Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hotmail versendet automatisch Junk-Mail/Trojaner auf dem System gefunden (https://www.trojaner-board.de/115187-hotmail-versendet-automatisch-junk-mail-trojaner-system-gefunden.html)

hohesC 15.05.2012 19:06
Hotmail versendet automatisch Junk-Mail/Trojaner auf dem System gefunden
 
Hallo

Am Wochenende musste ich mich neu bei Hotmail einloggen, neues Kennwort, da von meinem Konto aus Junk-mail an meine Kontakte verschickt wurde. Hotmail hatte mein Konto geblockt, ich habe es dann mit einem neuen Kennwort wieder eröffnet. Am Morgen dachte ich, ich sollte lieber mein System durchckecken, vielleicht hab ich mir etwas eingefangen. Hab dann Avira laufen lassen und es hat auch etwas unter Java entdeckt und in die Quarantäne verschoben (Bild unten). Danach habe ich gegoggelt und bin auf dieses Forum gestossen, auf dem ähnliche (Hotmail & Junk-mail) Probleme bereits behandelt wurden. Ich habe mir daraufhin den Malwarebyte geladen und laufen lassen (Log unten) und Eset-Online (Log unten). Eset hat nochmal einen Trojaner gefunden. Des weiteren findet ihr defogger+ dds Daten (Log unten + im Anhang).

Danke

Avira

http://up.picr.de/10495853ud.gif
http://up.picr.de/10495854kq.gif

Malwarebytes
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
************ :: ********** [Administrator]

Schutz: Aktiviert

13.05.2012 08:22:04
mbam-log-2012-05-13 (08-22-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 515763
Laufzeit: 35 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes 2
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
********* :: ********** [Administrator]

Schutz: Aktiviert

13.05.2012 09:26:16
mbam-log-2012-05-13 (09-26-16).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 167058
Laufzeit: 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Eset
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9a5dc07bc89c7a4aa260aa40a2d3b601
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 07:43:26
# local_time=2012-05-14 09:43:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18937020 18937020 0 0
# compatibility_mode=5893 16776574 100 94 104 88648392 0 0
# compatibility_mode=8192 67108863 100 0 397 397 0 0
# scanned=320278
# found=1
# cleaned=1
# scan_time=6063
G:\********\Backup Set 2012-04-01 190000\Backup Files 2012-05-01 190000\Backup files 3.zip        Java/Exploit.CVE-2012-0507.K trojan (deleted - quarantined)        00000000000000000000000000000000        C
DDS-Editor
[CODE].DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by ******** at 19:20:26 on 2012-05-15
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8189.6193 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6447E312-9907-4019-A0EA-0C555CA68067} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hauptstrasse 131\AppData\Roaming\Mozilla\Firefox\Profiles\p7jg0vdx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/10/08 18:52:26];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-10-8 148976]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-8 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-8 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-10-8 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-10-8 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-10-8 312616]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-10-8 75248]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-5-13 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-5-13 838136]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-5-13 166528]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MTSBDA;TechniSat CableStar HD2;C:\Windows\system32\Drivers\MtsBda.sys --> C:\Windows\system32\Drivers\MtsBda.sys [?]
R3 MtsHID;TechniSat Mantis BDA HID Driver;C:\Windows\system32\drivers\MtsHID.sys --> C:\Windows\system32\drivers\MtsHID.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-6 257696]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-10-31 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-31 30528]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVLAN60.sys --> C:\Windows\system32\DRIVERS\RtVLAN60.sys [?]
.
=============== Created Last 30 ================
.
2012-05-14 17:55:45        --------        d-----w-        C:\Program Files (x86)\ESET
2012-05-13 07:47:51        --------        d-----w-        C:\ProgramData\Spybot - Search & Destroy
2012-05-13 07:47:47        17272        ----a-w-        C:\Windows\System32\sdnclean64.exe
2012-05-13 07:47:45        --------        d-----w-        C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-05-13 06:20:37        --------        d-----w-        C:\Users\Hauptstrasse 131\AppData\Roaming\Malwarebytes
2012-05-13 06:20:33        24904        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2012-05-13 06:20:33        --------        d-----w-        C:\ProgramData\Malwarebytes
2012-05-13 06:20:33        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-11 18:10:20        8917360        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB0F34AF-4DDF-4E94-B004-EC1524C12A16}\mpengine.dll
2012-05-06 10:48:14        8769696        ----a-w-        C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-06 10:43:49        419488        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-27 17:31:06        157352        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 17:31:06        129976        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-27 17:31:06        --------        d-----w-        C:\Program Files (x86)\Mozilla Maintenance Service
.
==================== Find3M  ====================
.
2012-05-08 17:51:04        98848        ----a-w-        C:\Windows\System32\drivers\avgntflt.sys
2012-05-06 10:48:19        70304        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 06:05:57        5559664        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37        3913072        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03        3146240        ----a-w-        C:\Windows\System32\win32k.sys
2012-03-30 11:35:47        1918320        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2012-03-18 08:53:25        472808        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2012-03-18 08:43:27        525544        ----a-w-        C:\Windows\System32\deployJava1.dll
2012-03-17 07:58:57        75120        ----a-w-        C:\Windows\System32\drivers\partmgr.sys
2012-03-03 06:35:38        1544704        ----a-w-        C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19        1077248        ----a-w-        C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16        23408        ----a-w-        C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27        220672        ----a-w-        C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50        81408        ----a-w-        C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47        5120        ----a-w-        C:\Windows\System32\wmi.dll
2012-03-01 05:37:41        172544        ----a-w-        C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23        159232        ----a-w-        C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16        5120        ----a-w-        C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48        2311168        ----a-w-        C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56        1390080        ----a-w-        C:\Windows\System32\wininet.dll
2012-02-28 06:48:57        1493504        ----a-w-        C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55        1799168        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21        1427456        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07        1127424        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36        279656        ------w-        C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26        1031680        ----a-w-        C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22        826880        ----a-w-        C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32        23552        ----a-w-        C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 19:20:39,82 ===============
--- --- ---



Attach-Editor
als Zip

cosinus 19.05.2012 12:19
Was sind das für Funde in "Napoleon Total War" ?

hohesC 19.05.2012 14:01
Zitat:
Was sind das für Funde in "Napoleon Total War" ?
Ehrlich gesagt keine Ahnung, hab ich wohl im Januar ignoriert. Europe in Conflict ist ein Mod für das Napoleon Total War Spiel, kein Crack oder so etwas..Im Januar kam die Version 2.0 raus, da hab ich mir das runtergeladen und installiert. Die Spiele liegen nicht auf meiner System HDD. O.K weiss nicht ob Steam da keine Verknüpfungen gesetzt hat..

schlimm?

cosinus 20.05.2012 19:39
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

hohesC 21.05.2012 09:53
Danke für die Rückmeldung

1. Beim anmelden und Arbeiten unter Windows habe ich keine Probleme

2. Da ist mir bisher nichts aufgefallen, werde das aber heute Abend genauestens überprüfen

Zum "tr crypt.xpack.gen" im Steam Ordner findet man unter google viele widersprüchliche Aussagen. Da heisst es der PC ist gefährdet (Online banking etc), oder es ist ein Fehler der Antiviren Programme, die die datei als Trojaner erkennen...

