0155 3764  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
18:50:53.0246 3764  MSDTC - ok
18:50:53.0300 3764  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:50:53.0343 3764  Msfs - ok
18:50:53.0361 3764  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:50:53.0503 3764  mshidkmdf - ok
18:50:53.0540 3764  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:50:53.0555 3764  msisadrv - ok
18:50:53.0626 3764  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:50:53.0757 3764  MSiSCSI - ok
18:50:53.0761 3764  msiserver - ok
18:50:53.0810 3764  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:50:53.0863 3764  MSKSSRV - ok
18:50:53.0890 3764  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:50:53.0974 3764  MSPCLOCK - ok
18:50:54.0057 3764  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:50:54.0129 3764  MSPQM - ok
18:50:54.0167 3764  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:50:54.0193 3764  MsRPC - ok
18:50:54.0301 3764  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:50:54.0338 3764  mssmbios - ok
18:50:54.0410 3764  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:50:54.0456 3764  MSTEE - ok
18:50:54.0480 3764  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:50:54.0526 3764  MTConfig - ok
18:50:54.0550 3764  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:50:54.0566 3764  Mup - ok
18:50:54.0656 3764  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
18:50:54.0722 3764  napagent - ok
18:50:54.0815 3764  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:50:54.0858 3764  NativeWifiP - ok
18:50:55.0053 3764  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:50:55.0254 3764  NDIS - ok
18:50:55.0294 3764  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:50:55.0345 3764  NdisCap - ok
18:50:55.0382 3764  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:50:55.0440 3764  NdisTapi - ok
18:50:55.0514 3764  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:50:55.0546 3764  Ndisuio - ok
18:50:55.0571 3764  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:50:55.0620 3764  NdisWan - ok
18:50:55.0832 3764  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:50:55.0929 3764  NDProxy - ok
18:50:55.0978 3764  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:50:56.0033 3764  NetBIOS - ok
18:50:56.0126 3764  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:50:56.0220 3764  NetBT - ok
18:50:56.0259 3764  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
18:50:56.0272 3764  Netlogon - ok
18:50:56.0335 3764  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
18:50:56.0426 3764  Netman - ok
18:50:56.0520 3764  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
18:50:56.0606 3764  netprofm - ok
18:50:56.0749 3764  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:50:56.0770 3764  NetTcpPortSharing - ok
18:50:57.0480 3764  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
18:50:57.0687 3764  netw5v32 - ok
18:50:57.0748 3764  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:50:57.0767 3764  nfrd960 - ok
18:50:57.0957 3764  [ 4DF040B616601996E6CAD18F24311A9F ] NitroDriverReadSpool2 C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
18:50:57.0975 3764  NitroDriverReadSpool2 - ok
18:50:58.0079 3764  [ A027E499F6A62134D31018B1F77AF2AE ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
18:50:58.0097 3764  NitroReaderDriverReadSpool2 - ok
18:50:58.0153 3764  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:50:58.0255 3764  NlaSvc - ok
18:50:58.0309 3764  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:50:58.0339 3764  Npfs - ok
18:50:58.0367 3764  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
18:50:58.0404 3764  nsi - ok
18:50:58.0447 3764  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:50:58.0513 3764  nsiproxy - ok
18:50:58.0593 3764  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:50:58.0714 3764  Ntfs - ok
18:50:58.0772 3764  [ 28613C245D9F26190DCEE18430A4EBBE ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
18:50:58.0835 3764  NuidFltr - ok
18:50:58.0873 3764  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
18:50:58.0921 3764  Null - ok
18:50:58.0991 3764  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:50:59.0011 3764  nvraid - ok
18:50:59.0056 3764  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:50:59.0076 3764  nvstor - ok
18:50:59.0120 3764  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:50:59.0139 3764  nv_agp - ok
18:50:59.0180 3764  [ 2CF21D5F8F1B74BB1922135AC2B12DDB ] OA001Ufd        C:\Windows\system32\DRIVERS\OA001Ufd.sys
18:50:59.0230 3764  OA001Ufd - ok
18:50:59.0276 3764  [ 4075063D25AF9DA64101769854B83787 ] OA001Vid        C:\Windows\system32\DRIVERS\OA001Vid.sys
