Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Nach Live Security Platinum nun pup.downloadnsave (https://www.trojaner-board.de/120243-live-security-platinum-pup-downloadnsave.html)

Florentine 24.07.2012 03:16
Nach Live Security Platinum nun pup.downloadnsave
 
Liebes Board,
habe durch ein gekauftes Internetspiel oder durch den Acrobat Reader den Live Security Platinum Rogue bekommen. Der ist nun dank Malwarebytes weg. Übrig bleiben 14 infizierte Objekte mit dem schauerlichen Namen pup.downloadnsave, bei denen malwarebytes machtlos ist und die auch nicht in Quarantäne sind. :pfui:
Hier sind die Log files, was ist der nächste Schritt?

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.11

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Florentine :: FLORENTINE-PC [Administrator]

23.07.2012 18:17:23
mbam-log-2012-07-23 (18-17-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336627
Laufzeit: 49 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\DownloadnSave (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

Infizierte Dateien: 6
C:\ProgramData\DownloadnSave\bhoclass.dll (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\content.js (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\background.html (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\ibaokjjhapofbkidpmegkdgnlefekngo.crx (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\settings.ini (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
C:\ProgramData\DownloadnSave\uninstall.exe (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

(Ende)
Vielen, vielen Dank für die Hilfe.
Florentine

Larusso 25.07.2012 13:18
:hallo:


Lass MBAM erneut laufen, und die Funde auch entfernen :rolleyes:

Danach,
Bitte folge den Anweisungen hier und poste die geforderten Logfiles.
http://www.trojaner-board.de/69886-a...-beachten.html

Florentine 25.07.2012 16:25
Ah ja das mit dem Löschen war ein sinnvoller Hinweis, deshalb hat mir auch vorher keiner geantwortet:crazy:
So das sind die Log files
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.04

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Florentine :: FLORENTINE-PC [Administrator]

25.07.2012 07:21:25
mbam-log-2012-07-25 (07-21-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339165
Laufzeit: 50 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{763D6273-F95B-4DE2-AE20-E2FD8B479638} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\DownloadnSave (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\ProgramData\DownloadnSave\bhoclass.dll (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\content.js (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\background.html (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\ibaokjjhapofbkidpmegkdgnlefekngo.crx (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\settings.ini (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DownloadnSave\uninstall.exe (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Was kommt nun :glaskugel:
oder bin ich schon befreit?

Danke!!

Larusso 25.07.2012 18:34
Lies bitte meine letzte Antwort nochmal

Florentine 26.07.2012 07:25
Ok jetzt hab ichs. Tut mir leid.

Code:
OTL logfile created on: 7/25/2012 10:44:51 PM - Run 4
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Florentine\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.67% Memory free
5.93 Gb Paging File | 5.33 Gb Available in Paging File | 89.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 202.80 Gb Total Space | 100.61 Gb Free Space | 49.61% Space Free | Partition Type: NTFS
Drive D: | 247.87 Gb Total Space | 247.77 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
 
Computer Name: FLORENTINE-PC | User Name: Florentine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/23 19:27:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Florentine\Desktop\OTL.exe
PRC - [2011/05/09 02:40:08 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/03/16 16:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009/12/12 07:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/17 08:58:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/10 20:46:11 | 004,419,392 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/06/07 17:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/22 09:25:58 | 000,163,536 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\F-Secure\fshoster32.exe -- (fshoster)
SRV - [2012/03/15 15:55:34 | 000,062,160 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2012/03/15 09:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2012/03/15 09:00:38 | 000,610,472 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/06/12 03:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/09/25 03:52:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\FLOREN~1\AppData\Local\Temp\kxriraog.sys -- (kxriraog)
DRV - [2012/06/25 20:02:20 | 000,144,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/06/25 20:01:24 | 000,072,976 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012/06/17 23:54:53 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/03/15 09:00:38 | 000,073,640 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2012/03/15 09:00:38 | 000,038,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2012/03/15 09:00:28 | 000,014,504 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2011/12/12 19:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/09 02:41:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/12/07 10:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/12/07 10:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 06:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/01 01:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2007/05/18 08:04:16 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bfturboh.sys -- (bfturboh)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com/newtab.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C9475052-A237-412C-8FA1-F5C2F7CB36D2}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://nytimes.com/"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "192.168.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "192.168.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.168.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "192.168.0.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.0.1"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Florentine\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Florentine\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Florentine\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/01/09 07:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 08:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/23 05:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/02/08 02:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 08:58:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/23 05:56:56 | 000,000,000 | ---D | M]
 