Leider gibt ja noch weitere Funde :heulen:

cosinus 21.05.2012 10:25
Zitat:
Leider gibt ja noch weitere Funde
Was bringt mir diese Aussage wenn du nicht das Log dazu postest oder meinst du was anderes bzw. das Log was schon oben gepostet wurde

hohesC 21.05.2012 11:54
Zitat:
Leider gibt ja noch weitere Funde

Was bringt mir diese Aussage wenn du nicht das Log dazu postest oder meinst du was anderes bzw. das Log was schon oben gepostet wurde
Sorry, war wohl ein verwirrender Kommentar meinerseits. Ich meinte die Funde im Log oben von Avira (13.05.12) und der eine Fund von Eset online.

cosinus 21.05.2012 12:03
Ok, dann melde dich nachher ob du irgendwas an Symbolen/Dateien oder so vermisst weil nicht sichtbar etc.

Falls etwas nicht sichtbar ist => Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

hohesC 21.05.2012 18:08
Zitat:
Ok, dann melde dich nachher ob du irgendwas an Symbolen/Dateien oder so vermisst weil nicht sichtbar etc.
Ich vermisse nichts an Symbolen in der Startleiste. Es fehlen auch keine Ordner bzw. es gibt keine leeren Ordner unter "Alle Programme". Habe auch alle Unterordner überprüft.

cosinus 21.05.2012 18:55
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

hohesC 21.05.2012 19:37
Code:
OTL logfile created on: 21.05.2012 20:30:12 - Run 1
OTL by OldTimer - Version 3.2.43.1    Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,00% Memory free
15,99 Gb Paging File | 14,37 Gb Available in Paging File | 89,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 27,75 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
Drive E: | 232,87 Gb Total Space | 200,53 Gb Free Space | 86,11% Space Free | Partition Type: NTFS
Drive F: | 232,89 Gb Total Space | 75,90 Gb Free Space | 32,59% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 89,43 Gb Free Space | 38,40% Space Free | Partition Type: NTFS
Drive H: | 697,98 Gb Total Space | 576,84 Gb Free Space | 82,64% Space Free | Partition Type: NTFS
 
Computer Name: HAUPTSTRASSE131 | User Name: Hauptstrasse 131 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.21 20:27:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2012.05.10 16:29:50 | 003,349,488 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.05.10 16:29:02 | 000,838,136 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.05.10 16:28:58 | 001,122,296 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.05.08 19:51:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:51:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:51:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.22 10:55:02 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.20 05:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.03.31 15:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011.03.31 15:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.10 16:28:12 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.05.10 16:28:10 | 000,517,632 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.05.10 16:28:10 | 000,410,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.08 19:51:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:51:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.06 12:48:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.27 19:31:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.12 19:22:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.20 05:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.03.31 15:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.03.31 15:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:51:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:51:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.11 09:19:58 | 000,313,648 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.09.02 22:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2011.09.02 22:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011.07.06 12:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011.06.16 12:11:38 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.06.01 05:16:50 | 000,535,656 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2009.07.20 04:27:34 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009.07.15 12:01:54 | 000,344,592 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MtsBda.sys -- (MTSBDA)
DRV:64bit: - [2009.07.15 12:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV - [2011.11.22 22:37:56 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011.11.22 22:37:53 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.11.03 21:54:01 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2011.04.20 05:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011.04.12 11:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/10/08 18:52:26] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4222842913-2195330551-1031498239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4222842913-2195330551-1031498239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4222842913-2195330551-1031498239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 34 11 01 E3 04 CD 01  [binary data]
IE - HKU\S-1-5-21-4222842913-2195330551-1031498239-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4222842913-2195330551-1031498239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.27 19:31:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.10.08 22:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauptstrasse 131\AppData\Roaming\mozilla\Extensions
[2012.05.02 20:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauptstrasse 131\AppData\Roaming\mozilla\Firefox\Profiles\p7jg0vdx.default\extensions
[2012.02.26 13:28:33 | 000,000,933 | ---- | M] () -- C:\Users\Hauptstrasse 131\AppData\Roaming\Mozilla\Firefox\Profiles\p7jg0vdx.default\searchplugins\11-suche.xml
[2012.02.26 13:28:33 | 000,002,419 | ---- | M] () -- C:\Users\Hauptstrasse 131\AppData\Roaming\Mozilla\Firefox\Profiles\p7jg0vdx.default\searchplugins\englische-ergebnisse.xml
[2012.02.26 13:28:33 | 000,010,525 | ---- | M] () -- C:\Users\Hauptstrasse 131\AppData\Roaming\Mozilla\Firefox\Profiles\p7jg0vdx.default\searchplugins\gmx-suche.xml
[2012.02.26 13:28:33 | 000,002,457 | ---- | M] () -- C:\Users\Hauptstrasse 131\AppData\Roaming\Mozilla\Firefox\Profiles\p7jg0vdx.default\searchplugins\lastminute.xml
[2012.05.01 11:09:32 | 000,005,489 | ---- | M] () -- C:\Users\Hauptstrasse 131\AppData\Roaming\Mozilla\Firefox\Profiles\p7jg0vdx.default\searchplugins\webde-suche.xml
[2012.04.27 19:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.12 09:45:05 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\HAUPTSTRASSE 131\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P7JG0VDX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.05.01 11:09:31 | 000,574,144 | ---- | M] () (No name found) -- C:\USERS\HAUPTSTRASSE 131\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P7JG0VDX.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.04.27 19:31:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.18 20:01:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 20:01:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.18 20:01:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 20:01:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 20:01:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 20:01:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4222842913-2195330551-1031498239-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6447E312-9907-4019-A0EA-0C555CA68067}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0767dd22-f255-11e0-9a7c-00241dd5ef94}\Shell - "" = AutoRun
O33 - MountPoints2\{0767dd22-f255-11e0-9a7c-00241dd5ef94}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: RemoteControl11 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.14 19:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.13 09:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.13 09:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.05.13 09:47:47 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012.05.13 09:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.05.13 08:20:37 | 000,000,000 | ---D | C] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Malwarebytes
[2012.05.13 08:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.13 08:20:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.13 08:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.13 08:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.10 20:06:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.10 19:44:54 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 19:44:53 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 19:44:52 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 19:44:52 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.06 12:48:14 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.06 12:43:49 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.27 19:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.27 19:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.21 19:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.21 18:53:03 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.21 18:53:03 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.21 18:52:44 | 001,612,736 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.21 18:52:44 | 000,696,682 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.21 18:52:44 | 000,652,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.21 18:52:44 | 000,147,978 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.21 18:52:44 | 000,120,932 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.21 18:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.15 20:05:13 | 000,010,614 | ---- | M] () -- C:\Users\Hauptstrasse 131\Documents\Avira I.GIF
[2012.05.15 20:04:40 | 000,023,599 | ---- | M] () -- C:\Users\Hauptstrasse 131\Documents\Avira 2.GIF
[2012.05.15 19:57:36 | 000,002,096 | ---- | M] () -- C:\Users\Hauptstrasse 131\Documents\Attach.zip
[2012.05.15 19:19:46 | 000,000,000 | ---- | M] () -- C:\Users\Hauptstrasse 131\defogger_reenable
[2012.05.13 09:47:50 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.05.11 07:23:31 | 000,416,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.08 19:51:04 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 19:51:04 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 12:48:19 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.06 12:48:19 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.06 12:48:14 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2012.05.15 19:57:36 | 000,002,096 | ---- | C] () -- C:\Users\Hauptstrasse 131\Documents\Attach.zip
[2012.05.15 19:44:01 | 000,023,599 | ---- | C] () -- C:\Users\Hauptstrasse 131\Documents\Avira 2.GIF
[2012.05.15 19:43:27 | 000,010,614 | ---- | C] () -- C:\Users\Hauptstrasse 131\Documents\Avira I.GIF
[2012.05.15 19:19:46 | 000,000,000 | ---- | C] () -- C:\Users\Hauptstrasse 131\defogger_reenable
[2012.05.13 09:47:50 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.05.13 09:47:50 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.05.06 12:43:49 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.10.31 09:06:16 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.10.13 20:53:10 | 001,589,694 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.08 16:08:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.09 08:38:54 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Adobe
[2012.04.06 14:45:51 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\AllDup
[2012.01.26 10:34:00 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Apple Computer
[2011.10.08 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Avira
[2011.10.09 11:26:05 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Canneverbe Limited
[2011.10.15 10:24:43 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\CANON INC
[2012.04.09 19:15:40 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\CD-LabelPrint
[2011.10.09 21:40:08 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\CyberLink
[2011.12.13 20:28:20 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\FastStone
[2012.04.08 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\HandBrake
[2011.10.08 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Identities
[2011.10.09 21:24:51 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\InfraRecorder
[2011.10.16 13:25:08 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\InstallShield
[2011.10.08 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Macromedia
[2012.05.13 08:20:37 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Media Center Programs
[2012.05.12 15:29:44 | 000,000,000 | --SD | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Microsoft
[2011.10.08 22:19:27 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\Mozilla
[2012.04.05 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\MusicBee
[2012.01.28 17:29:21 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\RavensburgerTipToi
[2011.10.16 13:24:32 | 000,000,000 | RH-D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\SecuROM
[2011.10.16 13:22:10 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\The Creative Assembly
[2011.10.08 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\WinRAR
[2012.05.06 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Hauptstrasse 131\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 21.05.2012 20:37
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0767dd22-f255-11e0-9a7c-00241dd5ef94}\Shell - "" = AutoRun
O33 - MountPoints2\{0767dd22-f255-11e0-9a7c-00241dd5ef94}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hohesC 22.05.2012 18:35
Es wurde kein Log-File geöffnet, nachdem ich O.K gedrückt habe. Danach wollte er Neustart - habe ich abgebrochen, da ich dachte ich finde das Log File auf dem Rechner. Finde es leider nicht.