18:50:59.0333 3764  OA001Vid - ok
18:50:59.0562 3764  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:50:59.0620 3764  odserv - ok
18:50:59.0662 3764  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:50:59.0694 3764  ohci1394 - ok
18:50:59.0817 3764  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:50:59.0837 3764  ose - ok
18:50:59.0869 3764  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:50:59.0936 3764  p2pimsvc - ok
18:50:59.0968 3764  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:50:59.0999 3764  p2psvc - ok
18:51:00.0018 3764  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:51:00.0064 3764  Parport - ok
18:51:00.0111 3764  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:51:00.0128 3764  partmgr - ok
18:51:00.0145 3764  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
18:51:00.0181 3764  Parvdm - ok
18:51:00.0206 3764  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:51:00.0223 3764  PcaSvc - ok
18:51:00.0242 3764  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
18:51:00.0255 3764  pci - ok
18:51:00.0294 3764  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
18:51:00.0311 3764  pciide - ok
18:51:00.0357 3764  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:51:00.0380 3764  pcmcia - ok
18:51:00.0399 3764  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
18:51:00.0415 3764  pcw - ok
18:51:00.0454 3764  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:51:00.0523 3764  PEAUTH - ok
18:51:00.0625 3764  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
18:51:00.0753 3764  pla - ok
18:51:00.0840 3764  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:51:00.0908 3764  PlugPlay - ok
18:51:00.0943 3764  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:51:00.0991 3764  PNRPAutoReg - ok
18:51:01.0024 3764  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:51:01.0039 3764  PNRPsvc - ok
18:51:01.0074 3764  [ 7D7A9C17D5455203DEA11E5EF886CC59 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
18:51:01.0088 3764  Point32 - ok
18:51:01.0134 3764  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:51:01.0172 3764  PolicyAgent - ok
18:51:01.0207 3764  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
18:51:01.0239 3764  Power - ok
18:51:01.0273 3764  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:51:01.0305 3764  PptpMiniport - ok
18:51:01.0322 3764  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:51:01.0361 3764  Processor - ok
18:51:01.0401 3764  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
18:51:01.0472 3764  ProfSvc - ok
18:51:01.0497 3764  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:51:01.0509 3764  ProtectedStorage - ok
18:51:01.0527 3764  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:51:01.0561 3764  Psched - ok
18:51:01.0621 3764  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:51:01.0733 3764  ql2300 - ok
18:51:01.0749 3764  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:51:01.0769 3764  ql40xx - ok
18:51:01.0798 3764  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
18:51:01.0826 3764  QWAVE - ok
18:51:01.0849 3764  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:51:01.0868 3764  QWAVEdrv - ok
18:51:01.0958 3764  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
18:51:01.0970 3764  RapiMgr - ok
18:51:01.0996 3764  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:51:02.0028 3764  RasAcd - ok
18:51:02.0069 3764  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:51:02.0130 3764  RasAgileVpn - ok
18:51:02.0162 3764  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
18:51:02.0197 3764  RasAuto - ok
18:51:02.0227 3764  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:51:02.0290 3764  Rasl2tp - ok
18:51:02.0360 3764  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
18:51:02.0419 3764  RasMan - ok
18:51:02.0472 3764  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:51:02.0503 3764  RasPppoe - ok
18:51:02.0532 3764  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:51:02.0593 3764  RasSstp - ok
18:51:02.0663 3764  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:51:02.0724 3764  rdbss - ok
18:51:02.0780 3764  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:51:02.0824 3764  rdpbus - ok
18:51:02.0868 3764  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:51:02.0922 3764  RDPCDD - ok
18:51:02.0966 3764  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:51:02.0995 3764  RDPENCDD - ok
18:51:03.0007 3764  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:51:03.0067 3764  RDPREFMP - ok
18:51:03.0117 3764  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:51:03.0182 3764  RDPWD - ok