[2009/12/01 04:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florentine\AppData\Roaming\mozilla\Extensions
[2012/07/08 09:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florentine\AppData\Roaming\mozilla\Firefox\Profiles\lqtw2ek1.default\extensions
[2012/04/29 21:43:51 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\Florentine\AppData\Roaming\mozilla\Firefox\Profiles\lqtw2ek1.default\extensions\4f9d8d3028225@4f9d8d3028225.info
[2012/03/06 04:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/07/17 08:58:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/06 04:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 14:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/15 19:49:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/15 19:49:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 19:49:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/15 19:49:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/15 19:49:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/15 19:49:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Florentine\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Florentine\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Florentine\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Florentine\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Florentine\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Florentine\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (ViewSource Class) - {CDF4B833-67D5-4e14-8F01-EEFD3FD10152} - C:\Program Files\BAUM Retec\WebFormator\WebForm.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Program Files\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Florentine\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Florentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florentine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Florentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Florentine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FE3ED8C-26DD-44B9-882C-AE56BF3DACA5}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAD592CF-FDBA-46FB-B745-1905041129CC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{71554e57-5d58-11e0-bc03-0024543a47a3}\Shell - "" = AutoRun
O33 - MountPoints2\{71554e57-5d58-11e0-bc03-0024543a47a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{71554e67-5d58-11e0-bc03-0024543a47a3}\Shell - "" = AutoRun
O33 - MountPoints2\{71554e67-5d58-11e0-bc03-0024543a47a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a386aecf-5e31-11e0-b7a3-0024543a47a3}\Shell - "" = AutoRun
O33 - MountPoints2\{a386aecf-5e31-11e0-b7a3-0024543a47a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/25 07:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/25 07:20:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/07/25 07:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/23 19:27:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Florentine\Desktop\OTL.exe
[2012/07/23 14:54:16 | 000,000,000 | ---D | C] -- C:\Users\Florentine\AppData\Roaming\Malwarebytes
[2012/07/23 14:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/22 09:00:14 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/07/22 08:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF85D2E13686B0CF7996F875F020
[2012/07/07 23:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/07/07 23:55:01 | 000,000,000 | ---D | C] -- C:\Users\Florentine\AppData\Roaming\pdfforge
[2012/07/07 23:54:57 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll
[2012/07/07 23:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/07/07 09:29:20 | 000,000,000 | ---D | C] -- C:\Users\Florentine\AppData\Local\Macromedia
[2012/07/02 08:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/07/02 08:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/09/15 10:35:07 | 016,215,808 | ---- | C] (Dropbox, Inc.) -- C:\Users\Florentine\Dropbox 1.1.45.exe
[2009/12/20 12:59:22 | 007,919,008 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.5.exe
[31 C:\Users\Florentine\Desktop\*.tmp files -> C:\Users\Florentine\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/25 22:18:31 | 000,302,592 | ---- | M] () -- C:\Users\Florentine\Desktop\jfiu802g.exe
[2012/07/25 21:51:10 | 000,000,000 | ---- | M] () -- C:\Users\Florentine\defogger_reenable
[2012/07/25 21:50:06 | 000,050,477 | ---- | M] () -- C:\Users\Florentine\Desktop\Defogger.exe
[2012/07/25 21:35:33 | 000,657,196 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/07/25 21:35:33 | 000,619,078 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/07/25 21:35:33 | 000,131,548 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/07/25 21:35:33 | 000,107,938 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/07/25 21:26:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/25 21:26:25 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 08:17:00 | 000,000,614 | ---- | M] () -- C:\windows\tasks\Scheduled scanning task.job
[2012/07/25 07:20:48 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 19:27:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Florentine\Desktop\OTL.exe
[2012/07/22 09:21:00 | 000,001,140 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
[2012/07/22 08:31:10 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 08:31:10 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 11:20:00 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
[2012/07/18 07:52:36 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\F-Secure Launch pad.lnk
[2012/07/11 20:53:58 | 003,788,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/07/05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[31 C:\Users\Florentine\Desktop\*.tmp files -> C:\Users\Florentine\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/25 22:18:31 | 000,302,592 | ---- | C] () -- C:\Users\Florentine\Desktop\jfiu802g.exe
[2012/07/25 21:51:10 | 000,000,000 | ---- | C] () -- C:\Users\Florentine\defogger_reenable
[2012/07/25 21:50:06 | 000,050,477 | ---- | C] () -- C:\Users\Florentine\Desktop\Defogger.exe
[2012/07/25 07:20:48 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 07:52:36 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\F-Secure Launch pad.lnk
[2012/05/22 23:35:56 | 000,044,184 | ---- | C] () -- C:\windows\System32\drivers\fsbts.sys
[2012/05/22 23:35:10 | 000,019,454 | ---- | C] () -- C:\windows\prodsett_copy.ini
[2011/11/02 14:09:08 | 000,017,408 | ---- | C] () -- C:\Users\Florentine\AppData\Local\WebpageIcons.db
[2011/11/02 03:03:51 | 000,059,392 | R--- | C] () -- C:\windows\System32\streamhlp.dll
[2011/05/25 02:54:24 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010/12/14 12:53:04 | 000,003,584 | ---- | C] () -- C:\Users\Florentine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/25 16:13:33 | 000,236,155 | ---- | C] () -- C:\Users\Florentine\Big Be 2010-07-26 01-13-33.zip
[2010/07/25 15:46:51 | 000,235,094 | ---- | C] () -- C:\Users\Florentine\Big Be 2010-07-26 00-46-51.zip
[2010/07/08 00:27:13 | 000,235,382 | ---- | C] () -- C:\Users\Florentine\Big Be 2010-07-08 09-27-14.zip
[2010/06/03 13:14:27 | 000,226,042 | ---- | C] () -- C:\Users\Florentine\GrosseReformen 2010-05-07 17-33-52.zip
[2010/06/03 13:14:27 | 000,224,353 | ---- | C] () -- C:\Users\Florentine\GrosseReformen 2010-04-29 14-47-37.zip
[2010/06/03 13:14:27 | 000,216,030 | ---- | C] () -- C:\Users\Florentine\GrosseReformen 2010-04-26 22-27-57.zip
[2010/04/09 04:46:03 | 000,000,017 | ---- | C] () -- C:\Users\Florentine\AppData\Local\resmon.resmoncfg
[2009/12/18 12:21:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/30 14:12:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/02/27 07:00:48 | 000,000,000 | -HSD | M] -- C:\Users\Florentine\AppData\Roaming\.#
[2010/04/25 02:31:45 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Academic Software Zurich
[2012/04/29 21:05:21 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Anuman
[2012/03/09 08:00:01 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Audacity
[2011/03/20 12:13:47 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Canon
[2012/01/29 09:31:20 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\casanova
[2011/01/03 11:35:06 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\CasualForge
[2011/05/05 12:26:37 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/02 14:30:52 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Cysi
[2012/07/22 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Dropbox
[2011/12/07 03:17:16 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\DVDVideoSoft
[2011/07/12 10:56:58 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/02 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Ekpa
[2012/01/03 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\f-secure
[2010/01/22 13:03:22 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Go Go Gourmet
[2010/02/27 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Meridian93
[2011/05/14 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Octoshape
[2012/03/22 09:52:09 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\OpenCandy
[2010/10/12 09:37:59 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\OpenOffice.org
[2012/07/21 20:21:30 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\pdfforge
[2012/01/28 10:35:03 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\ScreenSeven
[2012/04/19 09:54:41 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Swiss Academic Software
[2011/11/01 16:01:44 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\thecleaner
[2012/02/08 02:48:30 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\Thunderbird
[2011/11/02 13:55:15 | 000,000,000 | ---D | M] -- C:\Users\Florentine\AppData\Roaming\TrojanHunter
[2012/06/02 10:06:10 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/07/25 08:17:00 | 000,000,614 | ---- | M] () -- C:\windows\Tasks\Scheduled scanning task.job
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\$NtUninstallKB12571$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >
OTL hat bei diesem Scan kein Extras.txt erstellt. Ich zippe die Log-Datei die der Scan am Montag gebracht hat. Wenn der dir nichts nützt würd ich mich freuen wenn du mir erklärst wie ich einen Neuen kriege.
Das Problem ist außerdem, dass der Virus mein F-Secure Antivirusprogramm befallen hat. Das Programm reagiert weder im abgesichterten noch im normalen Modus.
Sorry für die späte Antwort, bin 9 h hinter euch.

Larusso 26.07.2012 12:45
:hallo:

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Florentine 26.07.2012 16:28
Lieber Daniel,
danke für deine Unterstützung.
Während des Scans kam eine Meldung "pev.3XE funktioniert nicht mehr", habe es mir einfach mal notiert. Musste das dann mit ok bestätigen.