Edit: Ich habs gefunden - war auf einer anderen HDD abgelegt :pfeiff:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0767dd22-f255-11e0-9a7c-00241dd5ef94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0767dd22-f255-11e0-9a7c-00241dd5ef94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0767dd22-f255-11e0-9a7c-00241dd5ef94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0767dd22-f255-11e0-9a7c-00241dd5ef94}\ not found.
File "J:\WD SmartWare.exe" autoplay=true not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hauptstrasse 131
->Temp folder emptied: 10505122 bytes
->Temporary Internet Files folder emptied: 7541319 bytes
->Java cache emptied: 691385 bytes
->FireFox cache emptied: 55823504 bytes
->Flash cache emptied: 470 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 234411600 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 26377484 bytes
 
Total Files Cleaned = 320,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Hauptstrasse 131
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05222012_192727
Gruss
hohesC

Ich habe jetzt einen Neustart gemacht (über Windows) und nach dem Anmelden hat er mir das Log File geöffnet..

cosinus 22.05.2012 18:45
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

hohesC 22.05.2012 18:52
drei threats gefunden

Code:
19:49:04.0498 1120        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:49:04.0608 1120        ============================================================
19:49:04.0608 1120        Current date / time: 2012/05/22 19:49:04.0608
19:49:04.0608 1120        SystemInfo:
19:49:04.0608 1120       
19:49:04.0608 1120        OS Version: 6.1.7601 ServicePack: 1.0
19:49:04.0608 1120        Product type: Workstation
19:49:04.0608 1120        ComputerName: HAUPTSTRASSE131
19:49:04.0608 1120        UserName: Hauptstrasse 131
19:49:04.0608 1120        Windows directory: C:\Windows
19:49:04.0608 1120        System windows directory: C:\Windows
19:49:04.0608 1120        Running under WOW64
19:49:04.0608 1120        Processor architecture: Intel x64
19:49:04.0608 1120        Number of processors: 4
19:49:04.0608 1120        Page size: 0x1000
19:49:04.0608 1120        Boot type: Normal boot
19:49:04.0608 1120        ============================================================
19:49:04.0842 1120        Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
19:49:04.0857 1120        Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:04.0857 1120        Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:04.0857 1120        Drive \Device\Harddisk3\DR3 - Size: 0xAE7EE00000 (697.98 Gb), SectorSize: 0x200, Cylinders: 0x163EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:49:05.0154 1120        ============================================================
19:49:05.0154 1120        \Device\Harddisk0\DR0:
19:49:05.0154 1120        MBR partitions:
19:49:05.0154 1120        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:49:05.0154 1120        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
19:49:05.0154 1120        \Device\Harddisk2\DR2:
19:49:05.0154 1120        MBR partitions:
19:49:05.0154 1120        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1BC7C0
19:49:05.0154 1120        \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x1D1BC7FF, BlocksNum 0x1D1C8442
19:49:05.0154 1120        \Device\Harddisk1\DR1:
19:49:05.0154 1120        MBR partitions:
19:49:05.0154 1120        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
19:49:05.0154 1120        \Device\Harddisk3\DR3:
19:49:05.0154 1120        MBR partitions:
19:49:05.0154 1120        \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x573F6800
19:49:05.0154 1120        ============================================================
19:49:05.0169 1120        C: <-> \Device\Harddisk0\DR0\Partition1
19:49:05.0247 1120        H: <-> \Device\Harddisk3\DR3\Partition0
19:49:05.0247 1120        G: <-> \Device\Harddisk1\DR1\Partition0
19:49:05.0294 1120        E: <-> \Device\Harddisk2\DR2\Partition0
19:49:05.0310 1120        F: <-> \Device\Harddisk2\DR2\Partition1
19:49:05.0310 1120        ============================================================
19:49:05.0310 1120        Initialize success
19:49:05.0310 1120        ============================================================
19:50:23.0466 2284        ============================================================
19:50:23.0466 2284        Scan started
19:50:23.0466 2284        Mode: Manual; SigCheck; TDLFS;
19:50:23.0466 2284        ============================================================
19:50:23.0606 2284        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:50:23.0653 2284        1394ohci - ok
19:50:23.0653 2284        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:50:23.0668 2284        ACPI - ok
19:50:23.0668 2284        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:50:23.0684 2284        AcpiPmi - ok
19:50:23.0684 2284        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:50:23.0700 2284        AdobeARMservice - ok
19:50:23.0715 2284        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:50:23.0715 2284        AdobeFlashPlayerUpdateSvc - ok
19:50:23.0731 2284        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:50:23.0746 2284        adp94xx - ok
19:50:23.0746 2284        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:50:23.0762 2284        adpahci - ok
19:50:23.0762 2284        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:50:23.0778 2284        adpu320 - ok
19:50:23.0778 2284        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:50:23.0809 2284        AeLookupSvc - ok
19:50:23.0824 2284        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:50:23.0840 2284        AFD - ok
19:50:23.0840 2284        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:50:23.0856 2284        agp440 - ok
19:50:23.0856 2284        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:50:23.0856 2284        ALG - ok
19:50:23.0871 2284        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:50:23.0871 2284        aliide - ok
19:50:23.0871 2284        AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
19:50:23.0902 2284        AMD External Events Utility - ok
19:50:23.0902 2284        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:50:23.0902 2284        amdide - ok
19:50:23.0902 2284        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:50:23.0918 2284        AmdK8 - ok
19:50:24.0012 2284        amdkmdag        (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
19:50:24.0121 2284        amdkmdag - ok
19:50:24.0136 2284        amdkmdap        (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
19:50:24.0152 2284        amdkmdap - ok
19:50:24.0152 2284        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:50:24.0152 2284        AmdPPM - ok
19:50:24.0168 2284        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:50:24.0168 2284        amdsata - ok
19:50:24.0168 2284        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:50:24.0183 2284        amdsbs - ok
19:50:24.0183 2284        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:50:24.0199 2284        amdxata - ok
19:50:24.0199 2284        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:50:24.0199 2284        AntiVirSchedulerService - ok
19:50:24.0214 2284        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:50:24.0214 2284        AntiVirService - ok
19:50:24.0214 2284        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:50:24.0261 2284        AppID - ok
19:50:24.0277 2284        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:50:24.0292 2284        AppIDSvc - ok
19:50:24.0292 2284        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:50:24.0324 2284        Appinfo - ok
19:50:24.0324 2284        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:50:24.0339 2284        arc - ok
19:50:24.0339 2284        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:50:24.0339 2284        arcsas - ok
19:50:24.0355 2284        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:50:24.0370 2284        aspnet_state - ok
19:50:24.0370 2284        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:50:24.0402 2284        AsyncMac - ok
19:50:24.0402 2284        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:50:24.0402 2284        atapi - ok
19:50:24.0402 2284        atillk64 - ok
19:50:24.0417 2284        AtiPcie        (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:50:24.0558 2284        AtiPcie - ok
19:50:24.0573 2284        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:50:24.0604 2284        AudioEndpointBuilder - ok
19:50:24.0604 2284        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:50:24.0636 2284        AudioSrv - ok
19:50:24.0636 2284        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
19:50:24.0651 2284        avgntflt - ok
19:50:24.0651 2284        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
19:50:24.0651 2284        avipbb - ok
19:50:24.0667 2284        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:50:24.0667 2284        avkmgr - ok
19:50:24.0667 2284        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:50:24.0682 2284        AxInstSV - ok
19:50:24.0698 2284        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:50:24.0714 2284        b06bdrv - ok
19:50:24.0714 2284        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:50:24.0729 2284        b57nd60a - ok
