Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Daten auf ext. FP weg bzw. nur noch Verknüpfungen werden angezeigt! (https://www.trojaner-board.de/115854-daten-ext-fp-weg-bzw-nur-noch-verknuepfungen-angezeigt.html)

roterengel24 27.05.2012 23:06
Daten auf ext. FP weg bzw. nur noch Verknüpfungen werden angezeigt!
 
Hallo!
Ich brauche unbedingt Hilfe!!!
Habe auf einer "Intenso" FP meine ganzen persönlichen und beruflichen Daten immer schön abgespeichert....
Letzte Woche habe ich zwei Ordner erstellt, einen Privat und einen Beruflich!
Habe die jeweiligen Ordner und Daten die da waren sortiert und reingepackt. Heute wollte ich private Fotos auswählen und Abzüge machen lassen und stellte fest, dass jeder Ordner ein Verknüpfungszeichen hat und ich ihn nicht mehr öffnen kann
will ich ihn öffnen schreibt er mir was von: "E:\PrivatRECYCLER\0xFFD12566.exe" konnte nicht gefunden werden, sind sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.


Wer kann mir helfen??? Wo sind meine Daten hin??? Nur der Gedanke daran, dass meine ganzen Sachen weg sind, lässt mich schon drauf los heulen... und bitte schreibt mir keine Belehrungen zu künftigen Datensicherungen... das wird mir in diesem Leben nie wieder passieren!

Muss auch dazu sagen, dass ich nur bedingt einen Plan vom PC habe und natürlich eine Frau bin ;-)

Sollte ich, um meine Daten wieder zu bekommen in einen PC-Shop (CHW-Worms) gehen?

cosinus 29.05.2012 15:47
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

roterengel24 04.06.2012 09:47
Hallo!
Habe den Vollscan mit Malware gemacht und wollte nun ESET machen, da sagt er mir dann, dass bei der Initialisierung der unerwartete Fehler 2002 auftritt??
Was nun? Habe es ein paar mal versucht, er schreibt mir das aber immer wieder?
LG und Danke!!!


So Kommando zurück, habe es noch ein paar mal versucht und irgendwann hat es geklappt ;-)

Malwarbytes Log-Dateien:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.03

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Probst :: PROBST-PC [Administrator]

Schutz: Aktiviert

03.06.2012 13:53:51
mbam-log-2012-06-03 (13-53-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 321579
Laufzeit: 1 Stunde(n), 29 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Probst\Downloads\SoftonicDownloader_fuer_idump.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows.old\Users\Tina & Oli\AppData\Roaming\Wrukug.exe (Backdoor.IRCBot.WR) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
ESET Online Scanner

Code:
C:\Users\Probst\Desktop\Bewerbungsunterlagen\_Basisload USBs Teilnehmer.lnk        Win32/Dorkbot.D Wurm
C:\Users\Probst\Desktop\alles Fotos!.lnk        Win32/Dorkbot.D Wurm

cosinus 04.06.2012 21:40
Zitat:
C:\Users\Probst\Downloads\SoftonicDownloader_fuer_idump.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

roterengel24 04.06.2012 21:54
Hallo,
habe vorher noch nie was mit Malwarebytes zu tun gehabt, also auch keine weiteren Logs.
Ehrlich gesagt weiß ich noch nicht mal genau was bei Softonic gedownloaded wurde bzw. was das genau ist???
Habe eigentlich immer vom Hersteller oder tatsächlich von chip.de Programme genutzt... aber ich kenn mich halt auch nicht ganz so gut aus...:confused:
ich hab nur angst, dass ich nie wieder an meine fotos komme???:eek: naja, was heißt nur....
werde ich diese denn wiederbekommen? und was ist das für ein wurm? dieses mistding!!! :kloppen: kannst du mir dazu schon was sagen?

vielen dank für deine hilfe

cosinus 05.06.2012 08:57
Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html
Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen

Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör

Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen:

Code:
attrib -s -h "x:\ordner" /s /d
x: => Muss angepasst werden, den passenden Buchstaben verwenden
"ordner" muss dann der jew. richtige Ordnername sein

Vgl. diesen Strang => http://www.trojaner-board.de/102950-...traeger-2.html

roterengel24 05.06.2012 10:46
Vielen vielen Dank! Ich habe die Fotos wieder!!!! Was muss ich jetzt machen? Der Wurm ist ja noch nicht weg, oder?

cosinus 05.06.2012 11:02
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

roterengel24 05.06.2012 11:28
Windows hat die ganze Zeit funktioniert, jetzt habe ich drei Ordner auf dem Desktop, die sich nicht mehr öffnen lassen, aber die brauche ich auch nicht wirklich... Die Fotos und die wichtigen Dokumente auf der ext. Festplatte sind wieder da und die Verknüpfungszeichen sind weg! :)

cosinus 05.06.2012 11:39
Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html
Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen

Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör

Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen:

Code:
attrib -s -h "x:\ordner" /s /d
x: => Muss angepasst werden, den passenden Buchstaben verwenden
"ordner" muss dann der jew. richtige Ordnername sein

Vgl. diesen Strang => http://www.trojaner-board.de/102950-...traeger-2.html

roterengel24 05.06.2012 20:16
hallo,
bin jetzt bereit für den nächsten schritt... der wurm muss ja wahrscheinlich weg, oder???? :daumenhoc:daumenhoc

cosinus 05.06.2012 20:36
Ja sind die Daten jetzt wieder sichtbar?

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

roterengel24 05.06.2012 21:26
hallo, ich kann den otl von oldtimer nicht downloaden, der link geht auch nicht... er findet die seite nicht???:confused:

cosinus 05.06.2012 22:08
Probier diesen Link => http://www.itxassociates.com/OT-Tools/OTL.exe

roterengel24 06.06.2012 10:08
OTL:
OTL Logfile:
Code:
OTL logfile created on: 06.06.2012 10:21:29 - Run 1
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\Probst\Downloads
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
764,56 Mb Total Physical Memory | 373,12 Mb Available Physical Memory | 48,80% Memory free
1,76 Gb Paging File | 1,07 Gb Available in Paging File | 60,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,78 Gb Total Space | 63,21 Gb Free Space | 57,58% Space Free | Partition Type: NTFS
 
Computer Name: PROBST-PC | User Name: Probst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.06 10:16:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Probst\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.26 17:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 16:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2012.01.30 05:45:55 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.01.30 05:14:52 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.06.19 11:55:12 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Programme\SiS VGA Utilities\SiSTray.exe
PRC - [2006.11.02 14:33:48 | 001,004,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.07 21:46:52 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.02.01 04:25:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2012.02.01 04:25:10 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2012.02.01 04:24:57 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2012.02.01 04:23:41 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2012.02.01 04:23:29 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2012.01.30 04:34:34 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.07 16:04:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.11.02 14:33:48 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.06.19 11:47:54 | 000,464,384 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2008.04.23 12:21:08 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2007.07.04 11:04:54 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.06.19 13:04:48 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.05.09 17:33:00 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\..\SearchScopes,DefaultScope = {C740A450-952E-42B3-9E9C-9DF1697BD1D0}
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\..\SearchScopes\{C740A450-952E-42B3-9E9C-9DF1697BD1D0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.07 16:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.01.29 13:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Probst\AppData\Roaming\mozilla\Extensions
[2012.05.02 09:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions
[2012.03.08 16:33:36 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.03.08 16:33:16 | 000,003,915 | ---- | M] () -- C:\Users\Probst\AppData\Roaming\Mozilla\Firefox\Profiles\1qzkdlqf.default\searchplugins\sweetim.xml
[2012.03.20 14:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.07 16:04:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Probst\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Probst\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Probst\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Probst\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Probst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Users\Probst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Probst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Probst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Probst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Probst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.6.3\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000..\Run: [Wrukug] C:\Users\Probst\AppData\Roaming\Wrukug.exe (Simon Tatham)
O4 - Startup: C:\Users\Probst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{221B1F5E-B0A3-41F9-8AEB-3A75802D0C5E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EE04B35-9A38-4278-975E-16ADEAB8BECA}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A4E927-A679-4B84-AD77-0909979C2D96}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.05 11:38:03 | 000,262,144 | ---- | C] (Simon Tatham) -- C:\Users\Probst\AppData\Roaming\Wrukug.exe
[2012.06.04 12:12:14 | 000,000,000 | ---D | C] -- C:\Users\Probst\Documents\wurm
[2012.06.04 08:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.03 13:51:23 | 000,000,000 | ---D | C] -- C:\Users\Probst\AppData\Roaming\Malwarebytes
[2012.06.03 13:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 13:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 13:51:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.03 13:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.18 23:26:37 | 000,000,000 | ---D | C] -- C:\Users\Probst\Desktop\Tattoovorlage
[2012.05.18 22:57:17 | 000,000,000 | -H-D | C] -- C:\Users\Probst\Desktop\.picasaoriginals
[2012.05.07 16:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.07 16:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.06 10:05:07 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 10:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.06 10:05:06 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.05 12:06:34 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1FD4C116-C35B-4387-BE04-E7F612D8B48B}.job
[2012.06.05 08:18:40 | 802,340,864 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.03 13:51:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 14:48:02 | 000,019,394 | ---- | M] () -- C:\Users\Probst\Desktop\319754_374939482567873_717490930_n.jpg
[2012.05.28 20:21:18 | 000,019,560 | ---- | M] () -- C:\Users\Probst\Desktop\536528_3061189179843_1566850012_32027276_1152317748_n.jpg
[2012.05.25 18:26:02 | 000,033,278 | ---- | M] () -- C:\Users\Probst\Desktop\1337963144.png
[2012.05.23 10:34:07 | 000,031,855 | ---- | M] () -- C:\Users\Probst\Desktop\63100466.jpg
[2012.05.20 09:48:28 | 000,060,628 | ---- | M] () -- C:\Users\Probst\Desktop\544990_3046960464134_1566850012_32019765_1204281814_n.jpg
[2012.05.17 22:42:32 | 000,266,189 | ---- | M] () -- C:\Users\Probst\Documents\Rentenkontoänderung.pdf
[2012.05.16 10:11:18 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.16 10:11:18 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.16 10:11:18 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.16 10:11:18 | 000,004,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.13 03:04:13 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012.05.07 19:36:04 | 000,021,607 | ---- | M] () -- C:\Users\Probst\Desktop\Brief Agaplesion HDV.odt
[2012.05.07 18:25:48 | 000,012,794 | ---- | M] () -- C:\Users\Probst\Desktop\ESt2010_Probst_Gisela.elfo
 