18:51:03.0223 3764  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:51:03.0245 3764  rdyboost - ok
18:51:03.0273 3764  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:51:03.0328 3764  RemoteAccess - ok
18:51:03.0387 3764  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:51:03.0439 3764  RemoteRegistry - ok
18:51:03.0509 3764  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
18:51:03.0578 3764  rismxdp - ok
18:51:03.0606 3764  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:51:03.0662 3764  RpcEptMapper - ok
18:51:03.0717 3764  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
18:51:03.0758 3764  RpcLocator - ok
18:51:03.0836 3764  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
18:51:03.0865 3764  RpcSs - ok
18:51:03.0930 3764  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:51:03.0990 3764  rspndr - ok
18:51:04.0024 3764  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
18:51:04.0037 3764  SamSs - ok
18:51:04.0396 3764  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
18:51:04.0462 3764  SBAMSvc - ok
18:51:04.0565 3764  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:51:04.0659 3764  sbp2port - ok
18:51:04.0689 3764  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:51:04.0755 3764  SCardSvr - ok
18:51:04.0794 3764  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:51:04.0830 3764  scfilter - ok
18:51:04.0888 3764  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
18:51:04.0959 3764  Schedule - ok
18:51:04.0997 3764  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:51:05.0021 3764  SCPolicySvc - ok
18:51:05.0062 3764  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:51:05.0103 3764  sdbus - ok
18:51:05.0159 3764  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:51:05.0226 3764  SDRSVC - ok
18:51:05.0254 3764  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:51:05.0303 3764  secdrv - ok
18:51:05.0348 3764  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
18:51:05.0400 3764  seclogon - ok
18:51:05.0437 3764  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
18:51:05.0494 3764  SENS - ok
18:51:05.0548 3764  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:51:05.0617 3764  SensrSvc - ok
18:51:05.0643 3764  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:51:05.0685 3764  Serenum - ok
18:51:05.0754 3764  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:51:05.0792 3764  Serial - ok
18:51:05.0855 3764  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:51:05.0873 3764  sermouse - ok
18:51:05.0961 3764  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:51:06.0013 3764  SessionEnv - ok
18:51:06.0036 3764  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
18:51:06.0103 3764  sffdisk - ok
18:51:06.0131 3764  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:51:06.0147 3764  sffp_mmc - ok
18:51:06.0166 3764  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
18:51:06.0202 3764  sffp_sd - ok
18:51:06.0254 3764  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:51:06.0273 3764  sfloppy - ok
18:51:06.0350 3764  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:51:06.0406 3764  SharedAccess - ok
18:51:06.0439 3764  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:51:06.0495 3764  ShellHWDetection - ok
18:51:06.0553 3764  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:51:06.0571 3764  sisagp - ok
18:51:06.0616 3764  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:51:06.0633 3764  SiSRaid2 - ok
18:51:06.0650 3764  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:51:06.0669 3764  SiSRaid4 - ok
18:51:06.0759 3764  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:51:06.0812 3764  SkypeUpdate - ok
18:51:06.0874 3764  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:51:06.0906 3764  Smb - ok
18:51:06.0961 3764  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:51:06.0979 3764  SNMPTRAP - ok
18:51:07.0003 3764  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:51:07.0019 3764  spldr - ok
18:51:07.0092 3764  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
18:51:07.0166 3764  Spooler - ok
18:51:07.0298 3764  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
18:51:07.0356 3764  sppsvc - ok
18:51:07.0395 3764  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:51:07.0464 3764  sppuinotify - ok
18:51:07.0497 3764  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:51:07.0587 3764  srv - ok
18:51:07.0607 3764  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:51:07.0647 3764  srv2 - ok
18:51:07.0726 3764  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:51:07.0757 3764  srvnet - ok