19:50:24.0729 2284        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:50:24.0745 2284        BDESVC - ok
19:50:24.0745 2284        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:50:24.0760 2284        Beep - ok
19:50:24.0776 2284        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:50:24.0807 2284        BFE - ok
19:50:24.0807 2284        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:50:24.0838 2284        BITS - ok
19:50:24.0854 2284        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:50:24.0854 2284        blbdrive - ok
19:50:24.0854 2284        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:50:24.0870 2284        bowser - ok
19:50:24.0870 2284        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:50:24.0885 2284        BrFiltLo - ok
19:50:24.0885 2284        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:50:24.0901 2284        BrFiltUp - ok
19:50:24.0901 2284        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:50:24.0932 2284        Browser - ok
19:50:24.0932 2284        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:50:24.0948 2284        Brserid - ok
19:50:24.0948 2284        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:50:24.0963 2284        BrSerWdm - ok
19:50:24.0963 2284        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:50:24.0963 2284        BrUsbMdm - ok
19:50:24.0963 2284        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:50:24.0979 2284        BrUsbSer - ok
19:50:24.0979 2284        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:50:24.0994 2284        BTHMODEM - ok
19:50:24.0994 2284        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:50:25.0026 2284        bthserv - ok
19:50:25.0026 2284        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:50:25.0057 2284        cdfs - ok
19:50:25.0057 2284        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:50:25.0072 2284        cdrom - ok
19:50:25.0072 2284        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:50:25.0088 2284        CertPropSvc - ok
19:50:25.0104 2284        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:50:25.0104 2284        circlass - ok
19:50:25.0119 2284        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:50:25.0119 2284        CLFS - ok
19:50:25.0135 2284        CLHNServiceForPowerDVD (4aa6694fb767bbff6a8ef080806447bd) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
19:50:25.0135 2284        CLHNServiceForPowerDVD - ok
19:50:25.0135 2284        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:50:25.0150 2284        clr_optimization_v2.0.50727_32 - ok
19:50:25.0150 2284        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:50:25.0166 2284        clr_optimization_v2.0.50727_64 - ok
19:50:25.0166 2284        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:50:25.0182 2284        clr_optimization_v4.0.30319_32 - ok
19:50:25.0197 2284        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:50:25.0213 2284        clr_optimization_v4.0.30319_64 - ok
19:50:25.0213 2284        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:50:25.0213 2284        CmBatt - ok
19:50:25.0213 2284        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:50:25.0228 2284        cmdide - ok
19:50:25.0228 2284        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:50:25.0260 2284        CNG - ok
19:50:25.0260 2284        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:50:25.0260 2284        Compbatt - ok
19:50:25.0260 2284        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:50:25.0275 2284        CompositeBus - ok
19:50:25.0275 2284        COMSysApp - ok
19:50:25.0275 2284        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:50:25.0291 2284        crcdisk - ok
19:50:25.0291 2284        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:50:25.0322 2284        CryptSvc - ok
19:50:25.0322 2284        CyberLink PowerDVD 11.0 Monitor Service (d3484412eae43685e3ad304c9979f30e) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
19:50:25.0338 2284        CyberLink PowerDVD 11.0 Monitor Service - ok
19:50:25.0338 2284        CyberLink PowerDVD 11.0 Service (4b0f03af88ff89441ef57175849c3961) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
19:50:25.0353 2284        CyberLink PowerDVD 11.0 Service - ok
19:50:25.0353 2284        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:50:25.0384 2284        DcomLaunch - ok
19:50:25.0400 2284        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:50:25.0416 2284        defragsvc - ok
19:50:25.0431 2284        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:50:25.0462 2284        DfsC - ok
19:50:25.0462 2284        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:50:25.0494 2284        Dhcp - ok
19:50:25.0494 2284        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:50:25.0509 2284        discache - ok
19:50:25.0525 2284        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:50:25.0525 2284        Disk - ok
19:50:25.0540 2284        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:50:25.0540 2284        Dnscache - ok
19:50:25.0556 2284        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:50:25.0572 2284        dot3svc - ok
19:50:25.0587 2284        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:50:25.0603 2284        DPS - ok
19:50:25.0603 2284        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:50:25.0618 2284        drmkaud - ok
19:50:25.0634 2284        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:50:25.0650 2284        DXGKrnl - ok
19:50:25.0650 2284        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:50:25.0681 2284        EapHost - ok
19:50:25.0712 2284        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:50:25.0743 2284        ebdrv - ok
19:50:25.0759 2284        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:50:25.0759 2284        EFS - ok
19:50:25.0774 2284        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:50:25.0790 2284        ehRecvr - ok
19:50:25.0790 2284        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:50:25.0806 2284        ehSched - ok
19:50:25.0806 2284        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:50:25.0821 2284        elxstor - ok
19:50:25.0821 2284        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:50:25.0837 2284        ErrDev - ok
19:50:25.0837 2284        etdrv          (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
19:50:25.0852 2284        etdrv - ok
19:50:25.0852 2284        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:50:25.0884 2284        EventSystem - ok
19:50:25.0884 2284        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:50:25.0915 2284        exfat - ok
19:50:25.0915 2284        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:50:25.0946 2284        fastfat - ok
19:50:25.0946 2284        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:50:25.0962 2284        Fax - ok
19:50:25.0962 2284        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:50:25.0977 2284        fdc - ok
19:50:25.0977 2284        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:50:26.0008 2284        fdPHost - ok
19:50:26.0008 2284        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:50:26.0024 2284        FDResPub - ok
19:50:26.0040 2284        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:50:26.0040 2284        FileInfo - ok
19:50:26.0040 2284        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:50:26.0071 2284        Filetrace - ok
19:50:26.0071 2284        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:50:26.0071 2284        flpydisk - ok
19:50:26.0086 2284        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:50:26.0086 2284        FltMgr - ok
19:50:26.0102 2284        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:50:26.0118 2284        FontCache - ok
19:50:26.0133 2284        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:50:26.0133 2284        FontCache3.0.0.0 - ok
19:50:26.0133 2284        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:50:26.0149 2284        FsDepends - ok
19:50:26.0149 2284        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:50:26.0164 2284        Fs_Rec - ok
19:50:26.0164 2284        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:50:26.0180 2284        fvevol - ok
19:50:26.0180 2284        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:50:26.0180 2284        gagp30kx - ok
19:50:26.0196 2284        gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
19:50:26.0196 2284        gdrv - ok
19:50:26.0211 2284        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:50:26.0242 2284        gpsvc - ok
19:50:26.0242 2284        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:50:26.0242 2284        gusvc - ok
19:50:26.0258 2284        GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
19:50:26.0258 2284        GVTDrv64 - ok
19:50:26.0258 2284        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:50:26.0274 2284        hcw85cir - ok
19:50:26.0274 2284        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:50:26.0289 2284        HdAudAddService - ok
19:50:26.0289 2284        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:50:26.0305 2284        HDAudBus - ok
19:50:26.0305 2284        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:50:26.0320 2284        HidBatt - ok
