Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein (https://www.trojaner-board.de/116063-popup-rechts-unten-browser-nervende-werbung-flash-schiebt-unten-rein.html)

ambit01 02.06.2012 16:54
Benötige VPN nur um RDP zu benutzen. Ist sicher auch so nicht ganz ungefährlich.

Habe mehrere Versuche unternommen OTL auszuführen. Es scheitert immer an den MD5-Funktionalitäten.

Mal sehen ob Du 'mirres' weiterhelfen kannst. System neu aufsetzen kommt nur als letztes Mittel in Frage.

Danke,
Adrian

cosinus 02.06.2012 19:40
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3339107563-512239636-558935408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\Shell - "" = AutoRun
O33 - MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\Shell - "" = AutoRun
O33 - MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Win-Azure.pdf
[2012.05.22 23:06:17 | 000,042,625 | ---- | M] () -- C:\Windows\SysWow64\6.skb
[2012.05.22 23:01:15 | 000,037,681 | ---- | M] () -- C:\Windows\SysWow64\5.skb
[2012.05.22 22:56:10 | 000,019,378 | ---- | M] () -- C:\Windows\SysWow64\4.skb
[2012.05.22 00:15:22 | 000,030,779 | ---- | M] () -- C:\Windows\SysWow64\3.skb
[2012.05.22 00:08:58 | 000,028,544 | ---- | M] () -- C:\Windows\SysWow64\2.skb
[2012.05.22 00:03:10 | 000,028,708 | ---- | M] () -- C:\Windows\SysWow64\1.skb
[2012.05.21 23:58:06 | 000,010,740 | ---- | M] () -- C:\Windows\SysWow64\0.skb
[2012.04.25 09:17:32 | 000,000,000 | ---D | M] -- C:\Users\***** *****\AppData\Roaming\Ybxow
[2012.05.02 21:28:14 | 000,000,000 | ---D | M] -- C:\Users\***** *****\AppData\Roaming\Zaux
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:0574215C
:Files
C:\acroldr
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ambit01 02.06.2012 21:12
Ohhhh! Das Script hat mächtig aufgeräumt. Es ist einiges Weg :-/ Passwörter, Links ....

... aber die Malware scheint auch weg zu sein!? Hurra!

Code:
All processes killed
========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "Freeware.de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3339107563-512239636-558935408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Win-Azure.pdf not found.
C:\Windows\SysWOW64\6.skb moved successfully.
C:\Windows\SysWOW64\5.skb moved successfully.
C:\Windows\SysWOW64\4.skb moved successfully.
C:\Windows\SysWOW64\3.skb moved successfully.
C:\Windows\SysWOW64\2.skb moved successfully.
C:\Windows\SysWOW64\1.skb moved successfully.
C:\Windows\SysWOW64\0.skb moved successfully.
C:\Users\Adrian *****\AppData\Roaming\Ybxow folder moved successfully.
C:\Users\Adrian *****\AppData\Roaming\Zaux folder moved successfully.
ADS C:\ProgramData\TEMP:0574215C deleted successfully.
========== FILES ==========
C:\acroldr folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: a0273787
 
User: Adrian *****
->Temp folder emptied: 450042058 bytes
->Temporary Internet Files folder emptied: 10330105250 bytes
->Java cache emptied: 350210 bytes
->FireFox cache emptied: 173081321 bytes
->Flash cache emptied: 176211 bytes
 
User: All Users
 
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 290628896 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 638 bytes
RecycleBin emptied: 2285984038 bytes
 
Total Files Cleaned = 12'904.00 mb
 
 
[EMPTYFLASH]
 
User: a0273787
 
User: Adrian *****
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Classic .NET AppPool
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 06022012_220206

Files\Folders moved on Reboot...
C:\Users\Adrian *****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Ohhhh! Das Problem scheint tatsächlich gelöst zu sein. Unglaublich. Über 10 verschiedene professionelle Tolls haben nicht geholfen. Nun hat OTL dank Arne kräftig aufgeräumt und die lästige Werbung ist weg.

Bravo!

Melde mich morgen nochmals, mit der abschliessenden Bestätigung.

Danke,
Adrian

Ok! Die lästige Werbung ist weg. Super!

Nach dem Aufräumen konnte ich auf einige Verzeichnisse und Ordner nicht mehr zugreifen. Sie waren im Besitz eines unbekannten Benutzers. Es war jedoch viel einfacher den Besitz wieder zu übernehmen, als das ganze System neu aufzusetzen. Nur zur Info für Euch, falls andere ähnlich Fälle auftreten.

Vielen Dank,
Adrian

cosinus 03.06.2012 12:58
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

ambit01 03.06.2012 13:15
Done:

Code:
14:09:59.0305 5172        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:09:59.0367 5172        ============================================================
14:09:59.0367 5172        Current date / time: 2012/06/03 14:09:59.0367
14:09:59.0367 5172        SystemInfo:
14:09:59.0367 5172       
14:09:59.0367 5172        OS Version: 6.1.7601 ServicePack: 1.0
14:09:59.0367 5172        Product type: Workstation
14:09:59.0367 5172        ComputerName: MY-PC
14:09:59.0367 5172        UserName: Adrian *****
14:09:59.0367 5172        Windows directory: C:\Windows
14:09:59.0367 5172        System windows directory: C:\Windows
14:09:59.0367 5172        Running under WOW64
14:09:59.0367 5172        Processor architecture: Intel x64
14:09:59.0367 5172        Number of processors: 12
14:09:59.0367 5172        Page size: 0x1000
14:09:59.0367 5172        Boot type: Normal boot
14:09:59.0367 5172        ============================================================
14:09:59.0539 5172        Drive \Device\Harddisk0\DR0 - Size: 0x37E6380000 (223.60 Gb), SectorSize: 0x200, Cylinders: 0x7204, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
14:09:59.0539 5172        Drive \Device\Harddisk2\DR2 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:59.0539 5172        Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:59.0570 5172        ============================================================
14:09:59.0570 5172        \Device\Harddisk0\DR0:
14:09:59.0570 5172        MBR partitions:
14:09:59.0570 5172        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF30800
14:09:59.0570 5172        \Device\Harddisk2\DR2:
14:09:59.0570 5172        MBR partitions:
14:09:59.0570 5172        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23000
14:09:59.0570 5172        \Device\Harddisk1\DR1:
14:09:59.0570 5172        MBR partitions:
14:09:59.0570 5172        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:09:59.0570 5172        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0800
14:09:59.0570 5172        ============================================================
14:09:59.0570 5172        C: <-> \Device\Harddisk1\DR1\Partition1
14:09:59.0570 5172        F: <-> \Device\Harddisk2\DR2\Partition0
14:09:59.0570 5172        G: <-> \Device\Harddisk0\DR0\Partition0
14:09:59.0570 5172        ============================================================
14:09:59.0570 5172        Initialize success
14:09:59.0570 5172        ============================================================
14:11:17.0103 1948        ============================================================
14:11:17.0103 1948        Scan started
14:11:17.0103 1948        Mode: Manual; SigCheck; TDLFS;
14:11:17.0103 1948        ============================================================
14:11:17.0415 1948        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:11:17.0446 1948        1394ohci - ok
14:11:17.0477 1948        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:11:17.0477 1948        ACPI - ok
14:11:17.0477 1948        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:11:17.0509 1948        AcpiPmi - ok
14:11:17.0555 1948        AcrSch2Svc      (7af09e7db9e7f1c0689b22a183e46e42) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
14:11:17.0571 1948        AcrSch2Svc - ok
14:11:17.0587 1948        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:11:17.0587 1948        AdobeARMservice - ok
14:11:17.0602 1948        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:17.0618 1948        AdobeFlashPlayerUpdateSvc - ok
14:11:17.0649 1948        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:11:17.0649 1948        adp94xx - ok
14:11:17.0665 1948        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:11:17.0665 1948        adpahci - ok
14:11:17.0680 1948        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:11:17.0680 1948        adpu320 - ok
14:11:17.0680 1948        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:11:17.0711 1948        AeLookupSvc - ok
14:11:17.0711 1948        afcdp          (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys
14:11:17.0727 1948        afcdp - ok
14:11:17.0805 1948        afcdpsrv        (a07f038b7a28c439accda9cc46eb999f) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
14:11:17.0836 1948        afcdpsrv - ok
14:11:17.0867 1948        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:11:17.0883 1948        AFD - ok
14:11:17.0883 1948        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:11:17.0899 1948        agp440 - ok
14:11:17.0899 1948        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:11:17.0899 1948        ALG - ok
14:11:17.0899 1948        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:11:17.0914 1948        aliide - ok
14:11:17.0914 1948        AMD External Events Utility (812349d328eb406815183a5d17b49e7c) C:\Windows\system32\atiesrxx.exe
14:11:17.0930 1948        AMD External Events Utility - ok
14:11:17.0930 1948        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:11:17.0945 1948        amdide - ok
14:11:17.0945 1948        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:11:17.0945 1948        AmdK8 - ok
14:11:18.0148 1948        amdkmdag        (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
14:11:18.0257 1948        amdkmdag - ok
14:11:18.0289 1948        amdkmdap        (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
14:11:18.0304 1948        amdkmdap - ok
14:11:18.0304 1948        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:11:18.0304 1948        AmdPPM - ok
14:11:18.0304 1948        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:11:18.0320 1948        amdsata - ok
14:11:18.0320 1948        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:11:18.0335 1948        amdsbs - ok
14:11:18.0335 1948        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:11:18.0335 1948        amdxata - ok
14:11:18.0335 1948        AnyDVD          (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys
14:11:18.0351 1948        AnyDVD - ok
14:11:18.0351 1948        AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
14:11:18.0351 1948        AppHostSvc - ok
14:11:18.0367 1948        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:11:18.0382 1948        AppID - ok
14:11:18.0382 1948        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:11:18.0398 1948        AppIDSvc - ok
14:11:18.0398 1948        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:11:18.0413 1948        Appinfo - ok
14:11:18.0429 1948        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:11:18.0445 1948        AppMgmt - ok
14:11:18.0445 1948        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:11:18.0460 1948        arc - ok
14:11:18.0476 1948        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:11:18.0491 1948        arcsas - ok
14:11:18.0507 1948        ArcSec          (a7409b5c0e35ddee64f16f3054e5530b) C:\Windows\system32\drivers\ArcSec.sys
14:11:18.0523 1948        ArcSec - ok
14:11:18.0523 1948        asahci64        (d7989234601a2de9a1801f4ed9533b6e) C:\Windows\system32\DRIVERS\asahci64.sys
14:11:18.0523 1948        asahci64 - ok
14:11:18.0585 1948        asComSvc        (fbddf3593b218d4fb73564b74817eeaa) C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe
14:11:18.0601 1948        asComSvc - ok
14:11:18.0632 1948        asHmComSvc      (3b52ca3643113058ed95097cba4ae469) C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe
14:11:18.0647 1948        asHmComSvc - ok
14:11:18.0679 1948        AsIO            (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
14:11:18.0694 1948        AsIO - ok
14:11:18.0725 1948        asmthub3        (6d9c024aa8f24065a6dbeab1f431d854) C:\Windows\system32\DRIVERS\asmthub3.sys
14:11:18.0725 1948        asmthub3 - ok
14:11:18.0741 1948        asmtxhci        (ecad22f15d8f17cc04f24e9a6fb00f2f) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:11:18.0741 1948        asmtxhci - ok
14:11:18.0757 1948        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:11:18.0757 1948        aspnet_state - ok
14:11:18.0772 1948        AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
14:11:18.0788 1948        AsSysCtrlService - ok
14:11:18.0803 1948        AsUpIO          (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
14:11:18.0803 1948        AsUpIO - ok
14:11:18.0835 1948        AsusFanControlService (9ad4e6b30045230eab43c5582accea99) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.08\AsusFanControlService.exe
14:11:18.0850 1948        AsusFanControlService - ok
14:11:18.0850 1948        ASUSFILTER      (a5e4cdb420540095d1293c874b5f89aa) C:\Windows\syswow64\drivers\ASUSFILTER.sys
14:11:18.0866 1948        ASUSFILTER - ok
14:11:18.0881 1948        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:18.0897 1948        AsyncMac - ok
14:11:18.0897 1948        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:11:18.0897 1948        atapi - ok
14:11:18.0913 1948        AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
14:11:18.0913 1948        AtiHDAudioService - ok
14:11:18.0928 1948        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:11:18.0959 1948        AudioEndpointBuilder - ok
14:11:18.0959 1948        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:11:18.0975 1948        AudioSrv - ok