Code:
ComboFix 12-07-27.02 - Florentine 26.07.2012  8:05.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3037.2670 [GMT -7:00]
ausgeführt von:: c:\users\Florentine\Desktop\ComboFix.exe
AV: Anti-Virus *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Anti-Virus *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\DownloadnSave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\Uninstall.lnk
c:\users\Florentine\AppData\Roaming\.#
c:\windows\$NtUninstallKB12571$
c:\windows\$NtUninstallKB12571$\3287260331
c:\windows\$NtUninstallKB12571$\798367373\@
c:\windows\$NtUninstallKB12571$\798367373\Desktop.ini
c:\windows\$NtUninstallKB12571$\798367373\L\00000004.@
c:\windows\$NtUninstallKB12571$\798367373\L\201d3dde
c:\windows\$NtUninstallKB12571$\798367373\L\xadqgnnk
c:\windows\$NtUninstallKB12571$\798367373\U\00000004.@
c:\windows\$NtUninstallKB12571$\798367373\U\00000008.@
c:\windows\$NtUninstallKB12571$\798367373\U\000000cb.@
c:\windows\$NtUninstallKB12571$\798367373\U\80000000.@
c:\windows\$NtUninstallKB12571$\798367373\U\80000032.@
.
Infizierte Kopie von c:\windows\system32\drivers\dfsc.sys wurde gefunden und desinfiziert
Kopie von - The cat found it :) wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 15:14 . 2012-07-26 15:14        --------        dc----w-        c:\users\Florentine\AppData\Local\temp
2012-07-26 06:13 . 2012-07-26 06:13        --------        dc----w-        c:\program files\7-Zip
2012-07-25 14:20 . 2012-07-25 14:20        --------        dc----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-25 14:20 . 2012-07-03 20:46        22344        -c--a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-23 21:54 . 2012-07-23 21:54        --------        dc----w-        c:\users\Florentine\AppData\Roaming\Malwarebytes
2012-07-23 21:53 . 2012-07-23 21:53        --------        dc----w-        c:\programdata\Malwarebytes
2012-07-22 16:00 . 2012-07-22 16:00        --------        dcsh--w-        c:\windows\system32\%APPDATA%
2012-07-22 15:54 . 2012-07-22 15:56        --------        dc----w-        c:\programdata\036DFF85D2E13686B0CF7996F875F020
2012-07-11 07:44 . 2012-07-11 07:44        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-07-08 06:55 . 2012-07-22 03:21        --------        dc----w-        c:\users\Florentine\AppData\Roaming\pdfforge
2012-07-08 06:54 . 1998-06-24 08:00        137000        -c--a-w-        c:\windows\system32\MSMAPI32.OCX
2012-07-08 06:54 . 2012-07-05 20:02        81920        -c--a-w-        c:\windows\system32\pdfcmon.dll
2012-07-08 06:54 . 2004-03-09 08:00        662288        -c--a-w-        c:\windows\system32\MSCOMCT2.OCX
2012-07-08 06:54 . 2012-07-08 06:55        --------        dc----w-        c:\program files\PDFCreator
2012-07-08 06:54 . 1998-07-07 01:56        125712        -c--a-w-        c:\windows\system32\VB6DE.DLL
2012-07-08 06:54 . 1998-07-07 01:55        158208        -c--a-w-        c:\windows\system32\MSCMCDE.DLL
2012-07-08 06:54 . 1998-07-07 01:55        64512        -c--a-w-        c:\windows\system32\MSCC2DE.DLL
2012-07-08 06:54 . 1998-07-06 08:00        23552        -c--a-w-        c:\windows\system32\MSMPIDE.DLL
2012-07-07 16:29 . 2012-07-07 16:29        --------        dc----w-        c:\users\Florentine\AppData\Local\Macromedia
2012-07-02 15:26 . 2012-07-08 06:55        --------        dc----w-        c:\program files\Application Updater
2012-07-02 15:26 . 2012-07-08 06:55        --------        dc----w-        c:\program files\Common Files\Spigot
2012-06-27 15:22 . 2012-06-27 15:23        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-27 15:22 . 2012-06-27 15:23        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-27 15:22 . 2012-06-27 15:23        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-27 15:22 . 2012-06-27 15:23        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-27 15:22 . 2012-06-27 15:58        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-27 15:22 . 2012-06-27 15:58        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-27 15:22 . 2012-06-27 15:58        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-27 15:22 . 2012-06-27 15:23        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-27 15:22 . 2012-06-27 15:23        171904        ----a-w-        c:\windows\system32\wuwebv.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 16:04 . 2012-03-31 14:54        426184        -c--a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-22 16:04 . 2011-11-11 07:39        70344        -c--a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 06:54 . 2012-05-23 06:35        44184        -c--a-w-        c:\windows\system32\drivers\fsbts.sys
2012-06-13 16:25 . 2012-06-13 16:15        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-13 16:25 . 2012-06-13 16:15        981504        ----a-w-        c:\windows\system32\wininet.dll
2012-06-13 16:25 . 2012-06-13 16:15        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-13 16:24 . 2012-06-13 16:14        2342400        ----a-w-        c:\windows\system32\msi.dll
2012-06-13 16:24 . 2012-06-13 16:14        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-13 16:24 . 2012-06-13 16:14        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 16:24 . 2012-06-13 16:14        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-13 16:24 . 2012-06-13 16:14        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-13 16:24 . 2012-06-13 16:14        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-13 16:24 . 2012-06-13 16:14        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-13 16:24 . 2012-06-13 16:14        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-05-09 03:56 . 2012-05-09 02:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-09 03:56 . 2012-05-09 02:23        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-09 03:56 . 2012-05-09 02:23        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-09 03:52 . 2012-05-09 02:23        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-09 03:52 . 2012-05-09 02:23        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2009-12-01 11:01 . 2009-12-20 19:59        7919008        -c--a-w-        c:\program files\Firefox Setup 3.5.5.exe
2012-07-17 15:58 . 2012-01-02 10:14        136672        -c--a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        -c--a-w-        c:\users\Florentine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        -c--a-w-        c:\users\Florentine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        -c--a-w-        c:\users\Florentine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-05-09 1174016]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Akamai NetSession Interface"="c:\users\Florentine\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-31 13797992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"F-Secure Manager"="c:\program files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2012-03-15 311976]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-27 1090440]
"F-Secure Hoster (666)"="c:\program files\F-Secure\fshoster32.exe" [2012-05-22 163536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Florentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Florentine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2009-12-26 1311744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
 WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2012-4-23 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
R2 fshoster;F-Secure Dll Hoster;c:\program files\F-Secure\fshoster32.exe [x]
R2 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\apps\CCF_Reputation\fsorsp.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
- c:\users\Florentine\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 17:32]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
- c:\users\Florentine\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 17:32]
.
2012-07-25 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\apps\COMPUT~1\ANTI-V~1\fsav.exe [2012-05-23 16:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.linkury.com/newtab.html
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Florentine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FE3ED8C-26DD-44B9-882C-AE56BF3DACA5}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Florentine\AppData\Roaming\Mozilla\Firefox\Profiles\lqtw2ek1.default\
FF - prefs.js: browser.search.selectedEngine - Linkury Smartbar Search
FF - prefs.js: browser.startup.homepage - http://www.trojaner-board.de/120243-...tml#post872345
FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=
FF - prefs.js: network.proxy.ftp - 192.168.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 192.168.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 192.168.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files\F-Secure\fshoster32.exe\" -hosterid:0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1720)
c:\users\Florentine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-26  08:22:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-26 15:22
.
Vor Suchlauf: 8 Verzeichnis(se), 107.479.814.144 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 110.273.724.416 Bytes frei
.
- - End Of File - - 902D4C8F17FCA90CF132825E5F6FC20D

Larusso 27.07.2012 13:30
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Berichte mal, wie der Rechner läuft