========== Files Created - No Company Name ==========
 
[2012.06.03 13:51:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 14:47:54 | 000,019,394 | ---- | C] () -- C:\Users\Probst\Desktop\319754_374939482567873_717490930_n.jpg
[2012.05.28 20:21:03 | 000,019,560 | ---- | C] () -- C:\Users\Probst\Desktop\536528_3061189179843_1566850012_32027276_1152317748_n.jpg
[2012.05.25 23:05:14 | 000,001,551 | ---- | C] () -- C:\Users\Probst\Desktop\alles Fotos!.lnk
[2012.05.25 18:25:54 | 000,033,278 | ---- | C] () -- C:\Users\Probst\Desktop\1337963144.png
[2012.05.23 10:32:25 | 000,031,855 | ---- | C] () -- C:\Users\Probst\Desktop\63100466.jpg
[2012.05.20 09:48:28 | 000,060,628 | ---- | C] () -- C:\Users\Probst\Desktop\544990_3046960464134_1566850012_32019765_1204281814_n.jpg
[2012.05.17 22:42:32 | 000,266,189 | ---- | C] () -- C:\Users\Probst\Documents\Rentenkontoänderung.pdf
[2012.05.07 19:36:03 | 000,021,607 | ---- | C] () -- C:\Users\Probst\Desktop\Brief Agaplesion HDV.odt
[2012.05.07 18:25:48 | 000,012,794 | ---- | C] () -- C:\Users\Probst\Desktop\ESt2010_Probst_Gisela.elfo
[2012.04.29 14:50:07 | 000,003,584 | ---- | C] () -- C:\Users\Probst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.15 04:03:07 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.01.29 01:28:38 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.01.29 01:28:37 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.01.29 01:28:37 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.01.29 01:28:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.01.28 16:55:12 | 000,000,680 | ---- | C] () -- C:\Users\Probst\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.04.12 11:12:18 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\DiskAid
[2012.05.06 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\elsterformular
[2012.02.09 16:32:40 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\OpenOffice.org
[2012.06.04 23:22:02 | 000,023,060 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.05 12:06:34 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1FD4C116-C35B-4387-BE04-E7F612D8B48B}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.29 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\Adobe
[2012.02.10 22:52:17 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\Apple Computer
[2012.04.12 11:12:18 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\DiskAid
[2012.05.06 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\elsterformular
[2012.01.28 16:55:19 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\Identities
[2012.01.28 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\InstallShield
[2012.01.28 17:13:52 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\Macromedia
[2012.06.03 13:51:23 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\Malwarebytes
[2012.02.10 22:02:12 | 000,000,000 | --SD | M] -- C:\Users\Probst\AppData\Roaming\Microsoft
[2012.01.29 13:38:50 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\Mozilla
[2012.02.09 16:32:40 | 000,000,000 | ---D | M] -- C:\Users\Probst\AppData\Roaming\OpenOffice.org
 
< %APPDATA%\*.exe /s >
[2011.10.18 08:05:52 | 000,262,144 | ---- | M] (Simon Tatham) -- C:\Users\Probst\AppData\Roaming\Wrukug.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.05.30 18:21:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2007.05.30 18:21:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.05.30 18:21:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2007.05.30 18:21:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\drivers\atapi.sys
[2007.05.30 18:21:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.05.30 18:21:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows.old\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows.old\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2012.01.30 04:05:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows.old\Windows\System32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2012.01.30 04:05:12 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2012.01.30 04:05:12 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows.old\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.01.30 14:12:46 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.01.30 14:12:46 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

< End of report >
--- --- ---


Sollte ich die ext.Festplatte anschließen während OTL??? :confused:
Habe sie normalerweise nicht dranhängen, musst mir dann sagen, wenn ich diese auch anschliessen muss!!!
Lieben Dank! :bussi:

cosinus 06.06.2012 14:14
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
[2012.03.08 16:33:36 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.03.08 16:33:16 | 000,003,915 | ---- | M] () -- C:\Users\Probst\AppData\Roaming\Mozilla\Firefox\Profiles\1qzkdlqf.default\searchplugins\sweetim.xml
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.6.3\PriceGongIE.dll (PriceGong)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-1455211030-1693310712-2958512065-1000..\Run: [Wrukug] C:\Users\Probst\AppData\Roaming\Wrukug.exe (Simon Tatham)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\Probst\AppData\Roaming\Wrukug.exe
C:\Programme\SweetIM
C:\Programme\PriceGong
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

roterengel24 06.06.2012 21:19
Hier das Logfile, nachdem der Rechner Neustart gemacht hat:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1455211030-1693310712-2958512065-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\components folder moved successfully.
C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin folder moved successfully.
C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US folder moved successfully.
C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale folder moved successfully.
C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content folder moved successfully.
C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome folder moved successfully.
C:\Users\Probst\AppData\Roaming\mozilla\Firefox\Profiles\1qzkdlqf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} folder moved successfully.
C:\Users\Probst\AppData\Roaming\Mozilla\Firefox\Profiles\1qzkdlqf.default\searchplugins\sweetim.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Programme\PriceGong\2.6.3\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-1455211030-1693310712-2958512065-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Programme\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1455211030-1693310712-2958512065-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wrukug deleted successfully.
C:\Users\Probst\AppData\Roaming\Wrukug.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
File\Folder C:\Users\Probst\AppData\Roaming\Wrukug.exe not found.
File\Folder C:\Programme\SweetIM not found.
File\Folder C:\Programme\PriceGong not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Probst
->Temp folder emptied: 77272897 bytes
->Temporary Internet Files folder emptied: 31319867 bytes
->Java cache emptied: 1891180 bytes
->FireFox cache emptied: 902351339 bytes
->Google Chrome cache emptied: 14163968 bytes
->Flash cache emptied: 96410 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15467777 bytes
RecycleBin emptied: 212599639 bytes
 
Total Files Cleaned = 1.197,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Probst
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.1 log created on 06062012_215822

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 07.06.2012 14:44
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