18:51:07.0782 3764  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:51:07.0810 3764  SSDPSRV - ok
18:51:07.0931 3764  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:51:07.0943 3764  ssmdrv - ok
18:51:07.0948 3764  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:51:08.0000 3764  SstpSvc - ok
18:51:08.0630 3764  [ DDEB942850278D67EDC108D57F774BF8 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
18:51:08.0736 3764  STacSV - ok
18:51:08.0784 3764  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:51:08.0808 3764  stexstor - ok
18:51:08.0857 3764  [ C4BE9C3AF8AF6F2E4CDD22FCABF77A1B ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
18:51:08.0942 3764  STHDA - ok
18:51:09.0017 3764  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:51:09.0077 3764  StiSvc - ok
18:51:09.0120 3764  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:51:09.0135 3764  swenum - ok
18:51:09.0197 3764  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
18:51:09.0407 3764  swprv - ok
18:51:09.0596 3764  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
18:51:09.0944 3764  SysMain - ok
18:51:09.0982 3764  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:51:10.0093 3764  TabletInputService - ok
18:51:10.0152 3764  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:51:10.0179 3764  TapiSrv - ok
18:51:10.0199 3764  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
18:51:10.0258 3764  TBS - ok
18:51:10.0489 3764  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:51:10.0575 3764  Tcpip - ok
18:51:10.0633 3764  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:51:10.0663 3764  TCPIP6 - ok
18:51:10.0748 3764  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:51:10.0790 3764  tcpipreg - ok
18:51:10.0846 3764  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:51:10.0903 3764  TDPIPE - ok
18:51:10.0930 3764  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:51:10.0963 3764  TDTCP - ok
18:51:11.0022 3764  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:51:11.0076 3764  tdx - ok
18:51:11.0121 3764  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:51:11.0141 3764  TermDD - ok
18:51:11.0181 3764  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
18:51:11.0250 3764  TermService - ok
18:51:11.0306 3764  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
18:51:11.0328 3764  Themes - ok
18:51:11.0342 3764  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:51:11.0369 3764  THREADORDER - ok
18:51:11.0386 3764  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
18:51:11.0444 3764  TrkWks - ok
18:51:11.0542 3764  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:51:11.0596 3764  TrustedInstaller - ok
18:51:11.0622 3764  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:51:11.0670 3764  tssecsrv - ok
18:51:11.0721 3764  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:51:11.0759 3764  TsUsbFlt - ok
18:51:11.0811 3764  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:51:11.0872 3764  tunnel - ok
18:51:11.0922 3764  [ 56E601B1B99E63EC28E0DAB06A25568F ] TwBus           C:\Windows\system32\DRIVERS\TwBus.sys
18:51:11.0954 3764  TwBus - ok
18:51:12.0009 3764  TwDrvService - ok
18:51:12.0012 3764  TwRegSvc - ok
18:51:12.0046 3764  [ D7A7B56D18ECA54B682F67759FFB1D08 ] TwTouch         C:\Windows\system32\DRIVERS\TwTouch.sys
18:51:12.0112 3764  TwTouch - ok
18:51:12.0136 3764  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:51:12.0154 3764  uagp35 - ok
18:51:12.0176 3764  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:51:12.0236 3764  udfs - ok
18:51:12.0341 3764  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
18:51:12.0361 3764  UI Assistant Service - ok
18:51:12.0395 3764  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:51:12.0436 3764  UI0Detect - ok
18:51:12.0487 3764  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:51:12.0505 3764  uliagpkx - ok
18:51:12.0546 3764  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:51:12.0596 3764  umbus - ok
18:51:12.0643 3764  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:51:12.0668 3764  UmPass - ok
18:51:12.0705 3764  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
18:51:12.0744 3764  upnphost - ok
18:51:12.0777 3764  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:51:12.0815 3764  usbaudio - ok
18:51:12.0861 3764  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:51:12.0917 3764  usbccgp - ok
18:51:12.0949 3764  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:51:12.0972 3764  usbcir - ok
18:51:12.0993 3764  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:51:13.0011 3764  usbehci - ok
18:51:13.0046 3764  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:51:13.0097 3764  usbhub - ok