Florentine 27.07.2012 15:31
Das ist ist das Ergebnis des Scans
Code:
07:22:48.0523 1792        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
07:22:48.0976 1792        ============================================================
07:22:48.0976 1792        Current date / time: 2012/07/27 07:22:48.0976
07:22:48.0976 1792        SystemInfo:
07:22:48.0976 1792       
07:22:48.0976 1792        OS Version: 6.1.7601 ServicePack: 1.0
07:22:48.0976 1792        Product type: Workstation
07:22:48.0976 1792        ComputerName: FLORENTINE-PC
07:22:48.0976 1792        UserName: Florentine
07:22:48.0976 1792        Windows directory: C:\windows
07:22:48.0976 1792        System windows directory: C:\windows
07:22:48.0976 1792        Processor architecture: Intel x86
07:22:48.0976 1792        Number of processors: 2
07:22:48.0976 1792        Page size: 0x1000
07:22:48.0976 1792        Boot type: Safe boot with network
07:22:48.0976 1792        ============================================================
07:22:49.0334 1792        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:22:49.0350 1792        ============================================================
07:22:49.0350 1792        \Device\Harddisk0\DR0:
07:22:49.0350 1792        MBR partitions:
07:22:49.0350 1792        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
07:22:49.0350 1792        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x19598000
07:22:49.0350 1792        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B3CA800, BlocksNum 0x1EFBB000
07:22:49.0350 1792        ============================================================
07:22:49.0366 1792        C: <-> \Device\Harddisk0\DR0\Partition1
07:22:49.0412 1792        D: <-> \Device\Harddisk0\DR0\Partition2
07:22:49.0412 1792        ============================================================
07:22:49.0412 1792        Initialize success
07:22:49.0412 1792        ============================================================
07:23:06.0666 1364        ============================================================
07:23:06.0666 1364        Scan started
07:23:06.0666 1364        Mode: Manual;
07:23:06.0666 1364        ============================================================
07:23:07.0025 1364        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
07:23:07.0040 1364        1394ohci - ok
07:23:07.0118 1364        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
07:23:07.0118 1364        ACPI - ok
07:23:07.0181 1364        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
07:23:07.0181 1364        AcpiPmi - ok
07:23:07.0228 1364        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
07:23:07.0243 1364        adp94xx - ok
07:23:07.0290 1364        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
07:23:07.0290 1364        adpahci - ok
07:23:07.0321 1364        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
07:23:07.0321 1364        adpu320 - ok
07:23:07.0368 1364        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
07:23:07.0368 1364        AeLookupSvc - ok
07:23:07.0462 1364        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
07:23:07.0462 1364        AFD - ok
07:23:07.0508 1364        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
07:23:07.0508 1364        agp440 - ok
07:23:07.0555 1364        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
07:23:07.0555 1364        aic78xx - ok
07:23:07.0898 1364        Akamai          (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
07:23:07.0898 1364        Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
07:23:07.0898 1364        Akamai ( HiddenFile.Multi.Generic ) - warning
07:23:07.0898 1364        Akamai - detected HiddenFile.Multi.Generic (1)
07:23:08.0023 1364        ALG            (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
07:23:08.0023 1364        ALG - ok
07:23:08.0132 1364        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
07:23:08.0148 1364        aliide - ok
07:23:08.0164 1364        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
07:23:08.0164 1364        amdagp - ok
07:23:08.0195 1364        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
07:23:08.0195 1364        amdide - ok
07:23:08.0226 1364        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
07:23:08.0226 1364        AmdK8 - ok
07:23:08.0257 1364        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
07:23:08.0257 1364        AmdPPM - ok
07:23:08.0335 1364        amdsata        (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
07:23:08.0335 1364        amdsata - ok
07:23:08.0366 1364        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
07:23:08.0366 1364        amdsbs - ok
07:23:08.0382 1364        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
07:23:08.0382 1364        amdxata - ok
07:23:08.0444 1364        AppID          (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
07:23:08.0444 1364        AppID - ok
07:23:08.0491 1364        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
07:23:08.0507 1364        AppIDSvc - ok
07:23:08.0569 1364        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
07:23:08.0569 1364        Appinfo - ok
07:23:08.0694 1364        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:23:08.0694 1364        Apple Mobile Device - ok
07:23:08.0756 1364        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
07:23:08.0756 1364        arc - ok
07:23:08.0772 1364        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
07:23:08.0772 1364        arcsas - ok
07:23:08.0819 1364        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
07:23:08.0819 1364        AsyncMac - ok
07:23:08.0881 1364        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
07:23:08.0881 1364        atapi - ok
07:23:09.0006 1364        athr            (49f17a2e79469be6581d491706720671) C:\windows\system32\DRIVERS\athr.sys
07:23:09.0037 1364        athr - ok
07:23:09.0178 1364        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
07:23:09.0193 1364        AudioEndpointBuilder - ok
07:23:09.0193 1364        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
07:23:09.0193 1364        Audiosrv - ok
07:23:09.0302 1364        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
07:23:09.0302 1364        AxInstSV - ok
07:23:09.0412 1364        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
07:23:09.0412 1364        b06bdrv - ok
07:23:09.0474 1364        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
07:23:09.0474 1364        b57nd60x - ok
07:23:09.0521 1364        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
07:23:09.0521 1364        BDESVC - ok
07:23:09.0536 1364        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
07:23:09.0536 1364        Beep - ok
07:23:09.0614 1364        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
07:23:09.0614 1364        BFE - ok
07:23:09.0692 1364        bfturboh        (f5433ce07f01fe45c940cccbb0ba2d68) C:\windows\system32\drivers\bfturboh.sys
07:23:09.0692 1364        bfturboh - ok
07:23:09.0755 1364        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
07:23:09.0770 1364        blbdrive - ok
07:23:09.0973 1364        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:23:09.0973 1364        Bonjour Service - ok
07:23:10.0051 1364        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
07:23:10.0051 1364        bowser - ok
07:23:10.0082 1364        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
07:23:10.0082 1364        BrFiltLo - ok
07:23:10.0098 1364        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
07:23:10.0098 1364        BrFiltUp - ok
07:23:10.0550 1364        BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
07:23:10.0582 1364        BridgeMP - ok
07:23:10.0894 1364        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
07:23:10.0894 1364        Browser - ok
07:23:11.0237 1364        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
07:23:11.0299 1364        Brserid - ok
07:23:11.0440 1364        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
07:23:11.0455 1364        BrSerWdm - ok
07:23:11.0502 1364        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
07:23:11.0502 1364        BrUsbMdm - ok
07:23:11.0611 1364        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
07:23:11.0627 1364        BrUsbSer - ok
07:23:11.0705 1364        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
07:23:11.0705 1364        BTHMODEM - ok
07:23:11.0752 1364        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
07:23:11.0752 1364        bthserv - ok
07:23:11.0861 1364        catchme - ok
07:23:11.0892 1364        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
07:23:11.0892 1364        cdfs - ok
07:23:11.0954 1364        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
07:23:11.0954 1364        cdrom - ok
07:23:12.0001 1364        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
07:23:12.0001 1364        CertPropSvc - ok
07:23:12.0017 1364        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
07:23:12.0017 1364        circlass - ok
07:23:12.0079 1364        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
07:23:12.0095 1364        CLFS - ok
07:23:12.0188 1364        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:23:12.0188 1364        clr_optimization_v2.0.50727_32 - ok
07:23:12.0282 1364        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:23:12.0313 1364        clr_optimization_v4.0.30319_32 - ok
07:23:12.0360 1364        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
07:23:12.0360 1364        CmBatt - ok
07:23:12.0407 1364        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
07:23:12.0407 1364        cmdide - ok
07:23:12.0469 1364        CNG            (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
07:23:12.0469 1364        CNG - ok
07:23:12.0516 1364        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
07:23:12.0516 1364        Compbatt - ok
07:23:12.0563 1364        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
07:23:12.0578 1364        CompositeBus - ok
07:23:12.0594 1364        COMSysApp - ok
07:23:12.0625 1364        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
07:23:12.0625 1364        crcdisk - ok
07:23:12.0688 1364        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
07:23:12.0688 1364        CryptSvc - ok
07:23:12.0766 1364        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
07:23:12.0922 1364        DcomLaunch - ok
07:23:12.0953 1364        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
07:23:12.0953 1364        defragsvc - ok
07:23:13.0015 1364        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
07:23:13.0015 1364        DfsC - ok
07:23:13.0078 1364        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
07:23:13.0078 1364        Dhcp - ok
07:23:13.0109 1364        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
07:23:13.0109 1364        discache - ok
07:23:13.0140 1364        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
07:23:13.0140 1364        Disk - ok
07:23:13.0187 1364        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
07:23:13.0202 1364        Dnscache - ok
07:23:13.0249 1364        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
07:23:13.0265 1364        dot3svc - ok
07:23:13.0296 1364        Dot4            (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
07:23:13.0312 1364        Dot4 - ok
07:23:13.0327 1364        Dot4Print      (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\DRIVERS\Dot4Prt.sys
07:23:13.0327 1364        Dot4Print - ok
07:23:13.0390 1364        Dot4Scan        (9f7de667c505ce6500becdd8e11644d7) C:\windows\system32\DRIVERS\Dot4Scan.sys
07:23:13.0390 1364        Dot4Scan - ok
07:23:13.0405 1364        dot4usb        (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
07:23:13.0405 1364        dot4usb - ok
07:23:13.0468 1364        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
07:23:13.0468 1364        DPS - ok
07:23:13.0514 1364        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
07:23:13.0514 1364        drmkaud - ok
07:23:13.0592 1364        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
07:23:13.0592 1364        DXGKrnl - ok
07:23:13.0639 1364        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
07:23:13.0639 1364        EapHost - ok
07:23:13.0748 1364        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
07:23:13.0780 1364        ebdrv - ok
07:23:13.0826 1364        EFS            (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
07:23:13.0826 1364        EFS - ok
07:23:13.0904 1364        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
07:23:13.0920 1364        ehRecvr - ok
07:23:13.0936 1364        ehSched        (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
07:23:13.0936 1364        ehSched - ok
07:23:14.0029 1364        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
07:23:14.0029 1364        elxstor - ok
07:23:14.0092 1364        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
07:23:14.0092 1364        ErrDev - ok
07:23:14.0138 1364        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
07:23:14.0154 1364        EventSystem - ok
07:23:14.0232 1364        ewusbnet        (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\windows\system32\DRIVERS\ewusbnet.sys
07:23:14.0248 1364        ewusbnet - ok
07:23:14.0263 1364        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
07:23:14.0263 1364        exfat - ok
07:23:14.0513 1364        F-Secure Gatekeeper (dc2ffa1ce9841c12dbc038b24ff17ff0) C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