14:11:18.0991 1948        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:11:19.0006 1948        AxInstSV - ok
14:11:19.0006 1948        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:11:19.0022 1948        b06bdrv - ok
14:11:19.0037 1948        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:11:19.0037 1948        b57nd60a - ok
14:11:19.0037 1948        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:11:19.0053 1948        BDESVC - ok
14:11:19.0053 1948        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:11:19.0069 1948        Beep - ok
14:11:19.0084 1948        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:11:19.0115 1948        BFE - ok
14:11:19.0131 1948        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:11:19.0162 1948        BITS - ok
14:11:19.0178 1948        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:11:19.0178 1948        blbdrive - ok
14:11:19.0178 1948        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:11:19.0193 1948        bowser - ok
14:11:19.0193 1948        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:11:19.0209 1948        BrFiltLo - ok
14:11:19.0209 1948        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:11:19.0209 1948        BrFiltUp - ok
14:11:19.0225 1948        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:11:19.0240 1948        Browser - ok
14:11:19.0240 1948        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:11:19.0256 1948        Brserid - ok
14:11:19.0256 1948        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:11:19.0271 1948        BrSerWdm - ok
14:11:19.0271 1948        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:11:19.0271 1948        BrUsbMdm - ok
14:11:19.0271 1948        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:11:19.0287 1948        BrUsbSer - ok
14:11:19.0287 1948        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:11:19.0287 1948        BTHMODEM - ok
14:11:19.0303 1948        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:11:19.0318 1948        bthserv - ok
14:11:19.0318 1948        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:11:19.0334 1948        cdfs - ok
14:11:19.0334 1948        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:11:19.0349 1948        cdrom - ok
14:11:19.0349 1948        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:11:19.0365 1948        CertPropSvc - ok
14:11:19.0381 1948        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:11:19.0381 1948        circlass - ok
14:11:19.0396 1948        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:11:19.0396 1948        CLFS - ok
14:11:19.0396 1948        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:19.0412 1948        clr_optimization_v2.0.50727_32 - ok
14:11:19.0412 1948        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:11:19.0412 1948        clr_optimization_v2.0.50727_64 - ok
14:11:19.0427 1948        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:19.0427 1948        clr_optimization_v4.0.30319_32 - ok
14:11:19.0443 1948        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:11:19.0443 1948        clr_optimization_v4.0.30319_64 - ok
14:11:19.0443 1948        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:11:19.0459 1948        CmBatt - ok
14:11:19.0474 1948        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:11:19.0474 1948        cmdide - ok
14:11:19.0505 1948        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:11:19.0521 1948        CNG - ok
14:11:19.0537 1948        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:11:19.0537 1948        Compbatt - ok
14:11:19.0537 1948        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:11:19.0552 1948        CompositeBus - ok
14:11:19.0552 1948        COMSysApp - ok
14:11:19.0552 1948        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:11:19.0568 1948        crcdisk - ok
14:11:19.0583 1948        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:11:19.0599 1948        CryptSvc - ok
14:11:19.0615 1948        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:11:19.0630 1948        CSC - ok
14:11:19.0646 1948        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:11:19.0661 1948        CscService - ok
14:11:19.0661 1948        DAZContentManagementService (958ef96991abccfdac0953c4a24081dc) C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
14:11:19.0661 1948        DAZContentManagementService ( UnsignedFile.Multi.Generic ) - warning
14:11:19.0661 1948        DAZContentManagementService - detected UnsignedFile.Multi.Generic (1)
14:11:19.0661 1948        dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:11:19.0677 1948        dc3d - ok
14:11:19.0693 1948        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:11:19.0708 1948        DcomLaunch - ok
14:11:19.0708 1948        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:11:19.0739 1948        defragsvc - ok
14:11:19.0739 1948        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:11:19.0755 1948        DfsC - ok
14:11:19.0755 1948        dgderdrv - ok
14:11:19.0771 1948        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:11:19.0786 1948        Dhcp - ok
14:11:19.0786 1948        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:11:19.0817 1948        discache - ok
14:11:19.0817 1948        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:11:19.0817 1948        Disk - ok
14:11:19.0817 1948        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:11:19.0833 1948        Dnscache - ok
14:11:19.0833 1948        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:11:19.0864 1948        dot3svc - ok
14:11:19.0864 1948        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:11:19.0880 1948        DPS - ok
14:11:19.0880 1948        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:11:19.0895 1948        drmkaud - ok
14:11:19.0911 1948        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:11:19.0927 1948        DXGKrnl - ok
14:11:19.0927 1948        e1cexpress      (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys
14:11:19.0942 1948        e1cexpress - ok
14:11:19.0942 1948        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:11:19.0958 1948        EapHost - ok
14:11:20.0020 1948        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:11:20.0067 1948        ebdrv - ok
14:11:20.0083 1948        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:11:20.0083 1948        EFS - ok
14:11:20.0098 1948        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:11:20.0114 1948        ehRecvr - ok
14:11:20.0129 1948        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:11:20.0129 1948        ehSched - ok
14:11:20.0129 1948        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:11:20.0145 1948        ElbyCDIO - ok
14:11:20.0145 1948        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:11:20.0161 1948        elxstor - ok
14:11:20.0161 1948        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:11:20.0176 1948        ErrDev - ok
14:11:20.0176 1948        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:11:20.0207 1948        EventSystem - ok
14:11:20.0207 1948        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:11:20.0223 1948        exfat - ok
14:11:20.0223 1948        Fabs - ok
14:11:20.0239 1948        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:11:20.0254 1948        fastfat - ok
14:11:20.0270 1948        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:11:20.0285 1948        Fax - ok
14:11:20.0285 1948        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:11:20.0285 1948        fdc - ok
14:11:20.0301 1948        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:11:20.0317 1948        fdPHost - ok
14:11:20.0317 1948        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:11:20.0332 1948        FDResPub - ok
14:11:20.0332 1948        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:11:20.0348 1948        FileInfo - ok
14:11:20.0348 1948        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:11:20.0363 1948        Filetrace - ok
14:11:20.0410 1948        FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:11:20.0441 1948        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:11:20.0441 1948        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:11:20.0457 1948        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:20.0473 1948        flpydisk - ok
14:11:20.0551 1948        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:11:20.0566 1948        FltMgr - ok
14:11:20.0566 1948        fltsrv          (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys
14:11:20.0582 1948        fltsrv - ok
14:11:20.0707 1948        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:11:20.0738 1948        FontCache - ok
14:11:20.0753 1948        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:11:20.0753 1948        FontCache3.0.0.0 - ok
14:11:20.0785 1948        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:11:20.0800 1948        FsDepends - ok
14:11:20.0800 1948        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:11:20.0800 1948        Fs_Rec - ok
14:11:20.0816 1948        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:11:20.0816 1948        fvevol - ok