19:50:26.0320 2284        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:50:26.0336 2284        HidBth - ok
19:50:26.0336 2284        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:50:26.0352 2284        HidIr - ok
19:50:26.0352 2284        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:50:26.0367 2284        hidserv - ok
19:50:26.0367 2284        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:50:26.0383 2284        HidUsb - ok
19:50:26.0383 2284        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:50:26.0414 2284        hkmsvc - ok
19:50:26.0414 2284        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:50:26.0430 2284        HomeGroupListener - ok
19:50:26.0430 2284        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:50:26.0445 2284        HomeGroupProvider - ok
19:50:26.0445 2284        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:50:26.0461 2284        HpSAMD - ok
19:50:26.0461 2284        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:50:26.0492 2284        HTTP - ok
19:50:26.0492 2284        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:50:26.0508 2284        hwpolicy - ok
19:50:26.0508 2284        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:50:26.0508 2284        i8042prt - ok
19:50:26.0523 2284        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:50:26.0539 2284        iaStorV - ok
19:50:26.0539 2284        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:50:26.0539 2284        IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:50:26.0539 2284        IDriverT - detected UnsignedFile.Multi.Generic (1)
19:50:26.0554 2284        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:50:26.0570 2284        idsvc - ok
19:50:26.0586 2284        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:50:26.0586 2284        iirsp - ok
19:50:26.0601 2284        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:50:26.0632 2284        IKEEXT - ok
19:50:26.0664 2284        IntcAzAudAddService (4bbb5a55eeb5ec11b20fcbb4cbb49357) C:\Windows\system32\drivers\RTKVHD64.sys
19:50:26.0695 2284        IntcAzAudAddService - ok
19:50:26.0710 2284        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:50:26.0710 2284        intelide - ok
19:50:26.0726 2284        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:50:26.0726 2284        intelppm - ok
19:50:26.0726 2284        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:50:26.0757 2284        IPBusEnum - ok
19:50:26.0757 2284        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:50:26.0788 2284        IpFilterDriver - ok
19:50:26.0788 2284        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:50:26.0820 2284        iphlpsvc - ok
19:50:26.0820 2284        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:50:26.0835 2284        IPMIDRV - ok
19:50:26.0835 2284        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:50:26.0866 2284        IPNAT - ok
19:50:26.0866 2284        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:50:26.0882 2284        IRENUM - ok
19:50:26.0882 2284        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:50:26.0882 2284        isapnp - ok
19:50:26.0898 2284        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:50:26.0898 2284        iScsiPrt - ok
19:50:26.0913 2284        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:50:26.0913 2284        kbdclass - ok
19:50:26.0913 2284        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:50:26.0929 2284        kbdhid - ok
19:50:26.0929 2284        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:50:26.0929 2284        KeyIso - ok
19:50:26.0944 2284        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:50:26.0944 2284        KSecDD - ok
19:50:26.0960 2284        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:50:26.0960 2284        KSecPkg - ok
19:50:26.0960 2284        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:50:26.0991 2284        ksthunk - ok
19:50:26.0991 2284        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:50:27.0022 2284        KtmRm - ok
19:50:27.0022 2284        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:50:27.0054 2284        LanmanServer - ok
19:50:27.0054 2284        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:50:27.0085 2284        LanmanWorkstation - ok
19:50:27.0085 2284        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:50:27.0116 2284        lltdio - ok
19:50:27.0116 2284        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:50:27.0147 2284        lltdsvc - ok
19:50:27.0147 2284        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:50:27.0178 2284        lmhosts - ok
19:50:27.0178 2284        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:50:27.0194 2284        LSI_FC - ok
19:50:27.0194 2284        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:50:27.0210 2284        LSI_SAS - ok
19:50:27.0210 2284        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:50:27.0210 2284        LSI_SAS2 - ok
19:50:27.0225 2284        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:50:27.0225 2284        LSI_SCSI - ok
19:50:27.0225 2284        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:50:27.0256 2284        luafv - ok
19:50:27.0256 2284        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:50:27.0272 2284        MBAMProtector - ok
19:50:27.0272 2284        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:50:27.0288 2284        MBAMService - ok
19:50:27.0288 2284        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:50:27.0303 2284        Mcx2Svc - ok
19:50:27.0303 2284        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:50:27.0319 2284        megasas - ok
19:50:27.0319 2284        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:50:27.0334 2284        MegaSR - ok
19:50:27.0334 2284        Microsoft SharePoint Workspace Audit Service - ok
19:50:27.0334 2284        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:50:27.0366 2284        MMCSS - ok
19:50:27.0366 2284        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:50:27.0397 2284        Modem - ok
19:50:27.0397 2284        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:50:27.0397 2284        monitor - ok
19:50:27.0412 2284        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:50:27.0412 2284        mouclass - ok
19:50:27.0412 2284        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:50:27.0428 2284        mouhid - ok
19:50:27.0428 2284        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:50:27.0444 2284        mountmgr - ok
19:50:27.0444 2284        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:50:27.0444 2284        MozillaMaintenance - ok
19:50:27.0459 2284        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:50:27.0459 2284        mpio - ok
19:50:27.0475 2284        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:50:27.0490 2284        mpsdrv - ok
19:50:27.0506 2284        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:50:27.0537 2284        MpsSvc - ok
19:50:27.0537 2284        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:50:27.0553 2284        MRxDAV - ok
19:50:27.0553 2284        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:50:27.0568 2284        mrxsmb - ok
19:50:27.0568 2284        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:50:27.0584 2284        mrxsmb10 - ok
19:50:27.0584 2284        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:50:27.0600 2284        mrxsmb20 - ok
19:50:27.0600 2284        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:50:27.0600 2284        msahci - ok
19:50:27.0615 2284        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:50:27.0615 2284        msdsm - ok
19:50:27.0631 2284        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:50:27.0631 2284        MSDTC - ok
19:50:27.0646 2284        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:50:27.0662 2284        Msfs - ok
19:50:27.0662 2284        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:50:27.0693 2284        mshidkmdf - ok
19:50:27.0693 2284        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:50:27.0693 2284        msisadrv - ok
19:50:27.0709 2284        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:50:27.0724 2284        MSiSCSI - ok
19:50:27.0740 2284        msiserver - ok
19:50:27.0740 2284        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:50:27.0756 2284        MSKSSRV - ok
19:50:27.0771 2284        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:50:27.0787 2284        MSPCLOCK - ok
19:50:27.0787 2284        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:50:27.0818 2284        MSPQM - ok
19:50:27.0818 2284        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:50:27.0834 2284        MsRPC - ok
19:50:27.0834 2284        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:50:27.0849 2284        mssmbios - ok
19:50:27.0849 2284        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:50:27.0865 2284        MSTEE - ok
19:50:27.0880 2284        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:50:27.0880 2284        MTConfig - ok
19:50:27.0896 2284        MTSBDA          (9ac4c80d317cf554989944921780d171) C:\Windows\system32\Drivers\MtsBda.sys
19:50:27.0896 2284        MTSBDA - ok