roterengel24 09.06.2012 09:27
Hallo Arne, hier das Log

Code:
10:14:36.0598 1040        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:14:37.0053 1040        ============================================================
10:14:37.0053 1040        Current date / time: 2012/06/09 10:14:37.0053
10:14:37.0053 1040        SystemInfo:
10:14:37.0053 1040       
10:14:37.0054 1040        OS Version: 6.0.6000 ServicePack: 0.0
10:14:37.0054 1040        Product type: Workstation
10:14:37.0054 1040        ComputerName: PROBST-PC
10:14:37.0054 1040        UserName: Probst
10:14:37.0054 1040        Windows directory: C:\Windows
10:14:37.0054 1040        System windows directory: C:\Windows
10:14:37.0054 1040        Processor architecture: Intel x86
10:14:37.0054 1040        Number of processors: 2
10:14:37.0054 1040        Page size: 0x1000
10:14:37.0054 1040        Boot type: Normal boot
10:14:37.0054 1040        ============================================================
10:14:39.0054 1040        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:14:39.0081 1040        ============================================================
10:14:39.0081 1040        \Device\Harddisk0\DR0:
10:14:39.0090 1040        MBR partitions:
10:14:39.0090 1040        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x404000, BlocksNum 0xDB90000
10:14:39.0090 1040        ============================================================
10:14:39.0127 1040        C: <-> \Device\Harddisk0\DR0\Partition0
10:14:39.0127 1040        ============================================================
10:14:39.0127 1040        Initialize success
10:14:39.0127 1040        ============================================================
10:18:11.0205 3660        ============================================================
10:18:11.0205 3660        Scan started
10:18:11.0205 3660        Mode: Manual; SigCheck; TDLFS;
10:18:11.0205 3660        ============================================================
10:18:11.0736 3660        ACPI            (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
10:18:11.0907 3660        ACPI - ok
10:18:12.0048 3660        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:18:12.0048 3660        AdobeARMservice - ok
10:18:12.0095 3660        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:18:12.0157 3660        adp94xx - ok
10:18:12.0219 3660        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:18:12.0251 3660        adpahci - ok
10:18:12.0266 3660        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:18:12.0282 3660        adpu160m - ok
10:18:12.0313 3660        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:18:12.0329 3660        adpu320 - ok
10:18:12.0375 3660        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:18:12.0578 3660        AeLookupSvc - ok
10:18:12.0609 3660        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
10:18:12.0750 3660        AFD - ok
10:18:12.0765 3660        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:18:12.0797 3660        aic78xx - ok
10:18:12.0812 3660        ALG            (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
10:18:12.0906 3660        ALG - ok
10:18:12.0937 3660        aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
10:18:12.0953 3660        aliide - ok
10:18:12.0968 3660        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:18:12.0984 3660        amdagp - ok
10:18:12.0999 3660        amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
10:18:13.0015 3660        amdide - ok
10:18:13.0031 3660        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:18:13.0124 3660        AmdK7 - ok
10:18:13.0140 3660        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:18:13.0202 3660        AmdK8 - ok
10:18:13.0233 3660        Appinfo        (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
10:18:13.0343 3660        Appinfo - ok
10:18:13.0421 3660        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:18:13.0421 3660        Apple Mobile Device - ok
10:18:13.0452 3660        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:18:13.0467 3660        arc - ok
10:18:13.0483 3660        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:18:13.0499 3660        arcsas - ok
10:18:13.0514 3660        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
10:18:13.0608 3660        AsyncMac - ok
10:18:13.0623 3660        atapi          (78620bda3ec87816e5d1fa86f920bc3a) C:\Windows\system32\drivers\atapi.sys
10:18:13.0623 3660        atapi - ok
10:18:13.0733 3660        athr            (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
10:18:13.0826 3660        athr - ok
10:18:13.0904 3660        AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
10:18:13.0998 3660        AudioEndpointBuilder - ok
10:18:14.0013 3660        Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
10:18:14.0107 3660        Audiosrv - ok
10:18:14.0154 3660        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
10:18:14.0216 3660        Beep - ok
10:18:14.0279 3660        BFE            (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
10:18:14.0372 3660        BFE - ok
10:18:14.0466 3660        BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
10:18:14.0559 3660        BITS - ok
10:18:14.0575 3660        blbdrive - ok
10:18:14.0669 3660        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:18:14.0700 3660        Bonjour Service - ok
10:18:14.0762 3660        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
10:18:14.0840 3660        bowser - ok
10:18:14.0871 3660        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:18:14.0981 3660        BrFiltLo - ok
10:18:14.0981 3660        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:18:15.0090 3660        BrFiltUp - ok
10:18:15.0121 3660        Browser        (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
10:18:15.0215 3660        Browser - ok
10:18:15.0261 3660        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:18:15.0355 3660        Brserid - ok
10:18:15.0371 3660        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:18:15.0449 3660        BrSerWdm - ok
10:18:15.0449 3660        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:18:15.0527 3660        BrUsbMdm - ok
10:18:15.0542 3660        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:18:15.0605 3660        BrUsbSer - ok
10:18:15.0620 3660        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:18:15.0698 3660        BTHMODEM - ok
10:18:15.0714 3660        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
10:18:15.0807 3660        cdfs - ok
10:18:15.0823 3660        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
10:18:15.0885 3660        cdrom - ok
10:18:15.0917 3660        CertPropSvc    (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
10:18:15.0995 3660        CertPropSvc - ok
10:18:16.0010 3660        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:18:16.0073 3660        circlass - ok
10:18:16.0119 3660        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
10:18:16.0151 3660        CLFS - ok
10:18:16.0229 3660        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:18:16.0244 3660        clr_optimization_v2.0.50727_32 - ok
10:18:16.0275 3660        CmBatt          (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
10:18:16.0369 3660        CmBatt - ok
10:18:16.0385 3660        cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
10:18:16.0400 3660        cmdide - ok
10:18:16.0431 3660        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
10:18:16.0431 3660        Compbatt - ok
10:18:16.0447 3660        COMSysApp - ok
10:18:16.0463 3660        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:18:16.0478 3660        crcdisk - ok
10:18:16.0494 3660        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:18:16.0572 3660        Crusoe - ok
10:18:16.0619 3660        CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
10:18:16.0697 3660        CryptSvc - ok
10:18:16.0759 3660        DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
10:18:16.0853 3660        DcomLaunch - ok
10:18:16.0946 3660        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
10:18:17.0118 3660        DfsC - ok
10:18:17.0321 3660        DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
10:18:17.0570 3660        DFSR - ok
10:18:17.0711 3660        Dhcp            (17210d8064ec116a3fc6b5e45e577d43) C:\Windows\System32\dhcpcsvc.dll
10:18:17.0835 3660        Dhcp - ok
10:18:17.0867 3660        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
10:18:17.0898 3660        disk - ok
10:18:17.0929 3660        Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
10:18:17.0991 3660        Dnscache - ok
10:18:18.0023 3660        dot3svc        (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
10:18:18.0194 3660        dot3svc - ok
10:18:18.0241 3660        DPS            (8ef243e3baf1ab4f6202edeb8890319b) C:\Windows\system32\dps.dll
10:18:18.0397 3660        DPS - ok
10:18:18.0428 3660        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
10:18:18.0569 3660        drmkaud - ok
10:18:18.0647 3660        DXGKrnl        (a5b34136e84acfc61cbc44f3f64e0666) C:\Windows\System32\drivers\dxgkrnl.sys
10:18:18.0771 3660        DXGKrnl - ok
10:18:18.0818 3660        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:18:18.0959 3660        E1G60 - ok
10:18:19.0083 3660        EapHost        (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
10:18:19.0224 3660        EapHost - ok
10:18:19.0255 3660        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
10:18:19.0286 3660        Ecache - ok
10:18:19.0349 3660        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:18:19.0380 3660        elxstor - ok
10:18:19.0458 3660        EMDMgmt        (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
10:18:19.0583 3660        EMDMgmt - ok
10:18:19.0661 3660        EventSystem    (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
10:18:19.0754 3660        EventSystem - ok
10:18:19.0785 3660        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
10:18:19.0895 3660        fastfat - ok
10:18:19.0910 3660        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:18:19.0988 3660        fdc - ok
10:18:20.0004 3660        fdPHost        (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
10:18:20.0082 3660        fdPHost - ok
10:18:20.0097 3660        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:18:20.0175 3660        FDResPub - ok
10:18:20.0222 3660        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
10:18:20.0238 3660        FileInfo - ok
10:18:20.0253 3660        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
10:18:20.0331 3660        Filetrace - ok
10:18:20.0363 3660        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:18:20.0441 3660        flpydisk - ok
10:18:20.0456 3660        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
10:18:20.0472 3660        FltMgr - ok
10:18:20.0550 3660        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:18:20.0550 3660        FontCache3.0.0.0 - ok
10:18:20.0581 3660        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
10:18:20.0628 3660        Fs_Rec - ok
10:18:20.0659 3660        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:18:20.0675 3660        gagp30kx - ok
10:18:20.0690 3660        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:18:20.0706 3660        GEARAspiWDM - ok
10:18:20.0768 3660        gpsvc          (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
10:18:20.0877 3660        gpsvc - ok
10:18:21.0018 3660        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:18:21.0049 3660        gusvc - ok
10:18:21.0143 3660        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:18:21.0252 3660        HdAudAddService - ok
10:18:21.0299 3660        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:18:21.0361 3660        HDAudBus - ok
10:18:21.0392 3660        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:18:21.0486 3660        HidBth - ok
10:18:21.0501 3660        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:18:21.0611 3660        HidIr - ok
10:18:21.0657 3660        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
10:18:21.0767 3660        hidserv - ok
10:18:21.0782 3660        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
10:18:21.0891 3660        HidUsb - ok
10:18:21.0923 3660        hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
10:18:22.0001 3660        hkmsvc - ok
10:18:22.0032 3660        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:18:22.0047 3660        HpCISSs - ok
10:18:22.0094 3660        HTTP            (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys
10:18:22.0235 3660        HTTP - ok
10:18:22.0281 3660        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:18:22.0297 3660        i2omp - ok
10:18:22.0344 3660        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
10:18:22.0391 3660        i8042prt - ok
10:18:22.0453 3660        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:18:22.0469 3660        iaStorV - ok
10:18:22.0593 3660        idsvc          (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:18:22.0687 3660        idsvc - ok
10:18:22.0703 3660        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:18:22.0718 3660        iirsp - ok
10:18:22.0765 3660        IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
10:18:22.0921 3660        IKEEXT - ok
10:18:22.0968 3660        intelide        (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
10:18:22.0983 3660        intelide - ok
10:18:22.0999 3660        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
10:18:23.0108 3660        intelppm - ok
10:18:23.0155 3660        IPBusEnum      (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
10:18:23.0280 3660        IPBusEnum - ok
10:18:23.0311 3660        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:18:23.0420 3660        IpFilterDriver - ok
10:18:23.0467 3660        iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
10:18:23.0529 3660        iphlpsvc - ok
10:18:23.0545 3660        IpInIp - ok
10:18:23.0576 3660        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:18:23.0670 3660        IPMIDRV - ok
10:18:23.0685 3660        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
10:18:23.0795 3660        IPNAT - ok
10:18:23.0904 3660        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
10:18:24.0013 3660        iPod Service - ok
10:18:24.0013 3660        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
10:18:24.0122 3660        IRENUM - ok
10:18:24.0200 3660        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:18:24.0216 3660        isapnp - ok
10:18:24.0263 3660        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
10:18:24.0294 3660        iScsiPrt - ok
10:18:24.0294 3660        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:18:24.0309 3660        iteatapi - ok
10:18:24.0325 3660        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:18:24.0341 3660        iteraid - ok
10:18:24.0387 3660        JRAID          (222e263cc06e47bda386fe19b88e8583) C:\Windows\system32\drivers\jraid.sys
10:18:24.0403 3660        JRAID - ok
10:18:24.0450 3660        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
10:18:24.0450 3660        kbdclass - ok
10:18:24.0481 3660        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
10:18:24.0543 3660        kbdhid - ok
10:18:24.0575 3660        KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:18:24.0621 3660        KeyIso - ok
10:18:24.0668 3660        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
10:18:24.0715 3660        KSecDD - ok
10:18:24.0793 3660        KtmRm          (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
10:18:24.0902 3660        KtmRm - ok
10:18:24.0933 3660        LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
10:18:25.0027 3660        LanmanServer - ok
10:18:25.0089 3660        LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
10:18:25.0121 3660        LanmanWorkstation - ok
10:18:25.0167 3660        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
10:18:25.0292 3660        lltdio - ok
10:18:25.0323 3660        lltdsvc        (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
10:18:25.0448 3660        lltdsvc - ok
10:18:25.0464 3660        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:18:25.0589 3660        lmhosts - ok
10:18:25.0635 3660        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:18:25.0651 3660        LSI_FC - ok
10:18:25.0667 3660        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:18:25.0698 3660        LSI_SAS - ok
10:18:25.0713 3660        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:18:25.0729 3660        LSI_SCSI - ok
10:18:25.0760 3660        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
10:18:25.0869 3660        luafv - ok
10:18:25.0947 3660        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:18:25.0994 3660        MBAMProtector - ok
10:18:26.0103 3660        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:18:26.0181 3660        MBAMService - ok
10:18:26.0228 3660        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:18:26.0259 3660        megasas - ok