14:11:20.0831 1948        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:11:20.0831 1948        gagp30kx - ok
14:11:20.0831 1948        gpslc64        (4dc6018ba975a1e4ac2121f0bd1ea894) C:\Windows\system32\Drivers\gpslc64.sys
14:11:20.0831 1948        gpslc64 - ok
14:11:20.0863 1948        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:11:20.0894 1948        gpsvc - ok
14:11:20.0894 1948        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:11:20.0909 1948        hcw85cir - ok
14:11:20.0909 1948        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:11:20.0925 1948        HdAudAddService - ok
14:11:20.0925 1948        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:11:20.0941 1948        HDAudBus - ok
14:11:20.0941 1948        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:11:20.0941 1948        HidBatt - ok
14:11:20.0941 1948        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:11:20.0956 1948        HidBth - ok
14:11:20.0956 1948        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:11:20.0956 1948        HidIr - ok
14:11:20.0956 1948        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:11:20.0987 1948        hidserv - ok
14:11:20.0987 1948        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:11:20.0987 1948        HidUsb - ok
14:11:20.0987 1948        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:11:21.0019 1948        hkmsvc - ok
14:11:21.0019 1948        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:11:21.0019 1948        HomeGroupListener - ok
14:11:21.0034 1948        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:11:21.0034 1948        HomeGroupProvider - ok
14:11:21.0034 1948        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:11:21.0050 1948        HpSAMD - ok
14:11:21.0065 1948        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:11:21.0081 1948        HTTP - ok
14:11:21.0097 1948        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:11:21.0097 1948        hwpolicy - ok
14:11:21.0097 1948        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:11:21.0112 1948        i8042prt - ok
14:11:21.0112 1948        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:11:21.0128 1948        iaStorV - ok
14:11:21.0128 1948        ICCWDT          (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
14:11:21.0128 1948        ICCWDT - ok
14:11:21.0143 1948        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:11:21.0159 1948        idsvc - ok
14:11:21.0159 1948        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:11:21.0175 1948        iirsp - ok
14:11:21.0190 1948        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:11:21.0221 1948        IKEEXT - ok
14:11:21.0284 1948        IntcAzAudAddService (254faae42afc641c0be628de123ea9de) C:\Windows\system32\drivers\RTKVHD64.sys
14:11:21.0315 1948        IntcAzAudAddService - ok
14:11:21.0331 1948        Intel(R) PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe
14:11:21.0331 1948        Intel(R) PROSet Monitoring Service - ok
14:11:21.0346 1948        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:11:21.0346 1948        intelide - ok
14:11:21.0346 1948        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:11:21.0346 1948        intelppm - ok
14:11:21.0362 1948        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:11:21.0377 1948        IPBusEnum - ok
14:11:21.0377 1948        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:21.0393 1948        IpFilterDriver - ok
14:11:21.0409 1948        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:11:21.0440 1948        iphlpsvc - ok
14:11:21.0440 1948        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:11:21.0440 1948        IPMIDRV - ok
14:11:21.0440 1948        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:11:21.0471 1948        IPNAT - ok
14:11:21.0471 1948        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:11:21.0487 1948        IRENUM - ok
14:11:21.0487 1948        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:11:21.0487 1948        isapnp - ok
14:11:21.0502 1948        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys
14:11:21.0518 1948        iScsiPrt - ok
14:11:21.0549 1948        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:11:21.0549 1948        kbdclass - ok
14:11:21.0549 1948        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:11:21.0549 1948        kbdhid - ok
14:11:21.0565 1948        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:21.0565 1948        KeyIso - ok
14:11:21.0565 1948        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:11:21.0580 1948        KSecDD - ok
14:11:21.0580 1948        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:11:21.0580 1948        KSecPkg - ok
14:11:21.0611 1948        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:11:21.0627 1948        ksthunk - ok
14:11:21.0643 1948        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:11:21.0658 1948        KtmRm - ok
14:11:21.0674 1948        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:11:21.0689 1948        LanmanServer - ok
14:11:21.0689 1948        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:11:21.0705 1948        LanmanWorkstation - ok
14:11:21.0721 1948        libusb0        (02538e602280c07438c94489dcbe77d5) C:\Windows\system32\DRIVERS\libusb0.sys
14:11:21.0721 1948        libusb0 - ok
14:11:21.0721 1948        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:11:21.0736 1948        lltdio - ok
14:11:21.0752 1948        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:11:21.0767 1948        lltdsvc - ok
14:11:21.0767 1948        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:11:21.0799 1948        lmhosts - ok
14:11:21.0799 1948        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:11:21.0799 1948        LSI_FC - ok
14:11:21.0814 1948        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:11:21.0814 1948        LSI_SAS - ok
14:11:21.0814 1948        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:11:21.0814 1948        LSI_SAS2 - ok
14:11:21.0830 1948        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:11:21.0830 1948        LSI_SCSI - ok
14:11:21.0830 1948        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:11:21.0861 1948        luafv - ok
14:11:21.0861 1948        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:11:21.0861 1948        Mcx2Svc - ok
14:11:21.0861 1948        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:11:21.0877 1948        megasas - ok
14:11:21.0877 1948        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:11:21.0892 1948        MegaSR - ok
14:11:21.0892 1948        MEIx64          (e4dd818ef22bbbf4274af767a96d34c8) C:\Windows\system32\DRIVERS\HECIx64.sys
14:11:21.0892 1948        MEIx64 - ok
14:11:21.0892 1948        Microsoft SharePoint Workspace Audit Service - ok
14:11:21.0908 1948        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:11:21.0923 1948        MMCSS - ok
14:11:21.0923 1948        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:11:21.0939 1948        Modem - ok
14:11:21.0939 1948        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:11:21.0955 1948        monitor - ok
14:11:21.0955 1948        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:11:21.0955 1948        mouclass - ok
14:11:21.0955 1948        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:11:21.0970 1948        mouhid - ok
14:11:21.0970 1948        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:11:21.0970 1948        mountmgr - ok
14:11:21.0986 1948        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:11:21.0986 1948        MpFilter - ok
14:11:21.0986 1948        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:11:22.0001 1948        mpio - ok
14:11:22.0001 1948        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:11:22.0017 1948        mpsdrv - ok
14:11:22.0033 1948        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:11:22.0064 1948        MpsSvc - ok
14:11:22.0064 1948        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:11:22.0079 1948        MRxDAV - ok
14:11:22.0079 1948        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:22.0095 1948        mrxsmb - ok
14:11:22.0095 1948        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:22.0111 1948        mrxsmb10 - ok
14:11:22.0111 1948        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:22.0111 1948        mrxsmb20 - ok
14:11:22.0111 1948        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
14:11:22.0126 1948        msahci - ok
14:11:22.0126 1948        MsDepSvc        (aaac4b494de45836121a40aec980b631) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
14:11:22.0126 1948        MsDepSvc - ok
14:11:22.0126 1948        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:11:22.0142 1948        msdsm - ok
14:11:22.0142 1948        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:11:22.0157 1948        MSDTC - ok
14:11:22.0157 1948        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:11:22.0173 1948        Msfs - ok
14:11:22.0173 1948        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:11:22.0189 1948        mshidkmdf - ok
14:11:22.0189 1948        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:11:22.0204 1948        msisadrv - ok