18:51:13.0112 3764  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:51:13.0143 3764  usbohci - ok
18:51:13.0204 3764  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:51:13.0223 3764  usbprint - ok
18:51:13.0250 3764  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:51:13.0291 3764  usbscan - ok
18:51:13.0316 3764  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:51:13.0375 3764  USBSTOR - ok
18:51:13.0399 3764  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:51:13.0415 3764  usbuhci - ok
18:51:13.0450 3764  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:51:13.0472 3764  usbvideo - ok
18:51:13.0492 3764  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
18:51:13.0523 3764  UxSms - ok
18:51:13.0533 3764  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
18:51:13.0546 3764  VaultSvc - ok
18:51:13.0580 3764  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
18:51:13.0602 3764  VClone - ok
18:51:13.0625 3764  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:51:13.0642 3764  vdrvroot - ok
18:51:13.0678 3764  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
18:51:13.0743 3764  vds - ok
18:51:13.0792 3764  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:51:13.0834 3764  vga - ok
18:51:13.0885 3764  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:51:13.0915 3764  VgaSave - ok
18:51:13.0942 3764  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:51:13.0965 3764  vhdmp - ok
18:51:14.0002 3764  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:51:14.0020 3764  viaagp - ok
18:51:14.0038 3764  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
18:51:14.0077 3764  ViaC7 - ok
18:51:14.0130 3764  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
18:51:14.0146 3764  viaide - ok
18:51:14.0173 3764  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:51:14.0189 3764  volmgr - ok
18:51:14.0212 3764  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:51:14.0241 3764  volmgrx - ok
18:51:14.0260 3764  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:51:14.0290 3764  volsnap - ok
18:51:14.0318 3764  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:51:14.0338 3764  vsmraid - ok
18:51:14.0381 3764  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
18:51:14.0486 3764  VSS - ok
18:51:14.0520 3764  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:51:14.0554 3764  vwifibus - ok
18:51:14.0625 3764  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
18:51:14.0667 3764  W32Time - ok
18:51:14.0699 3764  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:51:14.0742 3764  WacomPen - ok
18:51:14.0788 3764  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:51:14.0818 3764  WANARP - ok
18:51:14.0822 3764  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:51:14.0846 3764  Wanarpv6 - ok
18:51:14.0941 3764  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:51:15.0041 3764  WatAdminSvc - ok
18:51:15.0102 3764  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
18:51:15.0236 3764  wbengine - ok
18:51:15.0264 3764  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:51:15.0312 3764  WbioSrvc - ok
18:51:15.0406 3764  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:51:15.0420 3764  WcesComm - ok
18:51:15.0458 3764  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:51:15.0497 3764  wcncsvc - ok
18:51:15.0542 3764  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:51:15.0599 3764  WcsPlugInService - ok
18:51:15.0618 3764  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:51:15.0635 3764  Wd - ok
18:51:15.0690 3764  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:51:15.0723 3764  Wdf01000 - ok
18:51:15.0738 3764  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:51:15.0814 3764  WdiServiceHost - ok
18:51:15.0818 3764  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:51:15.0835 3764  WdiSystemHost - ok
18:51:15.0856 3764  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
18:51:15.0887 3764  WebClient - ok
18:51:15.0910 3764  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:51:15.0946 3764  Wecsvc - ok
18:51:15.0965 3764  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:51:16.0023 3764  wercplsupport - ok
18:51:16.0075 3764  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:51:16.0130 3764  WerSvc - ok
18:51:16.0185 3764  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:51:16.0214 3764  WfpLwf - ok
18:51:16.0229 3764  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:51:16.0246 3764  WIMMount - ok
18:51:16.0313 3764  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:51:16.0380 3764  WinDefend - ok