07:23:14.0513 1364        F-Secure Gatekeeper - ok
07:23:14.0606 1364        F-Secure HIPS  (7c93d27d27d3aea2fd9e6e46abc4766e) C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
07:23:14.0606 1364        F-Secure HIPS - ok
07:23:14.0638 1364        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
07:23:14.0638 1364        fastfat - ok
07:23:14.0716 1364        Fax            (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
07:23:14.0731 1364        Fax - ok
07:23:14.0762 1364        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
07:23:14.0762 1364        fdc - ok
07:23:14.0794 1364        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
07:23:14.0794 1364        fdPHost - ok
07:23:14.0809 1364        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
07:23:14.0809 1364        FDResPub - ok
07:23:14.0825 1364        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
07:23:14.0825 1364        FileInfo - ok
07:23:14.0840 1364        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
07:23:14.0840 1364        Filetrace - ok
07:23:14.0856 1364        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
07:23:14.0872 1364        flpydisk - ok
07:23:14.0887 1364        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
07:23:14.0887 1364        FltMgr - ok
07:23:14.0965 1364        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
07:23:14.0981 1364        FontCache - ok
07:23:15.0074 1364        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:23:15.0074 1364        FontCache3.0.0.0 - ok
07:23:15.0137 1364        fsbts          (1d2de58a837e6909f98ca35103d10739) C:\windows\system32\Drivers\fsbts.sys
07:23:15.0137 1364        fsbts - ok
07:23:15.0168 1364        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
07:23:15.0184 1364        FsDepends - ok
07:23:15.0371 1364        FSDFWD          (ee0d13c7cf71e9ad2bc18c5932573d1b) C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
07:23:15.0371 1364        FSDFWD - ok
07:23:15.0433 1364        FSES            (a87006c1c4015ce286e4de7d6f8b5b0c) C:\windows\system32\drivers\fses.sys
07:23:15.0433 1364        FSES - ok
07:23:15.0496 1364        FSFW            (a272d270cef837fb95d963d4671c5603) C:\windows\system32\drivers\fsdfw.sys
07:23:15.0496 1364        FSFW - ok
07:23:15.0589 1364        fshoster        (69e8f9a3b22aac0f7eca55ee545f19e7) C:\Program Files\F-Secure\fshoster32.exe
07:23:15.0620 1364        fshoster - ok
07:23:15.0714 1364        FSMA            (c2251c602edfc49e71d13d660ab7f625) C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
07:23:15.0714 1364        FSMA - ok
07:23:15.0792 1364        FSORSPClient    (b50c3ad8a850fa494d87af943c011f2f) C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe
07:23:15.0792 1364        FSORSPClient - ok
07:23:15.0839 1364        fssfltr        (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
07:23:15.0839 1364        fssfltr - ok
07:23:15.0917 1364        fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:23:15.0932 1364        fsssvc - ok
07:23:16.0026 1364        fsvista        (f95ffcf662786dae8b79f0ba32fa8add) C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
07:23:16.0026 1364        fsvista - ok
07:23:16.0073 1364        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
07:23:16.0073 1364        Fs_Rec - ok
07:23:16.0135 1364        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
07:23:16.0135 1364        fvevol - ok
07:23:16.0166 1364        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
07:23:16.0182 1364        gagp30kx - ok
07:23:16.0213 1364        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:23:16.0213 1364        GEARAspiWDM - ok
07:23:16.0291 1364        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
07:23:16.0291 1364        gpsvc - ok
07:23:16.0307 1364        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
07:23:16.0307 1364        hcw85cir - ok
07:23:16.0385 1364        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
07:23:16.0385 1364        HdAudAddService - ok
07:23:16.0416 1364        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
07:23:16.0416 1364        HDAudBus - ok
07:23:16.0447 1364        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
07:23:16.0447 1364        HidBatt - ok
07:23:16.0463 1364        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
07:23:16.0463 1364        HidBth - ok
07:23:16.0510 1364        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
07:23:16.0510 1364        HidIr - ok
07:23:16.0556 1364        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
07:23:16.0556 1364        hidserv - ok
07:23:16.0619 1364        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
07:23:16.0619 1364        HidUsb - ok
07:23:16.0666 1364        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
07:23:16.0666 1364        hkmsvc - ok
07:23:16.0712 1364        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
07:23:16.0712 1364        HomeGroupListener - ok
07:23:16.0775 1364        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
07:23:16.0775 1364        HomeGroupProvider - ok
07:23:16.0822 1364        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
07:23:16.0822 1364        HpSAMD - ok
07:23:16.0915 1364        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
07:23:16.0931 1364        HTTP - ok
07:23:16.0993 1364        hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys
07:23:16.0993 1364        hwdatacard - ok
07:23:17.0040 1364        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
07:23:17.0040 1364        hwpolicy - ok
07:23:17.0087 1364        hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
07:23:17.0087 1364        hwusbdev - ok
07:23:17.0149 1364        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
07:23:17.0149 1364        i8042prt - ok
07:23:17.0196 1364        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
07:23:17.0196 1364        iaStor - ok
07:23:17.0243 1364        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
07:23:17.0258 1364        iaStorV - ok
07:23:17.0399 1364        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:23:17.0399 1364        idsvc - ok
07:23:17.0602 1364        igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
07:23:17.0680 1364        igfx - ok
07:23:17.0789 1364        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
07:23:17.0789 1364        iirsp - ok
07:23:17.0929 1364        IJPLMSVC        (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
07:23:17.0929 1364        IJPLMSVC - ok
07:23:18.0007 1364        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
07:23:18.0023 1364        IKEEXT - ok
07:23:18.0179 1364        IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\windows\system32\drivers\RTKVHDA.sys
07:23:18.0210 1364        IntcAzAudAddService - ok
07:23:18.0335 1364        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
07:23:18.0335 1364        intelide - ok
07:23:18.0382 1364        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
07:23:18.0382 1364        intelppm - ok
07:23:18.0413 1364        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
07:23:18.0413 1364        IPBusEnum - ok
07:23:18.0444 1364        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
07:23:18.0444 1364        IpFilterDriver - ok
07:23:18.0522 1364        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
07:23:18.0522 1364        iphlpsvc - ok
07:23:18.0569 1364        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
07:23:18.0569 1364        IPMIDRV - ok
07:23:18.0600 1364        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
07:23:18.0600 1364        IPNAT - ok
07:23:18.0709 1364        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
07:23:18.0725 1364        iPod Service - ok
07:23:18.0756 1364        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
07:23:18.0756 1364        IRENUM - ok
07:23:18.0803 1364        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
07:23:18.0803 1364        isapnp - ok
07:23:18.0850 1364        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
07:23:18.0850 1364        iScsiPrt - ok
07:23:18.0928 1364        Iviaspi        (4ac11b2250106774f694df2db4ffed61) C:\windows\system32\drivers\iviaspi.sys
07:23:18.0928 1364        Iviaspi - ok
07:23:18.0990 1364        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
07:23:18.0990 1364        kbdclass - ok
07:23:19.0021 1364        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
07:23:19.0021 1364        kbdhid - ok
07:23:19.0068 1364        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:19.0068 1364        KeyIso - ok
07:23:19.0099 1364        KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
07:23:19.0115 1364        KSecDD - ok
07:23:19.0130 1364        KSecPkg        (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
07:23:19.0130 1364        KSecPkg - ok
07:23:19.0162 1364        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
07:23:19.0177 1364        KtmRm - ok
07:23:19.0224 1364        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
07:23:19.0224 1364        LanmanServer - ok
07:23:19.0302 1364        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
07:23:19.0318 1364        LanmanWorkstation - ok
07:23:19.0364 1364        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
07:23:19.0364 1364        lltdio - ok
07:23:19.0396 1364        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
07:23:19.0396 1364        lltdsvc - ok
07:23:19.0411 1364        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
07:23:19.0427 1364        lmhosts - ok
07:23:19.0489 1364        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
07:23:19.0489 1364        LSI_FC - ok
07:23:19.0505 1364        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
07:23:19.0505 1364        LSI_SAS - ok
07:23:19.0552 1364        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
07:23:19.0552 1364        LSI_SAS2 - ok
07:23:19.0567 1364        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
07:23:19.0567 1364        LSI_SCSI - ok
07:23:19.0614 1364        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
07:23:19.0614 1364        luafv - ok
07:23:19.0661 1364        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
07:23:19.0676 1364        Mcx2Svc - ok
07:23:19.0676 1364        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
07:23:19.0692 1364        megasas - ok
07:23:19.0739 1364        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
07:23:19.0739 1364        MegaSR - ok
07:23:19.0879 1364        Microsoft SharePoint Workspace Audit Service - ok
07:23:19.0910 1364        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
07:23:19.0910 1364        MMCSS - ok
07:23:19.0926 1364        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
07:23:19.0926 1364        Modem - ok
07:23:19.0957 1364        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
07:23:19.0973 1364        monitor - ok
07:23:20.0004 1364        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
07:23:20.0020 1364        mouclass - ok
07:23:20.0082 1364        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
07:23:20.0082 1364        mouhid - ok
07:23:20.0129 1364        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
07:23:20.0129 1364        mountmgr - ok
07:23:20.0222 1364        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:23:20.0238 1364        MozillaMaintenance - ok
07:23:20.0285 1364        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
07:23:20.0285 1364        mpio - ok
07:23:20.0300 1364        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
07:23:20.0316 1364        mpsdrv - ok
07:23:20.0363 1364        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
07:23:20.0363 1364        MRxDAV - ok
07:23:20.0425 1364        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
07:23:20.0425 1364        mrxsmb - ok
07:23:20.0472 1364        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
07:23:20.0488 1364        mrxsmb10 - ok
07:23:20.0503 1364        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
07:23:20.0503 1364        mrxsmb20 - ok
07:23:20.0550 1364        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
07:23:20.0550 1364        msahci - ok
07:23:20.0597 1364        msdsm          (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
07:23:20.0597 1364        msdsm - ok
07:23:20.0628 1364        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
07:23:20.0628 1364        MSDTC - ok
07:23:20.0690 1364        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
07:23:20.0690 1364        Msfs - ok
07:23:20.0706 1364        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
07:23:20.0706 1364        mshidkmdf - ok
07:23:20.0753 1364        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
07:23:20.0753 1364        msisadrv - ok
07:23:20.0815 1364        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
07:23:20.0815 1364        MSiSCSI - ok
07:23:20.0831 1364        msiserver - ok
07:23:20.0862 1364        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
07:23:20.0862 1364        MSKSSRV - ok
07:23:20.0878 1364        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
07:23:20.0878 1364        MSPCLOCK - ok
07:23:20.0878 1364        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
07:23:20.0878 1364        MSPQM - ok
07:23:20.0909 1364        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
07:23:20.0924 1364        MsRPC - ok