14:11:22.0204 1948        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:11:22.0220 1948        MSiSCSI - ok
14:11:22.0220 1948        msiserver - ok
14:11:22.0220 1948        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:11:22.0251 1948        MSKSSRV - ok
14:11:22.0251 1948        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:11:22.0251 1948        MsMpSvc - ok
14:11:22.0251 1948        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:22.0267 1948        MSPCLOCK - ok
14:11:22.0282 1948        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:11:22.0298 1948        MSPQM - ok
14:11:22.0298 1948        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:11:22.0313 1948        MsRPC - ok
14:11:22.0313 1948        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:11:22.0313 1948        mssmbios - ok
14:11:22.0313 1948        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:11:22.0345 1948        MSTEE - ok
14:11:22.0345 1948        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:11:22.0345 1948        MTConfig - ok
14:11:22.0345 1948        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
14:11:22.0345 1948        MTsensor - ok
14:11:22.0360 1948        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:11:22.0360 1948        Mup - ok
14:11:22.0360 1948        mvs91xx        (97cca67fcdabb8441149f04b34abf510) C:\Windows\system32\DRIVERS\mvs91xx.sys
14:11:22.0376 1948        mvs91xx - ok
14:11:22.0376 1948        MySQL - ok
14:11:22.0376 1948        NAL            (2dff58e4821866027388570eb78e73ed) C:\Windows\system32\Drivers\iqvw64e.sys
14:11:22.0376 1948        NAL - ok
14:11:22.0391 1948        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:11:22.0423 1948        napagent - ok
14:11:22.0423 1948        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:11:22.0438 1948        NativeWifiP - ok
14:11:22.0454 1948        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:11:22.0469 1948        NDIS - ok
14:11:22.0469 1948        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:11:22.0501 1948        NdisCap - ok
14:11:22.0501 1948        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:22.0516 1948        NdisTapi - ok
14:11:22.0516 1948        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:22.0547 1948        Ndisuio - ok
14:11:22.0547 1948        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:22.0579 1948        NdisWan - ok
14:11:22.0594 1948        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:11:22.0610 1948        NDProxy - ok
14:11:22.0625 1948        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:11:22.0657 1948        NetBIOS - ok
14:11:22.0672 1948        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:11:22.0703 1948        NetBT - ok
14:11:22.0703 1948        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:22.0703 1948        Netlogon - ok
14:11:22.0719 1948        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:11:22.0735 1948        Netman - ok
14:11:22.0750 1948        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:22.0766 1948        NetMsmqActivator - ok
14:11:22.0766 1948        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:22.0766 1948        NetPipeActivator - ok
14:11:22.0781 1948        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:11:22.0813 1948        netprofm - ok
14:11:22.0813 1948        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:22.0813 1948        NetTcpActivator - ok
14:11:22.0813 1948        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:22.0813 1948        NetTcpPortSharing - ok
14:11:22.0828 1948        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:11:22.0828 1948        nfrd960 - ok
14:11:22.0828 1948        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:11:22.0844 1948        NisDrv - ok
14:11:22.0844 1948        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:11:22.0859 1948        NisSrv - ok
14:11:22.0859 1948        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:11:22.0875 1948        NlaSvc - ok
14:11:22.0891 1948        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:11:22.0906 1948        Npfs - ok
14:11:22.0906 1948        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:11:22.0922 1948        nsi - ok
14:11:22.0922 1948        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:11:22.0937 1948        nsiproxy - ok
14:11:22.0984 1948        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:11:23.0000 1948        Ntfs - ok
14:11:23.0015 1948        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:11:23.0047 1948        Null - ok
14:11:23.0047 1948        nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:11:23.0047 1948        nusb3hub - ok
14:11:23.0047 1948        nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:11:23.0062 1948        nusb3xhc - ok
14:11:23.0062 1948        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:11:23.0062 1948        nvraid - ok
14:11:23.0078 1948        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:11:23.0078 1948        nvstor - ok
14:11:23.0078 1948        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:11:23.0093 1948        nv_agp - ok
14:11:23.0093 1948        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:11:23.0093 1948        ohci1394 - ok
14:11:23.0109 1948        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:23.0109 1948        ose - ok
14:11:23.0203 1948        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:11:23.0265 1948        osppsvc - ok
14:11:23.0296 1948        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:11:23.0312 1948        p2pimsvc - ok
14:11:23.0312 1948        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:11:23.0327 1948        p2psvc - ok
14:11:23.0327 1948        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:11:23.0343 1948        Parport - ok
14:11:23.0343 1948        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:11:23.0343 1948        partmgr - ok
14:11:23.0359 1948        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:11:23.0359 1948        PcaSvc - ok
14:11:23.0359 1948        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:11:23.0374 1948        pci - ok
14:11:23.0374 1948        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:11:23.0374 1948        pciide - ok
14:11:23.0390 1948        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:11:23.0390 1948        pcmcia - ok
14:11:23.0390 1948        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:11:23.0405 1948        pcw - ok
14:11:23.0405 1948        PDFProFiltSrv  (7e6ff5e2efc174201cf8c47b8a853647) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
14:11:23.0421 1948        PDFProFiltSrv - ok
14:11:23.0421 1948        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:11:23.0452 1948        PEAUTH - ok
14:11:23.0483 1948        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:11:23.0499 1948        PeerDistSvc - ok
14:11:23.0764 1948        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:11:23.0764 1948        PerfHost - ok
14:11:23.0873 1948        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:11:23.0905 1948        pla - ok
14:11:23.0920 1948        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:11:23.0936 1948        PlugPlay - ok
14:11:23.0936 1948        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:11:23.0936 1948        PNRPAutoReg - ok
14:11:23.0951 1948        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:11:23.0951 1948        PNRPsvc - ok
14:11:23.0951 1948        Point64        (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:11:23.0967 1948        Point64 - ok
14:11:23.0967 1948        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:11:23.0998 1948        PolicyAgent - ok
14:11:23.0998 1948        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:11:24.0014 1948        Power - ok
14:11:24.0029 1948        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:11:24.0045 1948        PptpMiniport - ok
14:11:24.0045 1948        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:11:24.0061 1948        Processor - ok
14:11:24.0061 1948        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:11:24.0076 1948        ProfSvc - ok
14:11:24.0076 1948        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:24.0092 1948        ProtectedStorage - ok
14:11:24.0092 1948        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:11:24.0107 1948        Psched - ok
14:11:24.0139 1948        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:11:24.0170 1948        ql2300 - ok
14:11:24.0185 1948        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:11:24.0185 1948        ql40xx - ok
14:11:24.0201 1948        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:11:24.0217 1948        QWAVE - ok
14:11:24.0217 1948        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:11:24.0217 1948        QWAVEdrv - ok
14:11:24.0217 1948        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:11:24.0232 1948        RasAcd - ok
14:11:24.0248 1948        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:11:24.0263 1948        RasAgileVpn - ok
14:11:24.0263 1948        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:11:24.0279 1948        RasAuto - ok