10:18:26.0291 3660        MMCSS          (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
10:18:26.0447 3660        MMCSS - ok
10:18:26.0447 3660        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
10:18:26.0525 3660        Modem - ok
10:18:26.0556 3660        monitor        (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
10:18:26.0634 3660        monitor - ok
10:18:26.0665 3660        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
10:18:26.0665 3660        mouclass - ok
10:18:26.0696 3660        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
10:18:26.0743 3660        mouhid - ok
10:18:26.0774 3660        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
10:18:26.0790 3660        MountMgr - ok
10:18:26.0837 3660        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:18:26.0852 3660        MozillaMaintenance - ok
10:18:26.0883 3660        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:18:26.0899 3660        mpio - ok
10:18:26.0930 3660        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
10:18:26.0961 3660        mpsdrv - ok
10:18:27.0008 3660        MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
10:18:27.0071 3660        MpsSvc - ok
10:18:27.0133 3660        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:18:27.0149 3660        Mraid35x - ok
10:18:27.0180 3660        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
10:18:27.0227 3660        MRxDAV - ok
10:18:27.0258 3660        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:18:27.0289 3660        mrxsmb - ok
10:18:27.0320 3660        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:18:27.0367 3660        mrxsmb10 - ok
10:18:27.0383 3660        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:18:27.0429 3660        mrxsmb20 - ok
10:18:27.0461 3660        msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
10:18:27.0476 3660        msahci - ok
10:18:27.0492 3660        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:18:27.0507 3660        msdsm - ok
10:18:27.0554 3660        MSDTC          (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
10:18:27.0601 3660        MSDTC - ok
10:18:27.0632 3660        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
10:18:27.0741 3660        Msfs - ok
10:18:27.0773 3660        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
10:18:27.0788 3660        msisadrv - ok
10:18:27.0819 3660        MSiSCSI        (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
10:18:27.0960 3660        MSiSCSI - ok
10:18:27.0975 3660        msiserver - ok
10:18:27.0975 3660        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
10:18:28.0069 3660        MSKSSRV - ok
10:18:28.0085 3660        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
10:18:28.0163 3660        MSPCLOCK - ok
10:18:28.0178 3660        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
10:18:28.0256 3660        MSPQM - ok
10:18:28.0287 3660        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
10:18:28.0319 3660        MsRPC - ok
10:18:28.0350 3660        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
10:18:28.0350 3660        mssmbios - ok
10:18:28.0365 3660        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
10:18:28.0443 3660        MSTEE - ok
10:18:28.0459 3660        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
10:18:28.0475 3660        Mup - ok
10:18:28.0521 3660        napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
10:18:28.0615 3660        napagent - ok
10:18:28.0646 3660        NativeWifiP    (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
10:18:28.0677 3660        NativeWifiP - ok
10:18:28.0740 3660        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
10:18:28.0787 3660        NDIS - ok
10:18:28.0849 3660        NdisTapi        (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
10:18:28.0927 3660        NdisTapi - ok
10:18:28.0958 3660        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
10:18:29.0021 3660        Ndisuio - ok
10:18:29.0036 3660        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
10:18:29.0130 3660        NdisWan - ok
10:18:29.0223 3660        NDProxy        (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
10:18:29.0333 3660        NDProxy - ok
10:18:29.0379 3660        Netaapl        (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
10:18:29.0411 3660        Netaapl - ok
10:18:29.0457 3660        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
10:18:29.0551 3660        NetBIOS - ok
10:18:30.0253 3660        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
10:18:30.0393 3660        netbt - ok
10:18:30.0440 3660        Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:18:30.0456 3660        Netlogon - ok
10:18:30.0487 3660        Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
10:18:30.0565 3660        Netman - ok
10:18:30.0596 3660        netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
10:18:30.0690 3660        netprofm - ok
10:18:30.0752 3660        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:18:30.0768 3660        NetTcpPortSharing - ok
10:18:30.0815 3660        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:18:30.0830 3660        nfrd960 - ok
10:18:30.0877 3660        NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
10:18:30.0971 3660        NlaSvc - ok
10:18:31.0002 3660        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
10:18:31.0080 3660        Npfs - ok
10:18:31.0111 3660        nsi            (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
10:18:31.0205 3660        nsi - ok
10:18:31.0236 3660        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
10:18:31.0329 3660        nsiproxy - ok
10:18:31.0423 3660        Ntfs            (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
10:18:31.0517 3660        Ntfs - ok
10:18:31.0532 3660        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:18:31.0626 3660        ntrigdigi - ok
10:18:31.0641 3660        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
10:18:31.0735 3660        Null - ok
10:18:31.0751 3660        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
10:18:31.0797 3660        nvraid - ok
10:18:31.0813 3660        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
10:18:31.0860 3660        nvstor - ok
10:18:31.0875 3660        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:18:31.0891 3660        nv_agp - ok
10:18:31.0891 3660        NwlnkFlt - ok
10:18:31.0907 3660        NwlnkFwd - ok
10:18:31.0969 3660        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:18:32.0063 3660        ohci1394 - ok
10:18:32.0156 3660        p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:18:32.0250 3660        p2pimsvc - ok
10:18:32.0281 3660        p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:18:32.0343 3660        p2psvc - ok
10:18:32.0390 3660        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:18:32.0546 3660        Parport - ok
10:18:32.0640 3660        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
10:18:32.0655 3660        partmgr - ok
10:18:32.0655 3660        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:18:32.0749 3660        Parvdm - ok
10:18:32.0765 3660        PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
10:18:32.0796 3660        PcaSvc - ok
10:18:32.0827 3660        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
10:18:32.0843 3660        pci - ok
10:18:32.0874 3660        pciide          (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
10:18:32.0889 3660        pciide - ok
10:18:32.0921 3660        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:18:32.0936 3660        pcmcia - ok
10:18:33.0014 3660        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:18:33.0233 3660        PEAUTH - ok
10:18:33.0420 3660        pla            (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
10:18:33.0669 3660        pla - ok
10:18:33.0716 3660        PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
10:18:33.0779 3660        PlugPlay - ok
10:18:33.0872 3660        PNRPAutoReg    (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:18:33.0966 3660        PNRPAutoReg - ok
10:18:33.0997 3660        PNRPsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:18:34.0044 3660        PNRPsvc - ok
10:18:34.0106 3660        PolicyAgent    (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
10:18:34.0200 3660        PolicyAgent - ok
10:18:34.0278 3660        PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
10:18:34.0418 3660        PptpMiniport - ok
10:18:34.0434 3660        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:18:34.0512 3660        Processor - ok
10:18:34.0543 3660        ProfSvc        (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
10:18:34.0637 3660        ProfSvc - ok
10:18:34.0652 3660        ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:18:34.0668 3660        ProtectedStorage - ok
10:18:34.0699 3660        PSched          (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
10:18:34.0793 3660        PSched - ok
10:18:34.0886 3660        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:18:34.0964 3660        ql2300 - ok
10:18:34.0980 3660        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:18:34.0995 3660        ql40xx - ok
10:18:35.0027 3660        QWAVE          (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
10:18:35.0058 3660        QWAVE - ok
10:18:35.0073 3660        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
10:18:35.0136 3660        QWAVEdrv - ok
10:18:35.0151 3660        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
10:18:35.0276 3660        RasAcd - ok
10:18:35.0292 3660        RasAuto        (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
10:18:35.0385 3660        RasAuto - ok
10:18:35.0417 3660        Rasl2tp        (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:18:35.0495 3660        Rasl2tp - ok
10:18:35.0526 3660        RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
10:18:35.0619 3660        RasMan - ok
10:18:35.0635 3660        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
10:18:35.0697 3660        RasPppoe - ok
10:18:35.0744 3660        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
10:18:35.0822 3660        rdbss - ok
10:18:35.0869 3660        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:18:35.0931 3660        RDPCDD - ok
10:18:35.0978 3660        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:18:36.0056 3660        rdpdr - ok
10:18:36.0072 3660        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
10:18:36.0165 3660        RDPENCDD - ok
10:18:36.0181 3660        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
10:18:36.0275 3660        RDPWD - ok
10:18:36.0321 3660        RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
10:18:36.0399 3660        RemoteAccess - ok
10:18:36.0431 3660        RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
10:18:36.0509 3660        RemoteRegistry - ok
10:18:36.0524 3660        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:18:36.0555 3660        RpcLocator - ok
10:18:36.0602 3660        RpcSs          (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
10:18:36.0633 3660        RpcSs - ok
10:18:36.0665 3660        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
10:18:36.0727 3660        rspndr - ok
10:18:36.0758 3660        SamSs          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:18:36.0774 3660        SamSs - ok
10:18:36.0789 3660        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:18:36.0805 3660        sbp2port - ok
10:18:36.0821 3660        SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
10:18:36.0899 3660        SCardSvr - ok
10:18:36.0945 3660        Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
10:18:37.0023 3660        Schedule - ok
10:18:37.0070 3660        SCPolicySvc    (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
10:18:37.0148 3660        SCPolicySvc - ok
10:18:37.0164 3660        SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
10:18:37.0211 3660        SDRSVC - ok
10:18:37.0257 3660        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:18:37.0335 3660        secdrv - ok
10:18:37.0351 3660        seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
10:18:37.0445 3660        seclogon - ok
10:18:37.0476 3660        SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
10:18:37.0554 3660        SENS - ok
10:18:37.0585 3660        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:18:37.0647 3660        Serenum - ok
10:18:37.0663 3660        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:18:37.0725 3660        Serial - ok
10:18:37.0757 3660        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
10:18:37.0772 3660        sermouse - ok
10:18:37.0819 3660        SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
10:18:37.0913 3660        SessionEnv - ok
10:18:37.0913 3660        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:18:38.0022 3660        sffdisk - ok
10:18:38.0022 3660        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:18:38.0115 3660        sffp_mmc - ok
10:18:38.0115 3660        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:18:38.0193 3660        sffp_sd - ok
10:18:38.0193 3660        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:18:38.0271 3660        sfloppy - ok
10:18:38.0318 3660        SharedAccess    (11aac56c04d26195d21c4f5229db4726) C:\Windows\System32\ipnathlp.dll
10:18:38.0396 3660        SharedAccess - ok
10:18:38.0427 3660        ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
10:18:38.0505 3660        ShellHWDetection - ok
10:18:38.0568 3660        SiS6350        (7d507bc2140c905c28d0ee0cb1f3490f) C:\Windows\system32\DRIVERS\SISGRKMD.sys
10:18:38.0646 3660        SiS6350 - ok
10:18:38.0677 3660        SISAGP          (c735cbbbc26c1d33c6d7aeb2aa65a52a) C:\Windows\system32\DRIVERS\SISAGPX.sys
10:18:38.0677 3660        SISAGP - ok
10:18:38.0708 3660        SiSGbeLH        (7a83ba25421c3254b4a133f2ec7c46ad) C:\Windows\system32\DRIVERS\SiSGB6.sys
10:18:38.0739 3660        SiSGbeLH - ok
10:18:38.0771 3660        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:18:38.0786 3660        SiSRaid2 - ok
10:18:38.0802 3660        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:18:38.0817 3660        SiSRaid4 - ok
10:18:39.0020 3660        slsvc          (7610645679bb5994210d21a347e0c479) C:\Windows\system32\SLsvc.exe
10:18:39.0270 3660        slsvc - ok
10:18:39.0379 3660        SLUINotify      (49670f3e42a0178a0ab425ae15d88e7c) C:\Windows\system32\SLUINotify.dll
10:18:39.0519 3660        SLUINotify - ok
10:18:39.0597 3660        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
10:18:39.0660 3660        Smb - ok
10:18:39.0691 3660        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:18:39.0707 3660        SNMPTRAP - ok
10:18:39.0722 3660        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
10:18:39.0738 3660        spldr - ok
10:18:39.0753 3660        Spooler        (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
10:18:39.0769 3660        Spooler - ok
10:18:39.0816 3660        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
10:18:39.0863 3660        srv - ok
10:18:39.0894 3660        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
10:18:39.0925 3660        srv2 - ok
10:18:39.0941 3660        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
10:18:39.0956 3660        srvnet - ok
10:18:39.0987 3660        SSDPSRV        (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
10:18:40.0081 3660        SSDPSRV - ok
10:18:40.0143 3660        stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
10:18:40.0206 3660        stisvc - ok
10:18:40.0268 3660        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
10:18:40.0284 3660        swenum - ok
10:18:40.0331 3660        swprv          (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
10:18:40.0409 3660        swprv - ok
10:18:40.0424 3660        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:18:40.0440 3660        Symc8xx - ok
10:18:40.0455 3660        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:18:40.0471 3660        Sym_hi - ok
10:18:40.0487 3660        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:18:40.0502 3660        Sym_u3 - ok
10:18:40.0565 3660        SysMain        (c1fdff9afd8c6c905485981b41dcfb40) C:\Windows\system32\sysmain.dll
10:18:40.0736 3660        SysMain - ok
10:18:40.0767 3660        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:18:40.0814 3660        TabletInputService - ok
10:18:40.0861 3660        TapiSrv        (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
10:18:40.0986 3660        TapiSrv - ok
10:18:41.0391 3660        TBS            (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
10:18:41.0563 3660        TBS - ok
10:18:42.0156 3660        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
10:18:42.0296 3660        Tcpip - ok
10:18:42.0327 3660        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
10:18:42.0405 3660        Tcpip6 - ok
10:18:42.0468 3660        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
10:18:42.0608 3660        tcpipreg - ok
10:18:42.0655 3660        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