07:23:20.0956 1364        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
07:23:20.0956 1364        mssmbios - ok
07:23:20.0971 1364        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
07:23:20.0971 1364        MSTEE - ok
07:23:20.0987 1364        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
07:23:20.0987 1364        MTConfig - ok
07:23:21.0018 1364        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
07:23:21.0018 1364        Mup - ok
07:23:21.0080 1364        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
07:23:21.0096 1364        napagent - ok
07:23:21.0143 1364        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
07:23:21.0143 1364        NativeWifiP - ok
07:23:21.0236 1364        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
07:23:21.0252 1364        NDIS - ok
07:23:21.0299 1364        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
07:23:21.0299 1364        NdisCap - ok
07:23:21.0330 1364        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
07:23:21.0330 1364        NdisTapi - ok
07:23:21.0377 1364        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
07:23:21.0377 1364        Ndisuio - ok
07:23:21.0424 1364        NdisWan        (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
07:23:21.0424 1364        NdisWan - ok
07:23:21.0455 1364        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
07:23:21.0470 1364        NDProxy - ok
07:23:21.0502 1364        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
07:23:21.0502 1364        NetBIOS - ok
07:23:21.0533 1364        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
07:23:21.0533 1364        NetBT - ok
07:23:21.0580 1364        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:21.0580 1364        Netlogon - ok
07:23:21.0642 1364        Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
07:23:21.0642 1364        Netman - ok
07:23:21.0673 1364        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
07:23:21.0673 1364        netprofm - ok
07:23:21.0782 1364        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:23:21.0782 1364        NetTcpPortSharing - ok
07:23:21.0814 1364        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
07:23:21.0814 1364        nfrd960 - ok
07:23:21.0876 1364        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
07:23:21.0876 1364        NlaSvc - ok
07:23:21.0923 1364        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
07:23:21.0923 1364        Npfs - ok
07:23:21.0938 1364        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
07:23:21.0938 1364        nsi - ok
07:23:21.0970 1364        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
07:23:21.0970 1364        nsiproxy - ok
07:23:22.0079 1364        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
07:23:22.0094 1364        Ntfs - ok
07:23:22.0110 1364        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
07:23:22.0110 1364        Null - ok
07:23:22.0469 1364        nvlddmkm        (2713392707e515efb671751fa767ebd2) C:\windows\system32\DRIVERS\nvlddmkm.sys
07:23:22.0656 1364        nvlddmkm - ok
07:23:22.0781 1364        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
07:23:22.0796 1364        nvraid - ok
07:23:22.0812 1364        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
07:23:22.0812 1364        nvstor - ok
07:23:22.0874 1364        nvsvc          (d445466c0a10536486fbebbc271d6e34) C:\windows\system32\nvvsvc.exe
07:23:22.0874 1364        nvsvc - ok
07:23:22.0890 1364        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
07:23:22.0890 1364        nv_agp - ok
07:23:22.0906 1364        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
07:23:22.0906 1364        ohci1394 - ok
07:23:23.0015 1364        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:23:23.0015 1364        ose - ok
07:23:23.0296 1364        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:23:23.0405 1364        osppsvc - ok
07:23:23.0530 1364        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
07:23:23.0530 1364        p2pimsvc - ok
07:23:23.0576 1364        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
07:23:23.0576 1364        p2psvc - ok
07:23:23.0623 1364        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
07:23:23.0639 1364        Parport - ok
07:23:23.0686 1364        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
07:23:23.0686 1364        partmgr - ok
07:23:23.0686 1364        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
07:23:23.0686 1364        Parvdm - ok
07:23:23.0717 1364        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
07:23:23.0717 1364        PcaSvc - ok
07:23:23.0779 1364        pci            (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
07:23:23.0779 1364        pci - ok
07:23:23.0810 1364        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
07:23:23.0810 1364        pciide - ok
07:23:23.0857 1364        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
07:23:23.0857 1364        pcmcia - ok
07:23:23.0873 1364        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
07:23:23.0873 1364        pcw - ok
07:23:23.0935 1364        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
07:23:23.0935 1364        PEAUTH - ok
07:23:24.0076 1364        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
07:23:24.0091 1364        pla - ok
07:23:24.0216 1364        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
07:23:24.0232 1364        PlugPlay - ok
07:23:24.0263 1364        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
07:23:24.0263 1364        PNRPAutoReg - ok
07:23:24.0278 1364        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
07:23:24.0294 1364        PNRPsvc - ok
07:23:24.0341 1364        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
07:23:24.0356 1364        PolicyAgent - ok
07:23:24.0403 1364        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
07:23:24.0403 1364        Power - ok
07:23:24.0466 1364        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
07:23:24.0466 1364        PptpMiniport - ok
07:23:24.0497 1364        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
07:23:24.0497 1364        Processor - ok
07:23:24.0544 1364        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
07:23:24.0544 1364        ProfSvc - ok
07:23:24.0590 1364        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:24.0590 1364        ProtectedStorage - ok
07:23:24.0637 1364        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
07:23:24.0637 1364        Psched - ok
07:23:24.0715 1364        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
07:23:24.0731 1364        ql2300 - ok
07:23:24.0762 1364        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
07:23:24.0762 1364        ql40xx - ok
07:23:24.0809 1364        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
07:23:24.0809 1364        QWAVE - ok
07:23:24.0824 1364        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
07:23:24.0824 1364        QWAVEdrv - ok
07:23:24.0840 1364        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
07:23:24.0840 1364        RasAcd - ok
07:23:24.0871 1364        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
07:23:24.0887 1364        RasAgileVpn - ok
07:23:24.0902 1364        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
07:23:24.0902 1364        RasAuto - ok
07:23:24.0934 1364        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
07:23:24.0934 1364        Rasl2tp - ok
07:23:24.0996 1364        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
07:23:25.0012 1364        RasMan - ok
07:23:25.0043 1364        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
07:23:25.0043 1364        RasPppoe - ok
07:23:25.0043 1364        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
07:23:25.0043 1364        RasSstp - ok
07:23:25.0105 1364        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
07:23:25.0105 1364        rdbss - ok
07:23:25.0121 1364        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
07:23:25.0121 1364        rdpbus - ok
07:23:25.0152 1364        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
07:23:25.0152 1364        RDPCDD - ok
07:23:25.0168 1364        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
07:23:25.0168 1364        RDPENCDD - ok
07:23:25.0183 1364        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
07:23:25.0199 1364        RDPREFMP - ok
07:23:25.0246 1364        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
07:23:25.0246 1364        RDPWD - ok
07:23:25.0308 1364        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
07:23:25.0324 1364        rdyboost - ok
07:23:25.0370 1364        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
07:23:25.0370 1364        RemoteAccess - ok
07:23:25.0402 1364        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
07:23:25.0402 1364        RemoteRegistry - ok
07:23:25.0433 1364        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
07:23:25.0433 1364        RpcEptMapper - ok
07:23:25.0448 1364        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
07:23:25.0448 1364        RpcLocator - ok
07:23:25.0511 1364        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
07:23:25.0511 1364        RpcSs - ok
07:23:25.0558 1364        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
07:23:25.0558 1364        rspndr - ok
07:23:25.0620 1364        RTL8167        (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
07:23:25.0620 1364        RTL8167 - ok
07:23:25.0651 1364        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
07:23:25.0651 1364        SABI - ok
07:23:25.0714 1364        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:25.0714 1364        SamSs - ok
07:23:25.0760 1364        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
07:23:25.0760 1364        sbp2port - ok
07:23:25.0807 1364        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
07:23:25.0807 1364        SCardSvr - ok
07:23:25.0838 1364        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
07:23:25.0854 1364        scfilter - ok
07:23:25.0916 1364        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
07:23:25.0932 1364        Schedule - ok
07:23:25.0948 1364        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
07:23:25.0948 1364        SCPolicySvc - ok
07:23:25.0994 1364        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
07:23:25.0994 1364        SDRSVC - ok
07:23:26.0041 1364        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
07:23:26.0041 1364        secdrv - ok
07:23:26.0057 1364        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
07:23:26.0072 1364        seclogon - ok
07:23:26.0119 1364        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
07:23:26.0119 1364        SENS - ok
07:23:26.0150 1364        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
07:23:26.0150 1364        SensrSvc - ok
07:23:26.0166 1364        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
07:23:26.0182 1364        Serenum - ok
07:23:26.0197 1364        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
07:23:26.0197 1364        Serial - ok
07:23:26.0244 1364        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
07:23:26.0244 1364        sermouse - ok
07:23:26.0306 1364        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
07:23:26.0306 1364        SessionEnv - ok
07:23:26.0322 1364        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
07:23:26.0322 1364        sffdisk - ok
07:23:26.0338 1364        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
07:23:26.0338 1364        sffp_mmc - ok
07:23:26.0353 1364        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
07:23:26.0353 1364        sffp_sd - ok
07:23:26.0384 1364        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
07:23:26.0384 1364        sfloppy - ok
07:23:26.0431 1364        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
07:23:26.0447 1364        SharedAccess - ok
07:23:26.0494 1364        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
07:23:26.0509 1364        ShellHWDetection - ok
07:23:26.0556 1364        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
07:23:26.0556 1364        sisagp - ok
07:23:26.0587 1364        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
07:23:26.0587 1364        SiSRaid2 - ok
07:23:26.0618 1364        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
07:23:26.0618 1364        SiSRaid4 - ok
07:23:26.0696 1364        SkypeUpdate    (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
07:23:26.0696 1364        SkypeUpdate - ok
07:23:26.0728 1364        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
07:23:26.0728 1364        Smb - ok
07:23:26.0774 1364        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
07:23:26.0774 1364        SNMPTRAP - ok
07:23:26.0806 1364        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
07:23:26.0806 1364        spldr - ok
07:23:26.0868 1364        Spooler        (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
07:23:26.0868 1364        Spooler - ok
07:23:27.0040 1364        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
07:23:27.0086 1364        sppsvc - ok
07:23:27.0211 1364        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
07:23:27.0211 1364        sppuinotify - ok
07:23:27.0305 1364        SQLWriter      (54902536aad0e9b99bc65f89c0caf93f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:23:27.0320 1364        SQLWriter - ok
07:23:27.0383 1364        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