14:11:24.0295 1948        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:24.0310 1948        Rasl2tp - ok
14:11:24.0310 1948        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:11:24.0341 1948        RasMan - ok
14:11:24.0341 1948        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:24.0357 1948        RasPppoe - ok
14:11:24.0357 1948        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:11:24.0388 1948        RasSstp - ok
14:11:24.0388 1948        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:11:24.0404 1948        rdbss - ok
14:11:24.0419 1948        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:11:24.0419 1948        rdpbus - ok
14:11:24.0419 1948        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:24.0435 1948        RDPCDD - ok
14:11:24.0451 1948        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:11:24.0451 1948        RDPDR - ok
14:11:24.0451 1948        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:11:24.0466 1948        RDPENCDD - ok
14:11:24.0466 1948        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:11:24.0497 1948        RDPREFMP - ok
14:11:24.0497 1948        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:11:24.0497 1948        RdpVideoMiniport - ok
14:11:24.0497 1948        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:11:24.0513 1948        RDPWD - ok
14:11:24.0513 1948        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:11:24.0529 1948        rdyboost - ok
14:11:24.0529 1948        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:11:24.0544 1948        RemoteAccess - ok
14:11:24.0560 1948        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:11:24.0575 1948        RemoteRegistry - ok
14:11:24.0591 1948        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:11:24.0622 1948        RpcEptMapper - ok
14:11:24.0622 1948        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:11:24.0638 1948        RpcLocator - ok
14:11:24.0731 1948        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:11:24.0747 1948        RpcSs - ok
14:11:24.0763 1948        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:11:24.0778 1948        rspndr - ok
14:11:24.0809 1948        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:11:24.0825 1948        RTL8167 - ok
14:11:24.0825 1948        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:11:24.0825 1948        s3cap - ok
14:11:24.0825 1948        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:24.0841 1948        SamSs - ok
14:11:24.0841 1948        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:11:24.0856 1948        sbp2port - ok
14:11:24.0856 1948        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:11:24.0872 1948        SCardSvr - ok
14:11:24.0887 1948        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:11:24.0903 1948        scfilter - ok
14:11:24.0919 1948        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:11:24.0950 1948        Schedule - ok
14:11:24.0965 1948        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:11:24.0981 1948        SCPolicySvc - ok
14:11:24.0981 1948        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:11:24.0981 1948        SDRSVC - ok
14:11:24.0997 1948        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:11:25.0012 1948        secdrv - ok
14:11:25.0012 1948        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:11:25.0028 1948        seclogon - ok
14:11:25.0028 1948        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:11:25.0059 1948        SENS - ok
14:11:25.0059 1948        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:11:25.0059 1948        SensrSvc - ok
14:11:25.0059 1948        Ser2pl          (3dc3ec72952bd60c438e397781ff0572) C:\Windows\system32\DRIVERS\ser2pl64.sys
14:11:25.0075 1948        Ser2pl - ok
14:11:25.0075 1948        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:11:25.0075 1948        Serenum - ok
14:11:25.0090 1948        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:11:25.0090 1948        Serial - ok
14:11:25.0090 1948        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:11:25.0090 1948        sermouse - ok
14:11:25.0106 1948        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:11:25.0121 1948        SessionEnv - ok
14:11:25.0121 1948        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:11:25.0137 1948        sffdisk - ok
14:11:25.0137 1948        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:11:25.0137 1948        sffp_mmc - ok
14:11:25.0137 1948        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:11:25.0153 1948        sffp_sd - ok
14:11:25.0153 1948        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:11:25.0153 1948        sfloppy - ok
14:11:25.0168 1948        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:11:25.0184 1948        SharedAccess - ok
14:11:25.0199 1948        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:11:25.0215 1948        ShellHWDetection - ok
14:11:25.0215 1948        Si3124r5        (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\DRIVERS\Si3124r5.sys
14:11:25.0231 1948        Si3124r5 - ok
14:11:25.0231 1948        SiFilter        (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\DRIVERS\SiWinAcc.sys
14:11:25.0231 1948        SiFilter - ok
14:11:25.0231 1948        SiRemFil        (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\DRIVERS\SiRemFil.sys
14:11:25.0246 1948        SiRemFil - ok
14:11:25.0246 1948        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:11:25.0246 1948        SiSRaid2 - ok
14:11:25.0246 1948        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:11:25.0262 1948        SiSRaid4 - ok
14:11:25.0262 1948        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:11:25.0277 1948        Smb - ok
14:11:25.0293 1948        snapman        (bbfb94699c8c265a6af5fd51bde26dfc) C:\Windows\system32\DRIVERS\snapman.sys
14:11:25.0293 1948        snapman - ok
14:11:25.0293 1948        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:11:25.0309 1948        SNMPTRAP - ok
14:11:25.0309 1948        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:11:25.0309 1948        spldr - ok
14:11:25.0324 1948        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:11:25.0355 1948        Spooler - ok
14:11:25.0418 1948        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:11:25.0480 1948        sppsvc - ok
14:11:25.0496 1948        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:11:25.0511 1948        sppuinotify - ok
14:11:25.0527 1948        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:11:25.0543 1948        srv - ok
14:11:25.0543 1948        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:11:25.0558 1948        srv2 - ok
14:11:25.0558 1948        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:11:25.0558 1948        srvnet - ok
14:11:25.0574 1948        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:11:25.0605 1948        SSDPSRV - ok
14:11:25.0605 1948        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:11:25.0636 1948        SstpSvc - ok
14:11:25.0667 1948        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:11:25.0667 1948        stexstor - ok
14:11:25.0745 1948        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:11:25.0761 1948        stisvc - ok
14:11:25.0761 1948        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:11:25.0761 1948        storflt - ok
14:11:25.0777 1948        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:11:25.0777 1948        storvsc - ok
14:11:25.0777 1948        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:11:25.0777 1948        swenum - ok
14:11:25.0792 1948        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:11:25.0823 1948        swprv - ok
14:11:25.0948 1948        syncagentsrv    (60cd74de7993661649093da9a94987bd) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
14:11:26.0011 1948        syncagentsrv - ok
14:11:26.0042 1948        Synth3dVsc - ok
14:11:26.0073 1948        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:11:26.0104 1948        SysMain - ok
14:11:26.0120 1948        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:11:26.0120 1948        TabletInputService - ok
14:11:26.0135 1948        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:11:26.0151 1948        TapiSrv - ok
14:11:26.0167 1948        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:11:26.0182 1948        TBS - ok
14:11:26.0213 1948        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:11:26.0245 1948        Tcpip - ok
14:11:26.0307 1948        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:11:26.0323 1948        TCPIP6 - ok
14:11:26.0338 1948        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:11:26.0369 1948        tcpipreg - ok
14:11:26.0369 1948        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:11:26.0369 1948        TDPIPE - ok
14:11:26.0401 1948        tdrpman        (9c1a823d4e729c965167b6e71e984296) C:\Windows\system32\DRIVERS\tdrpman.sys
14:11:26.0416 1948        tdrpman - ok
14:11:26.0416 1948        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:11:26.0432 1948        TDTCP - ok