19:50:27.0896 2284        MtsHID          (07ad6825d5c658595cab7f8f5849401c) C:\Windows\system32\drivers\MtsHID.sys
19:50:27.0912 2284        MtsHID - ok
19:50:27.0912 2284        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:50:27.0927 2284        Mup - ok
19:50:27.0927 2284        mv91xx          (5582a3fe5761afe730b277a56eb65268) C:\Windows\system32\DRIVERS\mv91xx.sys
19:50:27.0943 2284        mv91xx - ok
19:50:27.0943 2284        mvs91xx        (a28a4b6387911a2077538f1cc7bc6def) C:\Windows\system32\DRIVERS\mvs91xx.sys
19:50:27.0958 2284        mvs91xx - ok
19:50:27.0958 2284        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:50:27.0990 2284        napagent - ok
19:50:27.0990 2284        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:50:28.0005 2284        NativeWifiP - ok
19:50:28.0021 2284        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:50:28.0036 2284        NDIS - ok
19:50:28.0036 2284        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:50:28.0068 2284        NdisCap - ok
19:50:28.0068 2284        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:50:28.0099 2284        NdisTapi - ok
19:50:28.0099 2284        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:50:28.0114 2284        Ndisuio - ok
19:50:28.0130 2284        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:50:28.0146 2284        NdisWan - ok
19:50:28.0161 2284        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:50:28.0177 2284        NDProxy - ok
19:50:28.0177 2284        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:50:28.0208 2284        NetBIOS - ok
19:50:28.0208 2284        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:50:28.0239 2284        NetBT - ok
19:50:28.0239 2284        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:50:28.0255 2284        Netlogon - ok
19:50:28.0255 2284        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:50:28.0286 2284        Netman - ok
19:50:28.0286 2284        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:28.0302 2284        NetMsmqActivator - ok
19:50:28.0302 2284        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:28.0317 2284        NetPipeActivator - ok
19:50:28.0317 2284        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:50:28.0348 2284        netprofm - ok
19:50:28.0348 2284        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:28.0364 2284        NetTcpActivator - ok
19:50:28.0364 2284        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:28.0364 2284        NetTcpPortSharing - ok
19:50:28.0364 2284        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:50:28.0380 2284        nfrd960 - ok
19:50:28.0380 2284        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:50:28.0411 2284        NlaSvc - ok
19:50:28.0411 2284        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:50:28.0442 2284        Npfs - ok
19:50:28.0442 2284        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:50:28.0473 2284        nsi - ok
19:50:28.0473 2284        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:50:28.0489 2284        nsiproxy - ok
19:50:28.0520 2284        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:50:28.0536 2284        Ntfs - ok
19:50:28.0551 2284        ntk_PowerDVD    (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
19:50:28.0551 2284        ntk_PowerDVD - ok
19:50:28.0567 2284        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:50:28.0582 2284        Null - ok
19:50:28.0598 2284        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:50:28.0598 2284        nvraid - ok
19:50:28.0614 2284        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:50:28.0614 2284        nvstor - ok
19:50:28.0629 2284        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:50:28.0629 2284        nv_agp - ok
19:50:28.0629 2284        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:50:28.0645 2284        ohci1394 - ok
19:50:28.0645 2284        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:50:28.0660 2284        ose - ok
19:50:28.0707 2284        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:50:28.0770 2284        osppsvc - ok
19:50:28.0785 2284        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:50:28.0785 2284        p2pimsvc - ok
19:50:28.0801 2284        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:50:28.0816 2284        p2psvc - ok
19:50:28.0816 2284        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:50:28.0832 2284        Parport - ok
19:50:28.0832 2284        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:50:28.0832 2284        partmgr - ok
19:50:28.0848 2284        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:50:28.0848 2284        PcaSvc - ok
19:50:28.0863 2284        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:50:28.0863 2284        pci - ok
19:50:28.0879 2284        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:50:28.0879 2284        pciide - ok
19:50:28.0879 2284        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:50:28.0894 2284        pcmcia - ok
19:50:28.0894 2284        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:50:28.0910 2284        pcw - ok
19:50:28.0910 2284        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:50:28.0941 2284        PEAUTH - ok
19:50:28.0957 2284        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:50:28.0957 2284        PerfHost - ok
19:50:28.0988 2284        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:50:29.0019 2284        pla - ok
19:50:29.0019 2284        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:50:29.0035 2284        PlugPlay - ok
19:50:29.0035 2284        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:50:29.0050 2284        PNRPAutoReg - ok
19:50:29.0050 2284        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:50:29.0066 2284        PNRPsvc - ok
19:50:29.0066 2284        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:50:29.0097 2284        PolicyAgent - ok
19:50:29.0113 2284        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:50:29.0128 2284        Power - ok
19:50:29.0144 2284        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:50:29.0160 2284        PptpMiniport - ok
19:50:29.0160 2284        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:50:29.0175 2284        Processor - ok
19:50:29.0175 2284        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:50:29.0206 2284        ProfSvc - ok
19:50:29.0206 2284        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:50:29.0222 2284        ProtectedStorage - ok
19:50:29.0222 2284        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:50:29.0253 2284        Psched - ok
19:50:29.0253 2284        pwdrvio        (595a22c4cce855e72d475835f3df2d53) C:\Windows\system32\pwdrvio.sys
19:50:29.0253 2284        pwdrvio - ok
19:50:29.0269 2284        pwdspio        (70eb529f6fedac79d0a8e3bb79999277) C:\Windows\system32\pwdspio.sys
19:50:29.0269 2284        pwdspio - ok
19:50:29.0284 2284        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:50:29.0316 2284        ql2300 - ok
19:50:29.0316 2284        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:50:29.0331 2284        ql40xx - ok
19:50:29.0331 2284        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:50:29.0347 2284        QWAVE - ok
19:50:29.0362 2284        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:50:29.0362 2284        QWAVEdrv - ok
19:50:29.0362 2284        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:50:29.0394 2284        RasAcd - ok
19:50:29.0394 2284        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:50:29.0425 2284        RasAgileVpn - ok
19:50:29.0425 2284        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:50:29.0456 2284        RasAuto - ok
19:50:29.0456 2284        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:50:29.0472 2284        Rasl2tp - ok
19:50:29.0487 2284        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:50:29.0518 2284        RasMan - ok
19:50:29.0518 2284        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:50:29.0550 2284        RasPppoe - ok
19:50:29.0550 2284        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:50:29.0565 2284        RasSstp - ok
19:50:29.0581 2284        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:50:29.0596 2284        rdbss - ok
19:50:29.0612 2284        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:50:29.0612 2284        rdpbus - ok
19:50:29.0612 2284        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:50:29.0643 2284        RDPCDD - ok
19:50:29.0643 2284        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:50:29.0674 2284        RDPENCDD - ok
19:50:29.0674 2284        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:50:29.0690 2284        RDPREFMP - ok
19:50:29.0706 2284        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:50:29.0706 2284        RDPWD - ok
19:50:29.0721 2284        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:50:29.0721 2284        rdyboost - ok
19:50:29.0737 2284        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:50:29.0752 2284        RemoteAccess - ok
19:50:29.0768 2284        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:50:29.0784 2284        RemoteRegistry - ok
19:50:29.0799 2284        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:50:29.0815 2284        RpcEptMapper - ok