10:18:42.0717 3660        TDPIPE - ok
10:18:42.0717 3660        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
10:18:42.0811 3660        TDTCP - ok
10:18:42.0951 3660        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
10:18:43.0029 3660        tdx - ok
10:18:43.0045 3660        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
10:18:43.0076 3660        TermDD - ok
10:18:43.0123 3660        TermService    (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
10:18:43.0263 3660        TermService - ok
10:18:43.0778 3660        Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
10:18:43.0809 3660        Themes - ok
10:18:43.0919 3660        THREADORDER    (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
10:18:44.0028 3660        THREADORDER - ok
10:18:44.0090 3660        TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
10:18:44.0168 3660        TrkWks - ok
10:18:44.0480 3660        TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
10:18:44.0511 3660        TrustedInstaller - ok
10:18:44.0543 3660        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:18:44.0636 3660        tssecsrv - ok
10:18:44.0667 3660        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
10:18:44.0683 3660        tunmp - ok
10:18:44.0699 3660        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
10:18:44.0730 3660        tunnel - ok
10:18:44.0761 3660        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
10:18:44.0777 3660        uagp35 - ok
10:18:44.0808 3660        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
10:18:44.0901 3660        udfs - ok
10:18:44.0933 3660        UI0Detect      (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
10:18:44.0948 3660        UI0Detect - ok
10:18:44.0979 3660        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:18:44.0995 3660        uliagpkx - ok
10:18:45.0026 3660        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:18:45.0042 3660        uliahci - ok
10:18:45.0073 3660        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:18:45.0089 3660        UlSata - ok
10:18:45.0104 3660        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:18:45.0120 3660        ulsata2 - ok
10:18:45.0151 3660        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
10:18:45.0245 3660        umbus - ok
10:18:45.0276 3660        upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
10:18:45.0385 3660        upnphost - ok
10:18:45.0432 3660        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
10:18:45.0494 3660        USBAAPL - ok
10:18:45.0510 3660        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
10:18:45.0588 3660        usbccgp - ok
10:18:45.0619 3660        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:18:45.0713 3660        usbcir - ok
10:18:45.0744 3660        usbehci        (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
10:18:45.0806 3660        usbehci - ok
10:18:45.0853 3660        usbhub          (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
10:18:45.0931 3660        usbhub - ok
10:18:45.0947 3660        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
10:18:46.0040 3660        usbohci - ok
10:18:46.0056 3660        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
10:18:46.0149 3660        usbprint - ok
10:18:46.0196 3660        usbscan        (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
10:18:46.0274 3660        usbscan - ok
10:18:46.0337 3660        USBSTOR        (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:18:46.0415 3660        USBSTOR - ok
10:18:46.0446 3660        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
10:18:46.0508 3660        usbuhci - ok
10:18:46.0539 3660        UxSms          (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
10:18:46.0649 3660        UxSms - ok
10:18:47.0397 3660        vds            (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
10:18:47.0475 3660        vds - ok
10:18:47.0522 3660        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:18:47.0647 3660        vga - ok
10:18:47.0678 3660        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
10:18:47.0741 3660        VgaSave - ok
10:18:47.0803 3660        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:18:47.0850 3660        viaagp - ok
10:18:47.0865 3660        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:18:47.0943 3660        ViaC7 - ok
10:18:47.0943 3660        viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
10:18:47.0959 3660        viaide - ok
10:18:47.0990 3660        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
10:18:47.0990 3660        volmgr - ok
10:18:48.0021 3660        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
10:18:48.0053 3660        volmgrx - ok
10:18:48.0068 3660        volsnap        (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
10:18:48.0099 3660        volsnap - ok
10:18:48.0115 3660        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:18:48.0131 3660        vsmraid - ok
10:18:48.0552 3660        VSS            (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
10:18:48.0645 3660        VSS - ok
10:18:48.0692 3660        W32Time        (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
10:18:48.0833 3660        W32Time - ok
10:18:48.0848 3660        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:18:48.0957 3660        WacomPen - ok
10:18:48.0973 3660        Wanarp          (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
10:18:49.0051 3660        Wanarp - ok
10:18:49.0067 3660        Wanarpv6        (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
10:18:49.0129 3660        Wanarpv6 - ok
10:18:49.0160 3660        wcncsvc        (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
10:18:49.0191 3660        wcncsvc - ok
10:18:49.0223 3660        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:18:49.0301 3660        WcsPlugInService - ok
10:18:49.0301 3660        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:18:49.0316 3660        Wd - ok
10:18:49.0379 3660        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:18:49.0441 3660        Wdf01000 - ok
10:18:49.0457 3660        WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
10:18:49.0503 3660        WdiServiceHost - ok
10:18:49.0503 3660        WdiSystemHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
10:18:49.0535 3660        WdiSystemHost - ok
10:18:49.0566 3660        WebClient      (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
10:18:49.0597 3660        WebClient - ok
10:18:49.0628 3660        Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
10:18:49.0737 3660        Wecsvc - ok
10:18:49.0769 3660        wercplsupport  (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
10:18:49.0847 3660        wercplsupport - ok
10:18:49.0862 3660        WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
10:18:49.0940 3660        WerSvc - ok
10:18:50.0018 3660        WinDefend      (ec0180032c6d201ef26fad1a0c14e674) C:\Program Files\Windows Defender\mpsvc.dll
10:18:50.0049 3660        WinDefend - ok
10:18:50.0065 3660        WinHttpAutoProxySvc - ok
10:18:50.0127 3660        Winmgmt        (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
10:18:50.0205 3660        Winmgmt - ok
10:18:50.0268 3660        WinRM          (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
10:18:50.0361 3660        WinRM - ok
10:18:50.0439 3660        Wlansvc        (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
10:18:50.0517 3660        Wlansvc - ok
10:18:50.0580 3660        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:18:50.0658 3660        WmiAcpi - ok
10:18:50.0705 3660        wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
10:18:50.0720 3660        wmiApSrv - ok
10:18:50.0845 3660        WMPNetworkSvc  (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:18:50.0985 3660        WMPNetworkSvc - ok
10:18:51.0017 3660        WPCSvc          (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
10:18:51.0063 3660        WPCSvc - ok
10:18:51.0095 3660        WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
10:18:51.0157 3660        WPDBusEnum - ok
10:18:51.0219 3660        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
10:18:51.0313 3660        WpdUsb - ok
10:18:51.0344 3660        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
10:18:51.0422 3660        ws2ifsl - ok
10:18:51.0453 3660        wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
10:18:51.0469 3660        wscsvc - ok
10:18:51.0485 3660        WSearch - ok
10:18:51.0641 3660        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:18:51.0843 3660        wuauserv - ok
10:18:51.0968 3660        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:18:52.0062 3660        WUDFRd - ok
10:18:52.0109 3660        wudfsvc        (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
10:18:52.0202 3660        wudfsvc - ok
10:18:52.0265 3660        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:18:52.0655 3660        \Device\Harddisk0\DR0 - ok
10:18:52.0670 3660        Boot (0x1200)  (b3a81c6b1ecc7367b1a2a72c889a188f) \Device\Harddisk0\DR0\Partition0
10:18:52.0670 3660        \Device\Harddisk0\DR0\Partition0 - ok
10:18:52.0670 3660        ============================================================
10:18:52.0670 3660        Scan finished
10:18:52.0670 3660        ============================================================
10:18:52.0717 2512        Detected object count: 0
10:18:52.0717 2512        Actual detected object count: 0
10:20:46.0732 0668        ============================================================
10:20:46.0732 0668        Scan started
10:20:46.0732 0668        Mode: Manual; SigCheck; TDLFS;
10:20:46.0732 0668        ============================================================
10:20:47.0137 0668        ACPI            (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
10:20:47.0200 0668        ACPI - ok
10:20:47.0262 0668        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:20:47.0293 0668        AdobeARMservice - ok
10:20:47.0340 0668        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:20:47.0387 0668        adp94xx - ok
10:20:47.0434 0668        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:20:47.0465 0668        adpahci - ok
10:20:47.0481 0668        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:20:47.0496 0668        adpu160m - ok
10:20:47.0527 0668        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:20:47.0543 0668        adpu320 - ok
10:20:47.0590 0668        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:20:47.0652 0668        AeLookupSvc - ok
10:20:47.0683 0668        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
10:20:47.0761 0668        AFD - ok
10:20:47.0777 0668        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:20:47.0808 0668        aic78xx - ok
10:20:47.0824 0668        ALG            (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
10:20:47.0839 0668        ALG - ok
10:20:47.0855 0668        aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
10:20:47.0871 0668        aliide - ok
10:20:47.0886 0668        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:20:47.0902 0668        amdagp - ok
10:20:47.0902 0668        amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
10:20:47.0917 0668        amdide - ok
10:20:47.0933 0668        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:20:47.0995 0668        AmdK7 - ok
10:20:48.0011 0668        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:20:48.0073 0668        AmdK8 - ok
10:20:48.0105 0668        Appinfo        (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
10:20:48.0167 0668        Appinfo - ok
10:20:48.0214 0668        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:20:48.0229 0668        Apple Mobile Device - ok
10:20:48.0261 0668        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:20:48.0276 0668        arc - ok
10:20:48.0292 0668        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:20:48.0307 0668        arcsas - ok
10:20:48.0339 0668        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
10:20:48.0401 0668        AsyncMac - ok
10:20:48.0417 0668        atapi          (78620bda3ec87816e5d1fa86f920bc3a) C:\Windows\system32\drivers\atapi.sys
10:20:48.0417 0668        atapi - ok
10:20:48.0495 0668        athr            (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
10:20:48.0588 0668        athr - ok
10:20:48.0635 0668        AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
10:20:48.0697 0668        AudioEndpointBuilder - ok
10:20:48.0713 0668        Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
10:20:48.0775 0668        Audiosrv - ok
10:20:48.0807 0668        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
10:20:48.0869 0668        Beep - ok
10:20:48.0900 0668        BFE            (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
10:20:48.0978 0668        BFE - ok
10:20:49.0041 0668        BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
10:20:49.0103 0668        BITS - ok
10:20:49.0103 0668        blbdrive - ok
10:20:49.0212 0668        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:20:49.0259 0668        Bonjour Service - ok
10:20:49.0306 0668        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
10:20:49.0384 0668        bowser - ok
10:20:49.0415 0668        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:20:49.0493 0668        BrFiltLo - ok
10:20:49.0493 0668        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:20:49.0571 0668        BrFiltUp - ok
10:20:49.0587 0668        Browser        (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
10:20:49.0665 0668        Browser - ok
10:20:49.0680 0668        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:20:49.0743 0668        Brserid - ok
10:20:49.0758 0668        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:20:49.0821 0668        BrSerWdm - ok
10:20:49.0852 0668        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:20:49.0914 0668        BrUsbMdm - ok
10:20:49.0930 0668        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:20:49.0992 0668        BrUsbSer - ok
10:20:50.0008 0668        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:20:50.0070 0668        BTHMODEM - ok
10:20:50.0101 0668        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
10:20:50.0164 0668        cdfs - ok
10:20:50.0195 0668        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
10:20:50.0257 0668        cdrom - ok
10:20:50.0273 0668        CertPropSvc    (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
10:20:50.0335 0668        CertPropSvc - ok
10:20:50.0351 0668        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:20:50.0413 0668        circlass - ok
10:20:50.0460 0668        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
10:20:50.0491 0668        CLFS - ok
10:20:50.0554 0668        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:20:50.0569 0668        clr_optimization_v2.0.50727_32 - ok
10:20:50.0616 0668        CmBatt          (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
10:20:50.0679 0668        CmBatt - ok
10:20:50.0679 0668        cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
10:20:50.0694 0668        cmdide - ok
10:20:50.0725 0668        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
10:20:50.0725 0668        Compbatt - ok
10:20:50.0741 0668        COMSysApp - ok
10:20:50.0772 0668        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:20:50.0772 0668        crcdisk - ok
10:20:50.0803 0668        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:20:50.0881 0668        Crusoe - ok
10:20:50.0913 0668        CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
10:20:50.0991 0668        CryptSvc - ok
10:20:51.0053 0668        DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
10:20:51.0084 0668        DcomLaunch - ok
10:20:51.0100 0668        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
10:20:51.0162 0668        DfsC - ok
10:20:51.0318 0668        DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
10:20:51.0505 0668        DFSR - ok
10:20:51.0615 0668        Dhcp            (17210d8064ec116a3fc6b5e45e577d43) C:\Windows\System32\dhcpcsvc.dll
10:20:51.0646 0668        Dhcp - ok
10:20:51.0661 0668        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
10:20:51.0677 0668        disk - ok
10:20:51.0708 0668        Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
10:20:51.0739 0668        Dnscache - ok
10:20:51.0786 0668        dot3svc        (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
10:20:51.0880 0668        dot3svc - ok
10:20:51.0895 0668        DPS            (8ef243e3baf1ab4f6202edeb8890319b) C:\Windows\system32\dps.dll
10:20:51.0989 0668        DPS - ok
10:20:52.0020 0668        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
10:20:52.0083 0668        drmkaud - ok
10:20:52.0145 0668        DXGKrnl        (a5b34136e84acfc61cbc44f3f64e0666) C:\Windows\System32\drivers\dxgkrnl.sys
10:20:52.0223 0668        DXGKrnl - ok
10:20:52.0254 0668        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:20:52.0317 0668        E1G60 - ok
10:20:52.0348 0668        EapHost        (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
10:20:52.0410 0668        EapHost - ok