14:11:26.0432 1948        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:11:26.0447 1948        tdx - ok
14:11:26.0447 1948        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:11:26.0447 1948        TermDD - ok
14:11:26.0463 1948        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:11:26.0494 1948        TermService - ok
14:11:26.0494 1948        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:11:26.0510 1948        Themes - ok
14:11:26.0510 1948        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:11:26.0525 1948        THREADORDER - ok
14:11:26.0541 1948        timounter      (990447334615a0db84f620e1426dcfe0) C:\Windows\system32\DRIVERS\timntr.sys
14:11:26.0557 1948        timounter - ok
14:11:26.0572 1948        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:11:26.0588 1948        TrkWks - ok
14:11:26.0588 1948        truecrypt      (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
14:11:26.0603 1948        truecrypt - ok
14:11:26.0619 1948        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:11:26.0635 1948        TrustedInstaller - ok
14:11:26.0666 1948        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:26.0681 1948        tssecsrv - ok
14:11:26.0681 1948        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:11:26.0697 1948        TsUsbFlt - ok
14:11:26.0697 1948        tsusbhub - ok
14:11:26.0697 1948        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:11:26.0728 1948        tunnel - ok
14:11:26.0791 1948        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:11:26.0791 1948        uagp35 - ok
14:11:26.0806 1948        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:11:26.0822 1948        udfs - ok
14:11:26.0837 1948        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:11:26.0837 1948        UI0Detect - ok
14:11:26.0837 1948        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:11:26.0853 1948        uliagpkx - ok
14:11:26.0853 1948        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:11:26.0853 1948        umbus - ok
14:11:26.0853 1948        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:11:26.0869 1948        UmPass - ok
14:11:26.0869 1948        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:11:26.0869 1948        UmRdpService - ok
14:11:26.0884 1948        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:11:26.0900 1948        upnphost - ok
14:11:26.0915 1948        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:11:26.0915 1948        usbaudio - ok
14:11:26.0915 1948        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:26.0931 1948        usbccgp - ok
14:11:26.0931 1948        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:11:26.0947 1948        usbcir - ok
14:11:26.0947 1948        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:11:26.0947 1948        usbehci - ok
14:11:26.0962 1948        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:11:26.0962 1948        usbhub - ok
14:11:26.0962 1948        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:11:26.0978 1948        usbohci - ok
14:11:26.0978 1948        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:11:26.0978 1948        usbprint - ok
14:11:26.0978 1948        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:11:26.0993 1948        usbscan - ok
14:11:26.0993 1948        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:26.0993 1948        USBSTOR - ok
14:11:26.0993 1948        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:11:27.0009 1948        usbuhci - ok
14:11:27.0009 1948        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:11:27.0025 1948        UxSms - ok
14:11:27.0025 1948        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:27.0040 1948        VaultSvc - ok
14:11:27.0040 1948        VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
14:11:27.0040 1948        VClone - ok
14:11:27.0040 1948        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:11:27.0056 1948        vdrvroot - ok
14:11:27.0056 1948        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:11:27.0087 1948        vds - ok
14:11:27.0087 1948        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:27.0087 1948        vga - ok
14:11:27.0103 1948        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:11:27.0118 1948        VgaSave - ok
14:11:27.0118 1948        VGPU - ok
14:11:27.0118 1948        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:11:27.0134 1948        vhdmp - ok
14:11:27.0134 1948        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:11:27.0134 1948        viaide - ok
14:11:27.0149 1948        vididr          (ee12faffdd1fb13be0d6ef67cb0d1617) C:\Windows\system32\DRIVERS\vididr.sys
14:11:27.0149 1948        vididr - ok
14:11:27.0149 1948        vidsflt61      (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys
14:11:27.0165 1948        vidsflt61 - ok
14:11:27.0165 1948        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:11:27.0165 1948        vmbus - ok
14:11:27.0181 1948        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:11:27.0181 1948        VMBusHID - ok
14:11:27.0181 1948        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:11:27.0181 1948        volmgr - ok
14:11:27.0196 1948        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:11:27.0212 1948        volmgrx - ok
14:11:27.0212 1948        volsnap        (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
14:11:27.0227 1948        volsnap - ok
14:11:27.0227 1948        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:11:27.0227 1948        vsmraid - ok
14:11:27.0274 1948        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:11:27.0305 1948        VSS - ok
14:11:27.0321 1948        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:11:27.0337 1948        vwifibus - ok
14:11:27.0337 1948        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:11:27.0368 1948        W32Time - ok
14:11:27.0368 1948        W3SVC          (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
14:11:27.0383 1948        W3SVC - ok
14:11:27.0383 1948        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:11:27.0383 1948        WacomPen - ok
14:11:27.0399 1948        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:27.0415 1948        WANARP - ok
14:11:27.0415 1948        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:27.0430 1948        Wanarpv6 - ok
14:11:27.0430 1948        WAS            (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
14:11:27.0446 1948        WAS - ok
14:11:27.0461 1948        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:11:27.0493 1948        WatAdminSvc - ok
14:11:27.0524 1948        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:11:27.0539 1948        wbengine - ok
14:11:27.0571 1948        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:11:27.0571 1948        WbioSrvc - ok
14:11:27.0586 1948        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:11:27.0602 1948        wcncsvc - ok
14:11:27.0602 1948        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:11:27.0602 1948        WcsPlugInService - ok
14:11:27.0602 1948        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:11:27.0617 1948        Wd - ok
14:11:27.0633 1948        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:11:27.0633 1948        Wdf01000 - ok
14:11:27.0649 1948        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:11:27.0695 1948        WdiServiceHost - ok
14:11:27.0695 1948        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:11:27.0695 1948        WdiSystemHost - ok
14:11:27.0805 1948        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:11:27.0820 1948        WebClient - ok
14:11:27.0836 1948        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:11:27.0851 1948        Wecsvc - ok
14:11:27.0851 1948        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:11:27.0883 1948        wercplsupport - ok
14:11:27.0883 1948        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:11:27.0898 1948        WerSvc - ok
14:11:27.0898 1948        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:11:27.0914 1948        WfpLwf - ok
14:11:27.0929 1948        WimFltr        (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
14:11:27.0929 1948        WimFltr - ok
14:11:27.0929 1948        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:11:27.0945 1948        WIMMount - ok
14:11:27.0945 1948        WinDefend - ok
14:11:27.0945 1948        WinHttpAutoProxySvc - ok
14:11:27.0961 1948        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:11:27.0976 1948        Winmgmt - ok
14:11:28.0023 1948        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:11:28.0054 1948        WinRM - ok
14:11:28.0085 1948        winusb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\winusb.sys
14:11:28.0085 1948        winusb - ok
14:11:28.0101 1948        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:11:28.0132 1948        Wlansvc - ok
14:11:28.0132 1948        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:11:28.0132 1948        wlcrasvc - ok
14:11:28.0179 1948        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:11:28.0210 1948        wlidsvc - ok
14:11:28.0241 1948        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:11:28.0241 1948        WmiAcpi - ok