19:50:29.0830 2284        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:50:29.0830 2284        RpcLocator - ok
19:50:29.0846 2284        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:50:29.0862 2284        RpcSs - ok
19:50:29.0877 2284        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:50:29.0893 2284        rspndr - ok
19:50:29.0908 2284        RTHDMIAzAudService (2e7d1ca91d62501713c9d6e6704395c6) C:\Windows\system32\drivers\RtHDMIVX.sys
19:50:29.0908 2284        RTHDMIAzAudService - ok
19:50:29.0924 2284        RTL8167        (0039de6a0a1293889a3f21ecc473263d) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:50:29.0940 2284        RTL8167 - ok
19:50:29.0940 2284        RtNdPt60        (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
19:50:29.0940 2284        RtNdPt60 - ok
19:50:29.0940 2284        RTTEAMPT        (3183388da27655085960a22b4b29caa9) C:\Windows\system32\DRIVERS\RtTeam60.sys
19:50:29.0955 2284        RTTEAMPT ( UnsignedFile.Multi.Generic ) - warning
19:50:29.0955 2284        RTTEAMPT - detected UnsignedFile.Multi.Generic (1)
19:50:29.0955 2284        RTVLANPT        (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
19:50:29.0955 2284        RTVLANPT - ok
19:50:29.0955 2284        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:50:29.0971 2284        SamSs - ok
19:50:29.0971 2284        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:50:29.0986 2284        sbp2port - ok
19:50:29.0986 2284        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:50:30.0018 2284        SCardSvr - ok
19:50:30.0018 2284        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:50:30.0049 2284        scfilter - ok
19:50:30.0049 2284        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:50:30.0080 2284        Schedule - ok
19:50:30.0096 2284        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:50:30.0111 2284        SCPolicySvc - ok
19:50:30.0127 2284        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:50:30.0127 2284        SDRSVC - ok
19:50:30.0142 2284        SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:50:30.0158 2284        SDScannerService - ok
19:50:30.0174 2284        SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:50:30.0189 2284        SDUpdateService - ok
19:50:30.0189 2284        SDWSCService    (59dce6783f9ed27eb72c81466e363bf8) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:50:30.0205 2284        SDWSCService - ok
19:50:30.0205 2284        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:50:30.0236 2284        secdrv - ok
19:50:30.0236 2284        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:50:30.0267 2284        seclogon - ok
19:50:30.0267 2284        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:50:30.0298 2284        SENS - ok
19:50:30.0298 2284        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:50:30.0298 2284        SensrSvc - ok
19:50:30.0298 2284        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:50:30.0314 2284        Serenum - ok
19:50:30.0314 2284        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:50:30.0330 2284        Serial - ok
19:50:30.0330 2284        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:50:30.0330 2284        sermouse - ok
19:50:30.0345 2284        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:50:30.0376 2284        SessionEnv - ok
19:50:30.0376 2284        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:50:30.0376 2284        sffdisk - ok
19:50:30.0392 2284        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:50:30.0392 2284        sffp_mmc - ok
19:50:30.0392 2284        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:50:30.0408 2284        sffp_sd - ok
19:50:30.0408 2284        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:50:30.0423 2284        sfloppy - ok
19:50:30.0423 2284        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:50:30.0454 2284        SharedAccess - ok
19:50:30.0454 2284        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:50:30.0486 2284        ShellHWDetection - ok
19:50:30.0486 2284        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:50:30.0501 2284        SiSRaid2 - ok
19:50:30.0501 2284        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:50:30.0517 2284        SiSRaid4 - ok
19:50:30.0517 2284        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:50:30.0532 2284        Smb - ok
19:50:30.0548 2284        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:50:30.0548 2284        SNMPTRAP - ok
19:50:30.0564 2284        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:50:30.0564 2284        spldr - ok
19:50:30.0579 2284        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:50:30.0595 2284        Spooler - ok
19:50:30.0642 2284        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:50:30.0688 2284        sppsvc - ok
19:50:30.0704 2284        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:50:30.0720 2284        sppuinotify - ok
19:50:30.0735 2284        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:50:30.0782 2284        srv - ok
19:50:30.0860 2284        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:50:30.0922 2284        srv2 - ok
19:50:30.0922 2284        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:50:30.0938 2284        srvnet - ok
19:50:30.0954 2284        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:50:30.0969 2284        SSDPSRV - ok
19:50:30.0985 2284        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:50:31.0000 2284        SstpSvc - ok
19:50:31.0000 2284        Steam Client Service - ok
19:50:31.0016 2284        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:50:31.0016 2284        stexstor - ok
19:50:31.0032 2284        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:50:31.0047 2284        stisvc - ok
19:50:31.0047 2284        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:50:31.0047 2284        swenum - ok
19:50:31.0063 2284        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:50:31.0094 2284        swprv - ok
19:50:31.0110 2284        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:50:31.0141 2284        SysMain - ok
19:50:31.0141 2284        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:50:31.0156 2284        TabletInputService - ok
19:50:31.0172 2284        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:50:31.0188 2284        TapiSrv - ok
19:50:31.0203 2284        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:50:31.0219 2284        TBS - ok
19:50:31.0250 2284        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:50:31.0266 2284        Tcpip - ok
19:50:31.0297 2284        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:50:31.0312 2284        TCPIP6 - ok
19:50:31.0328 2284        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:50:31.0359 2284        tcpipreg - ok
19:50:31.0359 2284        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:50:31.0359 2284        TDPIPE - ok
19:50:31.0359 2284        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:50:31.0375 2284        TDTCP - ok
19:50:31.0375 2284        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:50:31.0406 2284        tdx - ok
19:50:31.0406 2284        TEAM            (3183388da27655085960a22b4b29caa9) C:\Windows\system32\DRIVERS\RtTeam60.sys
19:50:31.0406 2284        TEAM ( UnsignedFile.Multi.Generic ) - warning
19:50:31.0406 2284        TEAM - detected UnsignedFile.Multi.Generic (1)
19:50:31.0406 2284        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:50:31.0422 2284        TermDD - ok
19:50:31.0437 2284        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:50:31.0453 2284        TermService - ok
19:50:31.0468 2284        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:50:31.0468 2284        Themes - ok
19:50:31.0484 2284        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:50:31.0500 2284        THREADORDER - ok
19:50:31.0500 2284        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:50:31.0531 2284        TrkWks - ok
19:50:31.0531 2284        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:50:31.0562 2284        TrustedInstaller - ok
19:50:31.0562 2284        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:50:31.0593 2284        tssecsrv - ok
19:50:31.0593 2284        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:50:31.0609 2284        TsUsbFlt - ok
19:50:31.0609 2284        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:50:31.0624 2284        tunnel - ok
19:50:31.0640 2284        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:50:31.0640 2284        uagp35 - ok
19:50:31.0656 2284        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:50:31.0671 2284        udfs - ok
19:50:31.0687 2284        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:50:31.0687 2284        UI0Detect - ok
19:50:31.0702 2284        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:50:31.0702 2284        uliagpkx - ok
19:50:31.0702 2284        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:50:31.0718 2284        umbus - ok
19:50:31.0718 2284        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:50:31.0718 2284        UmPass - ok
19:50:31.0734 2284        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:50:31.0765 2284        upnphost - ok
19:50:31.0765 2284        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