07:23:27.0383 1364        srv - ok
07:23:27.0430 1364        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
07:23:27.0430 1364        srv2 - ok
07:23:27.0476 1364        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
07:23:27.0476 1364        srvnet - ok
07:23:27.0508 1364        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
07:23:27.0508 1364        SSDPSRV - ok
07:23:27.0523 1364        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
07:23:27.0539 1364        SstpSvc - ok
07:23:27.0554 1364        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
07:23:27.0554 1364        stexstor - ok
07:23:27.0617 1364        StillCam        (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
07:23:27.0617 1364        StillCam - ok
07:23:27.0695 1364        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
07:23:27.0695 1364        StiSvc - ok
07:23:27.0742 1364        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
07:23:27.0757 1364        swenum - ok
07:23:27.0804 1364        swprv          (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
07:23:27.0820 1364        swprv - ok
07:23:27.0866 1364        SynTP          (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
07:23:27.0866 1364        SynTP - ok
07:23:27.0976 1364        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
07:23:27.0991 1364        SysMain - ok
07:23:28.0038 1364        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
07:23:28.0038 1364        TabletInputService - ok
07:23:28.0085 1364        TapiSrv        (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
07:23:28.0085 1364        TapiSrv - ok
07:23:28.0116 1364        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
07:23:28.0116 1364        TBS - ok
07:23:28.0272 1364        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
07:23:28.0288 1364        Tcpip - ok
07:23:28.0319 1364        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
07:23:28.0319 1364        TCPIP6 - ok
07:23:28.0366 1364        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
07:23:28.0381 1364        tcpipreg - ok
07:23:28.0412 1364        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
07:23:28.0412 1364        TDPIPE - ok
07:23:28.0459 1364        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
07:23:28.0459 1364        TDTCP - ok
07:23:28.0506 1364        tdx            (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
07:23:28.0506 1364        tdx - ok
07:23:28.0553 1364        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
07:23:28.0553 1364        TermDD - ok
07:23:28.0615 1364        TermService    (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
07:23:28.0615 1364        TermService - ok
07:23:28.0646 1364        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
07:23:28.0646 1364        Themes - ok
07:23:28.0693 1364        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
07:23:28.0693 1364        THREADORDER - ok
07:23:28.0709 1364        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
07:23:28.0709 1364        TrkWks - ok
07:23:28.0771 1364        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
07:23:28.0771 1364        TrustedInstaller - ok
07:23:28.0818 1364        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
07:23:28.0818 1364        tssecsrv - ok
07:23:28.0849 1364        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
07:23:28.0849 1364        TsUsbFlt - ok
07:23:28.0912 1364        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
07:23:28.0927 1364        tunnel - ok
07:23:28.0958 1364        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
07:23:28.0958 1364        uagp35 - ok
07:23:29.0021 1364        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
07:23:29.0021 1364        udfs - ok
07:23:29.0068 1364        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
07:23:29.0068 1364        UI0Detect - ok
07:23:29.0114 1364        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
07:23:29.0130 1364        uliagpkx - ok
07:23:29.0146 1364        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
07:23:29.0146 1364        umbus - ok
07:23:29.0161 1364        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
07:23:29.0161 1364        UmPass - ok
07:23:29.0192 1364        upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
07:23:29.0192 1364        upnphost - ok
07:23:29.0239 1364        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
07:23:29.0255 1364        usbccgp - ok
07:23:29.0302 1364        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
07:23:29.0302 1364        usbcir - ok
07:23:29.0348 1364        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
07:23:29.0348 1364        usbehci - ok
07:23:29.0380 1364        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
07:23:29.0380 1364        usbhub - ok
07:23:29.0411 1364        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
07:23:29.0411 1364        usbohci - ok
07:23:29.0458 1364        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
07:23:29.0458 1364        usbprint - ok
07:23:29.0504 1364        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
07:23:29.0504 1364        usbscan - ok
07:23:29.0551 1364        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
07:23:29.0551 1364        USBSTOR - ok
07:23:29.0582 1364        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
07:23:29.0582 1364        usbuhci - ok
07:23:29.0645 1364        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
07:23:29.0645 1364        usbvideo - ok
07:23:29.0676 1364        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
07:23:29.0676 1364        UxSms - ok
07:23:29.0723 1364        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
07:23:29.0723 1364        VaultSvc - ok
07:23:29.0754 1364        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
07:23:29.0770 1364        vdrvroot - ok
07:23:29.0832 1364        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
07:23:29.0832 1364        vds - ok
07:23:29.0863 1364        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
07:23:29.0863 1364        vga - ok
07:23:29.0894 1364        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
07:23:29.0894 1364        VgaSave - ok
07:23:29.0957 1364        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
07:23:29.0957 1364        vhdmp - ok
07:23:30.0004 1364        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
07:23:30.0004 1364        viaagp - ok
07:23:30.0035 1364        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
07:23:30.0035 1364        ViaC7 - ok
07:23:30.0082 1364        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
07:23:30.0082 1364        viaide - ok
07:23:30.0097 1364        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
07:23:30.0113 1364        volmgr - ok
07:23:30.0160 1364        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
07:23:30.0175 1364        volmgrx - ok
07:23:30.0222 1364        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
07:23:30.0222 1364        volsnap - ok
07:23:30.0253 1364        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
07:23:30.0253 1364        vsmraid - ok
07:23:30.0331 1364        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
07:23:30.0347 1364        VSS - ok
07:23:30.0378 1364        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
07:23:30.0378 1364        vwifibus - ok
07:23:30.0394 1364        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
07:23:30.0394 1364        vwififlt - ok
07:23:30.0425 1364        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
07:23:30.0425 1364        vwifimp - ok
07:23:30.0472 1364        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
07:23:30.0472 1364        W32Time - ok
07:23:30.0503 1364        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
07:23:30.0503 1364        WacomPen - ok
07:23:30.0565 1364        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
07:23:30.0581 1364        WANARP - ok
07:23:30.0596 1364        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
07:23:30.0596 1364        Wanarpv6 - ok
07:23:30.0721 1364        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
07:23:30.0737 1364        WatAdminSvc - ok
07:23:30.0830 1364        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
07:23:30.0846 1364        wbengine - ok
07:23:30.0877 1364        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
07:23:30.0893 1364        WbioSrvc - ok
07:23:30.0940 1364        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
07:23:30.0955 1364        wcncsvc - ok
07:23:30.0971 1364        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
07:23:30.0971 1364        WcsPlugInService - ok
07:23:31.0033 1364        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
07:23:31.0033 1364        Wd - ok
07:23:31.0064 1364        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
07:23:31.0064 1364        Wdf01000 - ok
07:23:31.0080 1364        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
07:23:31.0080 1364        WdiServiceHost - ok
07:23:31.0111 1364        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
07:23:31.0127 1364        WdiSystemHost - ok
07:23:31.0158 1364        WebClient      (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
07:23:31.0174 1364        WebClient - ok
07:23:31.0205 1364        Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
07:23:31.0220 1364        Wecsvc - ok
07:23:31.0236 1364        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
07:23:31.0236 1364        wercplsupport - ok
07:23:31.0267 1364        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
07:23:31.0283 1364        WerSvc - ok
07:23:31.0298 1364        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
07:23:31.0298 1364        WfpLwf - ok
07:23:31.0314 1364        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
07:23:31.0314 1364        WIMMount - ok
07:23:31.0423 1364        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
07:23:31.0423 1364        WinDefend - ok
07:23:31.0439 1364        WinHttpAutoProxySvc - ok
07:23:31.0486 1364        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
07:23:31.0486 1364        Winmgmt - ok
07:23:31.0579 1364        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
07:23:31.0595 1364        WinRM - ok
07:23:31.0673 1364        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
07:23:31.0688 1364        Wlansvc - ok
07:23:31.0735 1364        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
07:23:31.0735 1364        WmiAcpi - ok
07:23:31.0813 1364        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
07:23:31.0813 1364        wmiApSrv - ok
07:23:31.0969 1364        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:23:31.0985 1364        WMPNetworkSvc - ok
07:23:32.0094 1364        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
07:23:32.0094 1364        WPCSvc - ok
07:23:32.0125 1364        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
07:23:32.0141 1364        WPDBusEnum - ok
07:23:32.0172 1364        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
07:23:32.0172 1364        ws2ifsl - ok
07:23:32.0188 1364        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
07:23:32.0188 1364        wscsvc - ok
07:23:32.0203 1364        WSearch - ok
07:23:32.0344 1364        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
07:23:32.0375 1364        wuauserv - ok
07:23:32.0500 1364        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
07:23:32.0500 1364        WudfPf - ok
07:23:32.0546 1364        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
07:23:32.0546 1364        WUDFRd - ok
07:23:32.0578 1364        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
07:23:32.0578 1364        wudfsvc - ok
07:23:32.0624 1364        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
07:23:32.0624 1364        WwanSvc - ok
07:23:32.0671 1364        MBR (0x1B8)    (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
07:23:32.0952 1364        \Device\Harddisk0\DR0 - ok
07:23:32.0952 1364        Boot (0x1200)  (ffcf558f995dc6506b87e0580f61da7e) \Device\Harddisk0\DR0\Partition0
07:23:32.0952 1364        \Device\Harddisk0\DR0\Partition0 - ok
07:23:32.0968 1364        Boot (0x1200)  (4d4821b6231758dbc3f0304b6bba6dbb) \Device\Harddisk0\DR0\Partition1
07:23:32.0968 1364        \Device\Harddisk0\DR0\Partition1 - ok
07:23:32.0999 1364        Boot (0x1200)  (3816343f3d7af4ed0bb4c1fe70be24c9) \Device\Harddisk0\DR0\Partition2
07:23:32.0999 1364        \Device\Harddisk0\DR0\Partition2 - ok
07:23:32.0999 1364        ============================================================
07:23:32.0999 1364        Scan finished
07:23:32.0999 1364        ============================================================
07:23:33.0014 1328        Detected object count: 1
07:23:33.0014 1328        Actual detected object count: 1
07:24:08.0504 1328        Akamai ( HiddenFile.Multi.Generic ) - skipped by user
07:24:08.0504 1328        Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
Ich benutze den Rechner nur für das Forum und die Scans, daher läuft das im abges. Modus ganz gut. Wenn ich eine Internetseite öffne, öffnet sich meist ein zweiter Tab mit Werbung. Suchergebnisse bei Google bringen mich nie auf die angeklickte Seite, sondern es geht gleich auf Werbung. Mein Word und F-Secure kann ich nicht öffnen. Das Icon für Live Security Platinum, das sich auf dem Desktop installiert hat, ist auch weg. Sonst versuch ich nichts weiter zu machen.
Viele Grüße