10:20:52.0441 0668        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
10:20:52.0457 0668        Ecache - ok
10:20:52.0504 0668        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:20:52.0535 0668        elxstor - ok
10:20:52.0597 0668        EMDMgmt        (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
10:20:52.0629 0668        EMDMgmt - ok
10:20:52.0691 0668        EventSystem    (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
10:20:52.0722 0668        EventSystem - ok
10:20:52.0769 0668        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
10:20:52.0847 0668        fastfat - ok
10:20:52.0863 0668        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:20:52.0941 0668        fdc - ok
10:20:52.0972 0668        fdPHost        (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
10:20:53.0050 0668        fdPHost - ok
10:20:53.0050 0668        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:20:53.0128 0668        FDResPub - ok
10:20:53.0143 0668        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
10:20:53.0159 0668        FileInfo - ok
10:20:53.0190 0668        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
10:20:53.0253 0668        Filetrace - ok
10:20:53.0284 0668        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:20:53.0346 0668        flpydisk - ok
10:20:53.0377 0668        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
10:20:53.0393 0668        FltMgr - ok
10:20:53.0455 0668        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:20:53.0455 0668        FontCache3.0.0.0 - ok
10:20:53.0487 0668        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
10:20:53.0518 0668        Fs_Rec - ok
10:20:53.0533 0668        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:20:53.0549 0668        gagp30kx - ok
10:20:53.0565 0668        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:20:53.0580 0668        GEARAspiWDM - ok
10:20:53.0643 0668        gpsvc          (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
10:20:53.0689 0668        gpsvc - ok
10:20:53.0752 0668        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:20:53.0767 0668        gusvc - ok
10:20:53.0814 0668        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:20:53.0908 0668        HdAudAddService - ok
10:20:53.0923 0668        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:20:53.0955 0668        HDAudBus - ok
10:20:53.0986 0668        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:20:54.0048 0668        HidBth - ok
10:20:54.0064 0668        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:20:54.0126 0668        HidIr - ok
10:20:54.0157 0668        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
10:20:54.0220 0668        hidserv - ok
10:20:54.0251 0668        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
10:20:54.0313 0668        HidUsb - ok
10:20:54.0345 0668        hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
10:20:54.0407 0668        hkmsvc - ok
10:20:54.0407 0668        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:20:54.0423 0668        HpCISSs - ok
10:20:54.0485 0668        HTTP            (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys
10:20:54.0563 0668        HTTP - ok
10:20:54.0594 0668        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:20:54.0610 0668        i2omp - ok
10:20:54.0641 0668        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
10:20:54.0672 0668        i8042prt - ok
10:20:54.0703 0668        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:20:54.0719 0668        iaStorV - ok
10:20:54.0844 0668        idsvc          (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:20:54.0937 0668        idsvc - ok
10:20:54.0953 0668        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:20:54.0984 0668        iirsp - ok
10:20:55.0047 0668        IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
10:20:55.0140 0668        IKEEXT - ok
10:20:55.0156 0668        intelide        (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
10:20:55.0171 0668        intelide - ok
10:20:55.0187 0668        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
10:20:55.0265 0668        intelppm - ok
10:20:55.0281 0668        IPBusEnum      (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
10:20:55.0359 0668        IPBusEnum - ok
10:20:55.0359 0668        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:20:55.0437 0668        IpFilterDriver - ok
10:20:55.0468 0668        iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
10:20:55.0499 0668        iphlpsvc - ok
10:20:55.0515 0668        IpInIp - ok
10:20:55.0530 0668        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:20:55.0608 0668        IPMIDRV - ok
10:20:55.0624 0668        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
10:20:55.0686 0668        IPNAT - ok
10:20:55.0795 0668        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
10:20:55.0858 0668        iPod Service - ok
10:20:55.0858 0668        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
10:20:55.0936 0668        IRENUM - ok
10:20:55.0951 0668        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:20:55.0967 0668        isapnp - ok
10:20:55.0998 0668        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
10:20:56.0014 0668        iScsiPrt - ok
10:20:56.0045 0668        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:20:56.0061 0668        iteatapi - ok
10:20:56.0076 0668        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:20:56.0092 0668        iteraid - ok
10:20:56.0123 0668        JRAID          (222e263cc06e47bda386fe19b88e8583) C:\Windows\system32\drivers\jraid.sys
10:20:56.0154 0668        JRAID - ok
10:20:56.0185 0668        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
10:20:56.0201 0668        kbdclass - ok
10:20:56.0201 0668        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
10:20:56.0279 0668        kbdhid - ok
10:20:56.0295 0668        KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:20:56.0326 0668        KeyIso - ok
10:20:56.0357 0668        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
10:20:56.0388 0668        KSecDD - ok
10:20:56.0435 0668        KtmRm          (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
10:20:56.0513 0668        KtmRm - ok
10:20:56.0544 0668        LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
10:20:56.0622 0668        LanmanServer - ok
10:20:56.0638 0668        LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
10:20:56.0685 0668        LanmanWorkstation - ok
10:20:56.0716 0668        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
10:20:56.0778 0668        lltdio - ok
10:20:56.0825 0668        lltdsvc        (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
10:20:56.0903 0668        lltdsvc - ok
10:20:56.0919 0668        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:20:56.0981 0668        lmhosts - ok
10:20:57.0012 0668        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:20:57.0028 0668        LSI_FC - ok
10:20:57.0043 0668        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:20:57.0059 0668        LSI_SAS - ok
10:20:57.0075 0668        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:20:57.0090 0668        LSI_SCSI - ok
10:20:57.0106 0668        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
10:20:57.0184 0668        luafv - ok
10:20:57.0199 0668        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:20:57.0215 0668        MBAMProtector - ok
10:20:57.0340 0668        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:20:57.0387 0668        MBAMService - ok
10:20:57.0387 0668        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:20:57.0418 0668        megasas - ok
10:20:57.0480 0668        MMCSS          (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
10:20:57.0558 0668        MMCSS - ok
10:20:57.0558 0668        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
10:20:57.0652 0668        Modem - ok
10:20:57.0667 0668        monitor        (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
10:20:57.0730 0668        monitor - ok
10:20:57.0777 0668        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
10:20:57.0792 0668        mouclass - ok
10:20:57.0823 0668        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
10:20:57.0839 0668        mouhid - ok
10:20:57.0855 0668        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
10:20:57.0870 0668        MountMgr - ok
10:20:57.0917 0668        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:20:57.0933 0668        MozillaMaintenance - ok
10:20:57.0948 0668        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:20:57.0964 0668        mpio - ok
10:20:58.0011 0668        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
10:20:58.0042 0668        mpsdrv - ok
10:20:58.0104 0668        MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
10:20:58.0151 0668        MpsSvc - ok
10:20:58.0167 0668        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:20:58.0182 0668        Mraid35x - ok
10:20:58.0213 0668        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
10:20:58.0245 0668        MRxDAV - ok
10:20:58.0276 0668        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:20:58.0307 0668        mrxsmb - ok
10:20:58.0323 0668        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:20:58.0354 0668        mrxsmb10 - ok
10:20:58.0369 0668        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:20:58.0385 0668        mrxsmb20 - ok
10:20:58.0416 0668        msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
10:20:58.0432 0668        msahci - ok
10:20:58.0447 0668        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:20:58.0463 0668        msdsm - ok
10:20:58.0510 0668        MSDTC          (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
10:20:58.0541 0668        MSDTC - ok
10:20:58.0557 0668        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
10:20:58.0635 0668        Msfs - ok
10:20:58.0666 0668        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
10:20:58.0681 0668        msisadrv - ok
10:20:58.0713 0668        MSiSCSI        (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
10:20:58.0791 0668        MSiSCSI - ok
10:20:58.0791 0668        msiserver - ok
10:20:58.0806 0668        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
10:20:58.0869 0668        MSKSSRV - ok
10:20:58.0884 0668        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
10:20:58.0947 0668        MSPCLOCK - ok
10:20:58.0978 0668        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
10:20:59.0040 0668        MSPQM - ok
10:20:59.0071 0668        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
10:20:59.0087 0668        MsRPC - ok
10:20:59.0118 0668        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
10:20:59.0134 0668        mssmbios - ok
10:20:59.0149 0668        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
10:20:59.0227 0668        MSTEE - ok
10:20:59.0243 0668        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
10:20:59.0259 0668        Mup - ok
10:20:59.0305 0668        napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
10:20:59.0383 0668        napagent - ok
10:20:59.0415 0668        NativeWifiP    (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
10:20:59.0446 0668        NativeWifiP - ok
10:20:59.0508 0668        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
10:20:59.0539 0668        NDIS - ok
10:20:59.0555 0668        NdisTapi        (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
10:20:59.0617 0668        NdisTapi - ok
10:20:59.0649 0668        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
10:20:59.0711 0668        Ndisuio - ok
10:20:59.0727 0668        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
10:20:59.0805 0668        NdisWan - ok
10:20:59.0820 0668        NDProxy        (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
10:20:59.0883 0668        NDProxy - ok
10:20:59.0929 0668        Netaapl        (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
10:20:59.0961 0668        Netaapl - ok
10:20:59.0976 0668        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
10:21:00.0039 0668        NetBIOS - ok
10:21:00.0070 0668        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
10:21:00.0148 0668        netbt - ok
10:21:00.0163 0668        Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:21:00.0179 0668        Netlogon - ok
10:21:00.0226 0668        Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
10:21:00.0304 0668        Netman - ok
10:21:00.0319 0668        netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
10:21:00.0397 0668        netprofm - ok
10:21:00.0460 0668        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:21:00.0475 0668        NetTcpPortSharing - ok
10:21:00.0522 0668        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:21:00.0553 0668        nfrd960 - ok
10:21:00.0600 0668        NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
10:21:00.0678 0668        NlaSvc - ok
10:21:00.0694 0668        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
10:21:00.0756 0668        Npfs - ok
10:21:00.0772 0668        nsi            (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
10:21:00.0850 0668        nsi - ok
10:21:00.0897 0668        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
10:21:00.0959 0668        nsiproxy - ok
10:21:01.0053 0668        Ntfs            (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
10:21:01.0131 0668        Ntfs - ok
10:21:01.0162 0668        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:21:01.0224 0668        ntrigdigi - ok
10:21:01.0240 0668        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
10:21:01.0302 0668        Null - ok
10:21:01.0318 0668        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
10:21:01.0349 0668        nvraid - ok
10:21:01.0365 0668        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
10:21:01.0380 0668        nvstor - ok
10:21:01.0396 0668        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:21:01.0411 0668        nv_agp - ok
10:21:01.0427 0668        NwlnkFlt - ok
10:21:01.0443 0668        NwlnkFwd - ok
10:21:01.0474 0668        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:21:01.0536 0668        ohci1394 - ok
10:21:01.0614 0668        p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:21:01.0708 0668        p2pimsvc - ok
10:21:01.0723 0668        p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:21:01.0755 0668        p2psvc - ok
10:21:01.0786 0668        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:21:01.0864 0668        Parport - ok
10:21:01.0879 0668        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
10:21:01.0895 0668        partmgr - ok
10:21:01.0911 0668        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:21:01.0973 0668        Parvdm - ok
10:21:01.0989 0668        PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
10:21:02.0020 0668        PcaSvc - ok
10:21:02.0035 0668        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
10:21:02.0051 0668        pci - ok
10:21:02.0082 0668        pciide          (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
10:21:02.0098 0668        pciide - ok
10:21:02.0129 0668        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:21:02.0145 0668        pcmcia - ok
10:21:02.0223 0668        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:21:02.0332 0668        PEAUTH - ok
10:21:02.0472 0668        pla            (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
10:21:02.0644 0668        pla - ok
10:21:02.0691 0668        PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
10:21:02.0706 0668        PlugPlay - ok
10:21:02.0769 0668        PNRPAutoReg    (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:21:02.0800 0668        PNRPAutoReg - ok
10:21:02.0815 0668        PNRPsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:21:02.0847 0668        PNRPsvc - ok
10:21:02.0909 0668        PolicyAgent    (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
10:21:02.0971 0668        PolicyAgent - ok
10:21:03.0034 0668        PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
10:21:03.0112 0668        PptpMiniport - ok
10:21:03.0127 0668        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:21:03.0205 0668        Processor - ok
10:21:03.0237 0668        ProfSvc        (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
10:21:03.0315 0668        ProfSvc - ok
10:21:03.0330 0668        ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:21:03.0346 0668        ProtectedStorage - ok
10:21:03.0377 0668        PSched          (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
10:21:03.0440 0668        PSched - ok
10:21:03.0518 0668        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:21:03.0612 0668        ql2300 - ok
10:21:03.0628 0668        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:21:03.0643 0668        ql40xx - ok
10:21:03.0690 0668        QWAVE          (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
10:21:03.0721 0668        QWAVE - ok
10:21:03.0737 0668        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