19:50:31.0780 2284        usbccgp - ok
19:50:31.0780 2284        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:50:31.0780 2284        usbcir - ok
19:50:31.0796 2284        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:50:31.0796 2284        usbehci - ok
19:50:31.0796 2284        usbfilter      (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
19:50:31.0812 2284        usbfilter - ok
19:50:31.0812 2284        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:50:31.0827 2284        usbhub - ok
19:50:31.0827 2284        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:50:31.0827 2284        usbohci - ok
19:50:31.0843 2284        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:50:31.0843 2284        usbprint - ok
19:50:31.0843 2284        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:50:31.0858 2284        USBSTOR - ok
19:50:31.0858 2284        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:50:31.0874 2284        usbuhci - ok
19:50:31.0874 2284        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:50:31.0905 2284        UxSms - ok
19:50:31.0905 2284        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:50:31.0905 2284        VaultSvc - ok
19:50:31.0905 2284        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:50:31.0921 2284        vdrvroot - ok
19:50:31.0921 2284        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:50:31.0952 2284        vds - ok
19:50:31.0952 2284        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:50:31.0968 2284        vga - ok
19:50:31.0968 2284        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:50:31.0999 2284        VgaSave - ok
19:50:31.0999 2284        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:50:32.0014 2284        vhdmp - ok
19:50:32.0014 2284        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:50:32.0014 2284        viaide - ok
19:50:32.0030 2284        VLAN            (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVLAN60.sys
19:50:32.0030 2284        VLAN - ok
19:50:32.0030 2284        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:50:32.0046 2284        volmgr - ok
19:50:32.0046 2284        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:50:32.0061 2284        volmgrx - ok
19:50:32.0061 2284        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:50:32.0077 2284        volsnap - ok
19:50:32.0077 2284        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:50:32.0092 2284        vsmraid - ok
19:50:32.0108 2284        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:50:32.0139 2284        VSS - ok
19:50:32.0155 2284        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:50:32.0170 2284        vwifibus - ok
19:50:32.0170 2284        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:50:32.0202 2284        W32Time - ok
19:50:32.0202 2284        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:50:32.0217 2284        WacomPen - ok
19:50:32.0217 2284        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:50:32.0248 2284        WANARP - ok
19:50:32.0248 2284        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:50:32.0264 2284        Wanarpv6 - ok
19:50:32.0280 2284        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:50:32.0311 2284        wbengine - ok
19:50:32.0311 2284        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:50:32.0326 2284        WbioSrvc - ok
19:50:32.0342 2284        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:50:32.0358 2284        wcncsvc - ok
19:50:32.0358 2284        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:50:32.0358 2284        WcsPlugInService - ok
19:50:32.0373 2284        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:50:32.0373 2284        Wd - ok
19:50:32.0373 2284        WDC_SAM        (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
19:50:32.0389 2284        WDC_SAM - ok
19:50:32.0389 2284        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:50:32.0404 2284        Wdf01000 - ok
19:50:32.0404 2284        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:50:32.0436 2284        WdiServiceHost - ok
19:50:32.0436 2284        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:50:32.0451 2284        WdiSystemHost - ok
19:50:32.0451 2284        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:50:32.0467 2284        WebClient - ok
19:50:32.0467 2284        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:50:32.0498 2284        Wecsvc - ok
19:50:32.0498 2284        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:50:32.0529 2284        wercplsupport - ok
19:50:32.0529 2284        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:50:32.0560 2284        WerSvc - ok
19:50:32.0560 2284        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:50:32.0592 2284        WfpLwf - ok
19:50:32.0592 2284        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:50:32.0592 2284        WIMMount - ok
19:50:32.0592 2284        WinDefend - ok
19:50:32.0607 2284        WinHttpAutoProxySvc - ok
19:50:32.0607 2284        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:50:32.0638 2284        Winmgmt - ok
19:50:32.0654 2284        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:50:32.0701 2284        WinRM - ok
19:50:32.0716 2284        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:50:32.0732 2284        WinUsb - ok
19:50:32.0732 2284        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:50:32.0763 2284        Wlansvc - ok
19:50:32.0763 2284        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:50:32.0763 2284        WmiAcpi - ok
19:50:32.0779 2284        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:50:32.0779 2284        wmiApSrv - ok
19:50:32.0794 2284        WMPNetworkSvc - ok
19:50:32.0794 2284        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:50:32.0794 2284        WPCSvc - ok
19:50:32.0810 2284        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:50:32.0810 2284        WPDBusEnum - ok
19:50:32.0810 2284        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:50:32.0841 2284        ws2ifsl - ok
19:50:32.0841 2284        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:50:32.0857 2284        wscsvc - ok
19:50:32.0857 2284        WSearch - ok
19:50:32.0888 2284        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:50:32.0935 2284        wuauserv - ok
19:50:32.0935 2284        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:50:32.0966 2284        WudfPf - ok
19:50:32.0966 2284        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:50:32.0997 2284        WUDFRd - ok
19:50:32.0997 2284        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:50:33.0028 2284        wudfsvc - ok
19:50:33.0028 2284        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:50:33.0044 2284        WwanSvc - ok
19:50:33.0060 2284        {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
19:50:33.0060 2284        {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
19:50:33.0060 2284        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:50:33.0091 2284        \Device\Harddisk0\DR0 - ok
19:50:33.0091 2284        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
19:50:33.0153 2284        \Device\Harddisk2\DR2 - ok
19:50:33.0153 2284        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
19:50:33.0247 2284        \Device\Harddisk1\DR1 - ok
19:50:33.0543 2284        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
19:50:33.0730 2284        \Device\Harddisk3\DR3 - ok
19:50:33.0730 2284        Boot (0x1200)  (08926c920a43b85d1227bb6736f115e3) \Device\Harddisk0\DR0\Partition0
19:50:33.0730 2284        \Device\Harddisk0\DR0\Partition0 - ok
19:50:33.0730 2284        Boot (0x1200)  (78f0b33275f8f7521d2cc6c32f606afb) \Device\Harddisk0\DR0\Partition1
19:50:33.0730 2284        \Device\Harddisk0\DR0\Partition1 - ok
19:50:33.0730 2284        Boot (0x1200)  (19b4a285136c008a48e5ef98af041e75) \Device\Harddisk2\DR2\Partition0
19:50:33.0746 2284        \Device\Harddisk2\DR2\Partition0 - ok
19:50:33.0746 2284        Boot (0x1200)  (202f6902981f62af569d3e9539be1436) \Device\Harddisk2\DR2\Partition1
19:50:33.0746 2284        \Device\Harddisk2\DR2\Partition1 - ok
19:50:33.0746 2284        Boot (0x1200)  (a11d8e681185746adc7ad85ab0726828) \Device\Harddisk1\DR1\Partition0
19:50:33.0746 2284        \Device\Harddisk1\DR1\Partition0 - ok
19:50:33.0777 2284        Boot (0x1200)  (01fdae8d702812e6a22760a6da0d7564) \Device\Harddisk3\DR3\Partition0
19:50:33.0777 2284        \Device\Harddisk3\DR3\Partition0 - ok
19:50:33.0777 2284        ============================================================
19:50:33.0777 2284        Scan finished
19:50:33.0777 2284        ============================================================
19:50:33.0793 3404        Detected object count: 3
19:50:33.0793 3404        Actual detected object count: 3
19:51:11.0701 3404        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:11.0701 3404        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:11.0701 3404        RTTEAMPT ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:11.0701 3404        RTTEAMPT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:11.0701 3404        TEAM ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:11.0701 3404        TEAM ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:15 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19