Larusso 27.07.2012 18:57
Zitat:
Google bringen mich nie auf die angeklickte Seite, sondern es geht gleich auf Werbung
Immer noch ?
Im abgesicherten Modus brauchst du nicht prüfen, wie der PC läuft. Das bringt mich nicht weiter.

Florentine 28.07.2012 08:51
Da ich nichts falsch machen wollte, war ich die ganze Zeit im abg. Modus. Schreib doch bitte solche kleinen aber wichtigen Details mit rein, dann kann ich auch besser antworten.
Also im Normalmodus hing er kurz im Internet (keine Rückmeldung), es öffnet sich aber keine zusaetzliche Werbung auch nicht bei Google. Mein Virenprogramm sagt mir, dass alles ok ist (sag mir, wenn ich das durchlaufen lassen soll) und Word fkt. auch
Da scheint ja schon mal die halbe Miete. :pfeiff:

Larusso 28.07.2012 12:34
F-Secure startet auch ?

Florentine 28.07.2012 16:40
Liste der Anhänge anzeigen (Anzahl: 1)
Ja, das wird als aktiv angezeigt und öffnet sich auch.
Ich bekomme eine Fehlermeldung wenn der PC sich hochfährt. Die Meldung hänge ich in den Anhang.
Ich habe das Gefühl dass der PC ein bisschen langsamer ist.
Grüße aus LA
Flo

Florentine 29.07.2012 07:45
Liste der Anhänge anzeigen (Anzahl: 1)
Habe F-secure durchlaufen lassen. Hat eine malware gefunden, siehe Anhang, ist in Quarantäne, kann ich auch wieder 'freilassen' wenn wirs bräuchten. Jetzt wart ich erstmal auf neue Anweisungen :dankeschoen:

Larusso 29.07.2012 12:07
Lösche bitte die vorhandene Combofix Version und downloade dir von hier eine neue Version.

Speichere diese auf dem Desktop.
Gehe sicher, dass all deine Anti Virus und anderen Schutzprogramme abgeschalten sind.



Poste die C:\Combofix.txt hier


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:10 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19