10:21:03.0768 0668        QWAVEdrv - ok
10:21:03.0784 0668        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
10:21:03.0846 0668        RasAcd - ok
10:21:03.0862 0668        RasAuto        (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
10:21:03.0940 0668        RasAuto - ok
10:21:03.0955 0668        Rasl2tp        (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:04.0033 0668        Rasl2tp - ok
10:21:04.0064 0668        RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
10:21:04.0127 0668        RasMan - ok
10:21:04.0142 0668        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:04.0220 0668        RasPppoe - ok
10:21:04.0252 0668        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
10:21:04.0330 0668        rdbss - ok
10:21:04.0345 0668        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:04.0408 0668        RDPCDD - ok
10:21:04.0454 0668        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:21:04.0532 0668        rdpdr - ok
10:21:04.0548 0668        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
10:21:04.0610 0668        RDPENCDD - ok
10:21:04.0642 0668        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
10:21:04.0704 0668        RDPWD - ok
10:21:04.0735 0668        RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
10:21:04.0813 0668        RemoteAccess - ok
10:21:04.0829 0668        RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
10:21:04.0907 0668        RemoteRegistry - ok
10:21:04.0922 0668        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:21:04.0938 0668        RpcLocator - ok
10:21:05.0000 0668        RpcSs          (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
10:21:05.0047 0668        RpcSs - ok
10:21:05.0063 0668        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
10:21:05.0141 0668        rspndr - ok
10:21:05.0172 0668        SamSs          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:21:05.0188 0668        SamSs - ok
10:21:05.0219 0668        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:21:05.0234 0668        sbp2port - ok
10:21:05.0250 0668        SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
10:21:05.0312 0668        SCardSvr - ok
10:21:05.0375 0668        Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
10:21:05.0406 0668        Schedule - ok
10:21:05.0453 0668        SCPolicySvc    (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
10:21:05.0515 0668        SCPolicySvc - ok
10:21:05.0531 0668        SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
10:21:05.0578 0668        SDRSVC - ok
10:21:05.0609 0668        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:21:05.0671 0668        secdrv - ok
10:21:05.0687 0668        seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
10:21:05.0749 0668        seclogon - ok
10:21:05.0765 0668        SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
10:21:05.0843 0668        SENS - ok
10:21:05.0843 0668        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:21:05.0921 0668        Serenum - ok
10:21:05.0936 0668        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:21:06.0014 0668        Serial - ok
10:21:06.0046 0668        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
10:21:06.0061 0668        sermouse - ok
10:21:06.0108 0668        SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
10:21:06.0186 0668        SessionEnv - ok
10:21:06.0202 0668        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:21:06.0264 0668        sffdisk - ok
10:21:06.0280 0668        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:21:06.0342 0668        sffp_mmc - ok
10:21:06.0358 0668        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:21:06.0420 0668        sffp_sd - ok
10:21:06.0436 0668        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:21:06.0498 0668        sfloppy - ok
10:21:06.0545 0668        SharedAccess    (11aac56c04d26195d21c4f5229db4726) C:\Windows\System32\ipnathlp.dll
10:21:06.0623 0668        SharedAccess - ok
10:21:06.0670 0668        ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
10:21:06.0701 0668        ShellHWDetection - ok
10:21:06.0748 0668        SiS6350        (7d507bc2140c905c28d0ee0cb1f3490f) C:\Windows\system32\DRIVERS\SISGRKMD.sys
10:21:06.0779 0668        SiS6350 - ok
10:21:06.0794 0668        SISAGP          (c735cbbbc26c1d33c6d7aeb2aa65a52a) C:\Windows\system32\DRIVERS\SISAGPX.sys
10:21:06.0810 0668        SISAGP - ok
10:21:06.0841 0668        SiSGbeLH        (7a83ba25421c3254b4a133f2ec7c46ad) C:\Windows\system32\DRIVERS\SiSGB6.sys
10:21:06.0872 0668        SiSGbeLH - ok
10:21:06.0888 0668        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:21:06.0904 0668        SiSRaid2 - ok
10:21:06.0919 0668        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:21:06.0935 0668        SiSRaid4 - ok
10:21:07.0106 0668        slsvc          (7610645679bb5994210d21a347e0c479) C:\Windows\system32\SLsvc.exe
10:21:07.0325 0668        slsvc - ok
10:21:07.0434 0668        SLUINotify      (49670f3e42a0178a0ab425ae15d88e7c) C:\Windows\system32\SLUINotify.dll
10:21:07.0512 0668        SLUINotify - ok
10:21:07.0543 0668        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
10:21:07.0621 0668        Smb - ok
10:21:07.0637 0668        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:21:07.0668 0668        SNMPTRAP - ok
10:21:07.0684 0668        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
10:21:07.0699 0668        spldr - ok
10:21:07.0715 0668        Spooler        (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
10:21:07.0746 0668        Spooler - ok
10:21:07.0777 0668        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
10:21:07.0824 0668        srv - ok
10:21:07.0855 0668        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
10:21:07.0871 0668        srv2 - ok
10:21:07.0886 0668        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
10:21:07.0902 0668        srvnet - ok
10:21:07.0918 0668        SSDPSRV        (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
10:21:07.0996 0668        SSDPSRV - ok
10:21:08.0042 0668        stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
10:21:08.0089 0668        stisvc - ok
10:21:08.0120 0668        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
10:21:08.0136 0668        swenum - ok
10:21:08.0183 0668        swprv          (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
10:21:08.0261 0668        swprv - ok
10:21:08.0276 0668        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:21:08.0292 0668        Symc8xx - ok
10:21:08.0308 0668        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:21:08.0323 0668        Sym_hi - ok
10:21:08.0339 0668        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:21:08.0339 0668        Sym_u3 - ok
10:21:08.0386 0668        SysMain        (c1fdff9afd8c6c905485981b41dcfb40) C:\Windows\system32\sysmain.dll
10:21:08.0464 0668        SysMain - ok
10:21:08.0495 0668        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:21:08.0510 0668        TabletInputService - ok
10:21:08.0542 0668        TapiSrv        (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
10:21:08.0604 0668        TapiSrv - ok
10:21:08.0635 0668        TBS            (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
10:21:08.0698 0668        TBS - ok
10:21:08.0776 0668        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
10:21:08.0838 0668        Tcpip - ok
10:21:08.0854 0668        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
10:21:08.0885 0668        Tcpip6 - ok
10:21:08.0916 0668        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
10:21:08.0978 0668        tcpipreg - ok
10:21:08.0994 0668        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
10:21:09.0072 0668        TDPIPE - ok
10:21:09.0072 0668        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
10:21:09.0150 0668        TDTCP - ok
10:21:09.0166 0668        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
10:21:09.0228 0668        tdx - ok
10:21:09.0244 0668        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
10:21:09.0259 0668        TermDD - ok
10:21:09.0306 0668        TermService    (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
10:21:09.0384 0668        TermService - ok
10:21:09.0415 0668        Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
10:21:09.0446 0668        Themes - ok
10:21:09.0478 0668        THREADORDER    (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
10:21:09.0540 0668        THREADORDER - ok
10:21:09.0571 0668        TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
10:21:09.0634 0668        TrkWks - ok
10:21:09.0696 0668        TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
10:21:09.0712 0668        TrustedInstaller - ok
10:21:09.0743 0668        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:09.0821 0668        tssecsrv - ok
10:21:09.0836 0668        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
10:21:09.0868 0668        tunmp - ok
10:21:09.0868 0668        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
10:21:09.0899 0668        tunnel - ok
10:21:09.0930 0668        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
10:21:09.0946 0668        uagp35 - ok
10:21:09.0977 0668        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
10:21:10.0070 0668        udfs - ok
10:21:10.0211 0668        UI0Detect      (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
10:21:10.0226 0668        UI0Detect - ok
10:21:10.0242 0668        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:21:10.0273 0668        uliagpkx - ok
10:21:10.0289 0668        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:21:10.0304 0668        uliahci - ok
10:21:10.0336 0668        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:21:10.0351 0668        UlSata - ok
10:21:10.0367 0668        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:21:10.0382 0668        ulsata2 - ok
10:21:10.0398 0668        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
10:21:10.0476 0668        umbus - ok
10:21:10.0507 0668        upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
10:21:10.0570 0668        upnphost - ok
10:21:10.0616 0668        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
10:21:10.0648 0668        USBAAPL - ok
10:21:10.0679 0668        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:10.0741 0668        usbccgp - ok
10:21:10.0772 0668        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:21:10.0835 0668        usbcir - ok
10:21:10.0866 0668        usbehci        (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
10:21:10.0928 0668        usbehci - ok
10:21:10.0960 0668        usbhub          (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
10:21:11.0038 0668        usbhub - ok
10:21:11.0053 0668        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
10:21:11.0116 0668        usbohci - ok
10:21:11.0147 0668        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
10:21:11.0209 0668        usbprint - ok
10:21:11.0272 0668        usbscan        (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
10:21:11.0334 0668        usbscan - ok
10:21:11.0396 0668        USBSTOR        (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:11.0474 0668        USBSTOR - ok
10:21:11.0521 0668        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
10:21:11.0599 0668        usbuhci - ok
10:21:11.0630 0668        UxSms          (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
10:21:11.0708 0668        UxSms - ok
10:21:11.0755 0668        vds            (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
10:21:11.0802 0668        vds - ok
10:21:11.0849 0668        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:11.0927 0668        vga - ok
10:21:11.0942 0668        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
10:21:12.0005 0668        VgaSave - ok
10:21:12.0020 0668        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:21:12.0036 0668        viaagp - ok
10:21:12.0036 0668        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:21:12.0114 0668        ViaC7 - ok
10:21:12.0114 0668        viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
10:21:12.0145 0668        viaide - ok
10:21:12.0161 0668        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
10:21:12.0176 0668        volmgr - ok
10:21:12.0208 0668        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
10:21:12.0223 0668        volmgrx - ok
10:21:12.0239 0668        volsnap        (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
10:21:12.0270 0668        volsnap - ok
10:21:12.0301 0668        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:21:12.0317 0668        vsmraid - ok
10:21:12.0395 0668        VSS            (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
10:21:12.0488 0668        VSS - ok
10:21:12.0520 0668        W32Time        (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
10:21:12.0598 0668        W32Time - ok
10:21:12.0613 0668        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:21:12.0676 0668        WacomPen - ok
10:21:12.0707 0668        Wanarp          (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:12.0769 0668        Wanarp - ok
10:21:12.0785 0668        Wanarpv6        (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:12.0847 0668        Wanarpv6 - ok
10:21:12.0863 0668        wcncsvc        (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
10:21:12.0894 0668        wcncsvc - ok
10:21:12.0910 0668        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:21:12.0988 0668        WcsPlugInService - ok
10:21:13.0003 0668        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:21:13.0003 0668        Wd - ok
10:21:13.0066 0668        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:21:13.0097 0668        Wdf01000 - ok
10:21:13.0128 0668        WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
10:21:13.0144 0668        WdiServiceHost - ok
10:21:13.0159 0668        WdiSystemHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
10:21:13.0175 0668        WdiSystemHost - ok
10:21:13.0206 0668        WebClient      (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
10:21:13.0237 0668        WebClient - ok
10:21:13.0268 0668        Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
10:21:13.0346 0668        Wecsvc - ok
10:21:13.0362 0668        wercplsupport  (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
10:21:13.0424 0668        wercplsupport - ok
10:21:13.0440 0668        WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
10:21:13.0518 0668        WerSvc - ok
10:21:13.0612 0668        WinDefend      (ec0180032c6d201ef26fad1a0c14e674) C:\Program Files\Windows Defender\mpsvc.dll
10:21:13.0627 0668        WinDefend - ok
10:21:13.0643 0668        WinHttpAutoProxySvc - ok
10:21:13.0690 0668        Winmgmt        (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
10:21:13.0768 0668        Winmgmt - ok
10:21:13.0799 0668        WinRM          (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
10:21:13.0892 0668        WinRM - ok
10:21:13.0970 0668        Wlansvc        (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
10:21:14.0002 0668        Wlansvc - ok
10:21:14.0048 0668        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:21:14.0111 0668        WmiAcpi - ok
10:21:14.0158 0668        wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
10:21:14.0173 0668        wmiApSrv - ok
10:21:14.0298 0668        WMPNetworkSvc  (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:21:14.0376 0668        WMPNetworkSvc - ok
10:21:14.0407 0668        WPCSvc          (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
10:21:14.0423 0668        WPCSvc - ok
10:21:14.0454 0668        WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
10:21:14.0470 0668        WPDBusEnum - ok
10:21:14.0501 0668        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
10:21:14.0563 0668        WpdUsb - ok
10:21:14.0579 0668        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
10:21:14.0641 0668        ws2ifsl - ok
10:21:14.0672 0668        wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
10:21:14.0704 0668        wscsvc - ok
10:21:14.0704 0668        WSearch - ok
10:21:14.0860 0668        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:21:15.0016 0668        wuauserv - ok
10:21:15.0140 0668        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:15.0218 0668        WUDFRd - ok
10:21:15.0234 0668        wudfsvc        (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
10:21:15.0328 0668        wudfsvc - ok
10:21:15.0359 0668        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:21:15.0764 0668        \Device\Harddisk0\DR0 - ok
10:21:15.0764 0668        Boot (0x1200)  (b3a81c6b1ecc7367b1a2a72c889a188f) \Device\Harddisk0\DR0\Partition0
10:21:15.0764 0668        \Device\Harddisk0\DR0\Partition0 - ok
10:21:15.0764 0668        ============================================================
10:21:15.0764 0668        Scan finished
10:21:15.0764 0668        ============================================================
10:21:15.0796 0360        Detected object count: 0
10:21:15.0796 0360        Actual detected object count: 0
lg Tina