18:51:16.0384 3764  WinHttpAutoProxySvc - ok
18:51:16.0459 3764  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:51:16.0534 3764  Winmgmt - ok
18:51:16.0603 3764  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
18:51:16.0698 3764  WinRM - ok
18:51:16.0769 3764  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB          C:\Windows\system32\DRIVERS\WinUSB.SYS
18:51:16.0804 3764  WINUSB - ok
18:51:16.0855 3764  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:51:16.0944 3764  Wlansvc - ok
18:51:16.0994 3764  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:51:17.0036 3764  WmiAcpi - ok
18:51:17.0085 3764  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:51:17.0129 3764  wmiApSrv - ok
18:51:17.0248 3764  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:51:17.0329 3764  WMPNetworkSvc - ok
18:51:17.0360 3764  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:51:17.0430 3764  WPCSvc - ok
18:51:17.0454 3764  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:51:17.0494 3764  WPDBusEnum - ok
18:51:17.0536 3764  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:51:17.0589 3764  ws2ifsl - ok
18:51:17.0621 3764  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:51:17.0668 3764  wscsvc - ok
18:51:17.0672 3764  WSearch - ok
18:51:17.0781 3764  [ A583F4BF607EBC5709578433207A76A8 ] WTGService      C:\Program Files\Verbindungsassistent\WTGService.exe
18:51:17.0802 3764  WTGService - ok
18:51:17.0892 3764  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:51:17.0930 3764  wuauserv - ok
18:51:17.0983 3764  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:51:18.0020 3764  WudfPf - ok
18:51:18.0091 3764  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:51:18.0112 3764  WUDFRd - ok
18:51:18.0127 3764  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:51:18.0148 3764  wudfsvc - ok
18:51:18.0183 3764  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:51:18.0241 3764  WwanSvc - ok
18:51:18.0311 3764  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:51:18.0371 3764  ZTEusbmdm6k - ok
18:51:18.0418 3764  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:51:18.0434 3764  ZTEusbnmea - ok
18:51:18.0462 3764  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:51:18.0480 3764  ZTEusbser6k - ok
18:51:18.0484 3764  ================ Scan global ===============================
18:51:18.0512 3764  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:51:18.0572 3764  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:51:18.0591 3764  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:51:18.0617 3764  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:51:18.0654 3764  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:51:18.0665 3764  [Global] - ok
18:51:18.0665 3764  ================ Scan MBR ==================================
18:51:18.0678 3764  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:51:19.0039 3764  \Device\Harddisk0\DR0 - ok
18:51:19.0039 3764  ================ Scan VBR ==================================
18:51:19.0082 3764  [ 386B8501A11F9FC2E98E7D726AB29F1B ] \Device\Harddisk0\DR0\Partition1
18:51:19.0084 3764  \Device\Harddisk0\DR0\Partition1 - ok
18:51:19.0087 3764  [ 007CC6B711EDDD1604A694A9CC091B2F ] \Device\Harddisk0\DR0\Partition2
18:51:19.0088 3764  \Device\Harddisk0\DR0\Partition2 - ok
18:51:19.0124 3764  [ 431A0D143DB34BD803F586BF2FA4CB92 ] \Device\Harddisk0\DR0\Partition3
18:51:19.0126 3764  \Device\Harddisk0\DR0\Partition3 - ok
18:51:19.0126 3764  ============================================================
18:51:19.0127 3764  Scan finished
18:51:19.0127 3764  ============================================================
18:51:19.0135 0620  Detected object count: 0
18:51:19.0135 0620  Actual detected object count: 0
18:51:38.0859 1692  Deinitialize success

markusg · 09.06.2013, 17:55

ok.
sichere Daten auf nen externen datenträger: http://forum.chip.de/viren-trojaner-...c-1736596.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html[/LIST]2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Grave1 · 09.06.2013, 18:22

Eine FRage hab ich noch. Hab einen fertigen Dell Studio 17. Der wurde damals mit Windows Vista ausgeliefert. Habe mir dann Windows 7 Home Premium als Upgrade gekauft.
Habe leider die Daten des Original-Dell-Backup nicht mehr, somit auch kein Windows Vista mehr.
Funktionieren mein Product-Key auch mit den hier zum download angebotenen ISO´s?

09.06.2013, 17:08	#4
markusg /// Malware-holic	Onlinebanking wird umgeleitet hochladen solltest du moved files, nicht gmer.log __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Onlinebanking wird umgeleitet

Log-Analyse und Auswertung: Onlinebanking wird umgeleitet