cosinus 09.06.2012 23:51
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

roterengel24 11.06.2012 10:46
Combofix Logfile:
Code:
ComboFix 12-06-10.01 - Probst 11.06.2012  11:02:13.1.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6000.0.1252.49.1031.18.765.290 [GMT 2:00]
ausgeführt von:: c:\users\Probst\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-11 bis 2012-06-11  ))))))))))))))))))))))))))))))
.
.
2012-06-08 09:35 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EC3E5FB-C325-4DA6-8C73-32E43D2B8838}\mpengine.dll
2012-06-06 19:58 . 2012-06-06 19:58        --------        d-----w-        C:\_OTL
2012-06-04 06:59 . 2012-06-04 06:59        --------        d-----w-        c:\program files\ESET
2012-06-03 11:51 . 2012-06-03 11:51        --------        d-----w-        c:\users\Probst\AppData\Roaming\Malwarebytes
2012-06-03 11:51 . 2012-06-03 11:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-03 11:51 . 2012-06-03 11:51        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-03 11:51 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-22 19:12 . 2012-03-22 19:12        4435968        ----a-w-        c:\windows\system32\GPhotos.scr
2012-05-07 14:04 . 2012-01-29 11:38        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-01-30 1232896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2009-06-19 552960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Probst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-11 c:\windows\Tasks\User_Feed_Synchronization-{1FD4C116-C35B-4387-BE04-E7F612D8B48B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Probst\AppData\Roaming\Mozilla\Firefox\Profiles\1qzkdlqf.default\
FF - prefs.js: browser.startup.homepage - google.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-11 11:14
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conime.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-11  11:18:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-11 09:18
.
Vor Suchlauf: 6 Verzeichnis(se), 68.381.716.480 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 68.193.763.328 Bytes frei
.
- - End Of File - - 8A028BECF3D79F2497089B9454B53F16
--- --- ---

cosinus 11.06.2012 12:49
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

roterengel24 11.06.2012 15:07
[code]
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:03:21 on 11.06.2012

OS: Windows Vista Home Basic Edition (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Probst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SiSTray" - "Silicon Integrated Systems Corporation" - %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[code/]

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 16:09:34
-----------------------------
16:09:34.872    OS Version: Windows 6.0.6000
16:09:34.872    Number of processors: 2 586 0xE0C
16:09:34.872    ComputerName: PROBST-PC  UserName: Probst
16:09:51.189    Initialize success
16:11:14.468    AVAST engine defs: 12061100
16:11:38.742    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
16:11:38.757    Disk 0 Vendor: WDC_WD1200BEVS-07RST0 04.01G04 Size: 114473MB BusType: 3
16:11:38.788    Disk 0 MBR read successfully
16:11:38.804    Disk 0 MBR scan
16:11:38.913    Disk 0 Windows VISTA default MBR code
16:11:38.960    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        2049 MB offset 12678
16:11:38.991    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      112416 MB offset 4210688
16:11:39.022    Disk 0 scanning sectors +234438656
16:11:39.147    Disk 0 scanning C:\Windows\system32\drivers
16:11:48.913    Service scanning
16:12:07.820    Modules scanning
16:12:12.500    Disk 0 trace - called modules:
16:12:12.547    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:12:12.578    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83c8d0d8]
16:12:12.609    3 ntkrnlpa.exe[818b07e2] -> nt!IofCallDriver -> [0x83736928]
16:12:12.625    5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x82da7030]
16:12:13.561    AVAST engine scan C:\Windows
16:12:17.133    AVAST engine scan C:\Windows\system32
16:15:50.257    AVAST engine scan C:\Windows\system32\drivers
16:16:06.063    AVAST engine scan C:\Users\Probst
16:22:55.036    AVAST engine scan C:\ProgramData
16:23:38.108    Scan finished successfully
16:26:33.670    Disk 0 MBR has been saved successfully to "C:\Users\Probst\Downloads\MBR.dat"
16:26:33.686    The log file has been saved successfully to "C:\Users\Probst\Downloads\aswMBR.txt"
GMER ist 2x abgestürzt...
lg tina

cosinus 11.06.2012 15:44
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131