14:11:28.0257 1948        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:11:28.0257 1948        wmiApSrv - ok
14:11:28.0257 1948        WMPNetworkSvc - ok
14:11:28.0257 1948        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:11:28.0273 1948        WPCSvc - ok
14:11:28.0273 1948        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:11:28.0288 1948        WPDBusEnum - ok
14:11:28.0288 1948        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:11:28.0304 1948        ws2ifsl - ok
14:11:28.0304 1948        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:11:28.0319 1948        wscsvc - ok
14:11:28.0319 1948        WSearch - ok
14:11:28.0366 1948        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:11:28.0413 1948        wuauserv - ok
14:11:28.0429 1948        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:11:28.0460 1948        WudfPf - ok
14:11:28.0460 1948        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:28.0475 1948        WUDFRd - ok
14:11:28.0475 1948        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:11:28.0507 1948        wudfsvc - ok
14:11:28.0507 1948        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:11:28.0522 1948        WwanSvc - ok
14:11:28.0538 1948        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:11:28.0569 1948        \Device\Harddisk0\DR0 - ok
14:11:28.0569 1948        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:11:28.0585 1948        \Device\Harddisk2\DR2 - ok
14:11:28.0585 1948        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:11:28.0647 1948        \Device\Harddisk1\DR1 - ok
14:11:28.0647 1948        Boot (0x1200)  (0c2942db6d17046c244316317f7dfa25) \Device\Harddisk0\DR0\Partition0
14:11:28.0647 1948        \Device\Harddisk0\DR0\Partition0 - ok
14:11:28.0647 1948        Boot (0x1200)  (4c9003ff4dab3e6c4d0251a65f1a99b7) \Device\Harddisk2\DR2\Partition0
14:11:28.0647 1948        \Device\Harddisk2\DR2\Partition0 - ok
14:11:28.0647 1948        Boot (0x1200)  (a3905a87e5a1e8adaaf8026d46e71338) \Device\Harddisk1\DR1\Partition0
14:11:28.0647 1948        \Device\Harddisk1\DR1\Partition0 - ok
14:11:28.0647 1948        Boot (0x1200)  (7983e97fff75d03a2ac303b3aae1e8d9) \Device\Harddisk1\DR1\Partition1
14:11:28.0647 1948        \Device\Harddisk1\DR1\Partition1 - ok
14:11:28.0647 1948        ============================================================
14:11:28.0647 1948        Scan finished
14:11:28.0647 1948        ============================================================
14:11:28.0647 5440        Detected object count: 2
14:11:28.0647 5440        Actual detected object count: 2
14:11:41.0907 5440        DAZContentManagementService ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:41.0907 5440        DAZContentManagementService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:41.0907 5440        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:41.0907 5440        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 03.06.2012 13:37
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ambit01 03.06.2012 14:42
Done:
[code]
Combofix Logfile:
Code:
ComboFix 12-06-03.01 - Adrian ***** 03.06.2012  15:09:27.1.12 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.41.1031.18.16360.13489 [GMT 2:00]
ausgeführt von:: c:\users\Adrian *****\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-03 bis 2012-06-03  ))))))))))))))))))))))))))))))
.
.
2012-06-03 12:39 . 2012-06-03 12:39        --------        d-----w-        c:\users\Adrian *****\AppData\Local\Google
2012-06-03 12:14 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB5F5EA7-1E13-4D0E-89FC-98DFF164CDBC}\mpengine.dll
2012-06-02 21:57 . 2012-06-02 22:00        --------        d-----w-        C:\Blog
2012-06-02 20:02 . 2012-06-02 20:02        --------        d-----w-        C:\_OTL
2012-06-02 10:07 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 21:39 . 2012-05-31 20:31        595968        ----a-w-        C:\OTL.exe
2012-05-31 16:49 . 2012-06-02 11:15        --------        d-----w-        c:\program files (x86)\Panda Security
2012-05-31 10:56 . 2012-05-31 10:56        --------        d-----w-        c:\program files (x86)\ESET
2012-05-31 07:56 . 2012-05-31 08:18        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2012-05-31 07:56 . 2012-05-31 07:58        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2012-05-30 16:07 . 2012-05-30 16:07        --------        d-----w-        c:\users\Adrian *****\AppData\Roaming\Malwarebytes
2012-05-30 16:07 . 2012-05-30 16:07        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-30 14:59 . 2012-05-30 14:59        --------        d-----w-        c:\programdata\Samsung
2012-05-24 22:15 . 2012-05-24 22:15        --------        d-----w-        c:\users\Adrian *****\AppData\Roaming\FrontDesign
2012-05-24 22:14 . 2012-05-24 22:14        --------        d-----w-        c:\program files (x86)\FrontDesign
2012-05-21 17:34 . 2012-05-30 14:53        --------        d-----w-        c:\users\a0273787
2012-05-21 16:53 . 2012-05-21 16:53        --------        d-----w-        c:\users\Adrian *****\AppData\Roaming\Crosshairs Embedded
2012-05-21 16:20 . 2012-05-30 19:04        --------        d-----w-        c:\users\Adrian *****\AppData\Roaming\controlSUITE
2012-05-21 16:17 . 2012-05-21 16:19        --------        d-----w-        c:\program files\controlSUITE
2012-05-15 12:35 . 2012-05-15 12:34        955848        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-05-15 12:31 . 2012-05-15 12:31        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-05-15 12:26 . 2012-04-04 16:47        772504        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-05-14 21:01 . 2012-05-14 21:01        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-05-12 17:11 . 2012-05-12 17:11        --------        d-----w-        c:\programdata\Ant
2012-05-12 10:36 . 2012-05-12 10:36        --------        d--h--w-        c:\programdata\Common Files
2012-05-12 10:31 . 2012-05-12 15:53        --------        d-----w-        c:\programdata\MFAData
2012-05-11 23:56 . 2012-05-11 23:56        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-05-10 22:10 . 2008-01-18 23:10        154168        ----a-w-        c:\windows\system32\drivers\WimFltr.sys
2012-05-10 20:25 . 2012-05-10 20:25        --------        d-----w-        c:\program files\Windows Imaging
2012-05-10 20:25 . 2012-05-10 20:25        --------        d-----w-        c:\program files\Windows AIK
2012-05-10 11:01 . 2012-04-21 01:16        43960        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-10 11:01 . 2012-04-21 01:16        157352        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-10 11:01 . 2012-04-21 01:16        129976        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-10 11:01 . 2012-04-21 01:16        588728        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-10 11:01 . 2012-04-21 01:15        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-10 11:01 . 2012-04-21 01:15        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-10 11:01 . 2012-04-21 01:15        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-09 15:05 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-09 15:05 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-09 15:05 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-09 15:05 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 15:05 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 15:05 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys
2012-05-09 15:05 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-09 15:03 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 15:03 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 15:03 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:03 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 15:03 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:03 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-07 17:43 . 2012-06-02 10:42        --------        d-----w-        c:\users\Adrian *****\AppData\Roaming\AllDup
2012-05-07 17:43 . 2012-05-07 17:43        --------        d-----w-        c:\programdata\AllDup
2012-05-07 17:43 . 2010-10-13 04:42        2369456        ----a-w-        c:\windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx
2012-05-07 17:43 . 2010-06-11 07:50        89888        ----a-w-        c:\windows\SysWow64\mtFrame.ocx
2012-05-07 17:43 . 2010-03-25 07:33        171752        ----a-w-        c:\windows\SysWow64\mtRTF2.ocx
2012-05-07 17:43 . 2009-12-29 15:00        1000992        ----a-w-        c:\windows\SysWow64\TList8.ocx
2012-05-07 17:43 . 2009-10-12 21:02        44736        ----a-w-        c:\windows\SysWow64\mtSubclass.dll
2012-05-07 17:43 . 2009-10-12 21:01        77504        ----a-w-        c:\windows\SysWow64\mtScrollContainer.ocx
2012-05-07 17:43 . 2008-01-29 04:57        450560        ----a-w-        c:\windows\SysWow64\fldrvw90.ocx
2012-05-07 17:43 . 2010-08-20 18:53        86016        ----a-w-        c:\windows\SysWow64\mtSplitter.ocx
2012-05-07 17:43 . 2012-05-07 17:43        --------        d-----w-        c:\program files (x86)\AllDup
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 15:35 . 2006-11-01 11:07        334720        ----a-w-        c:\windows\system32\RootkitRevealer.exe
2012-05-15 12:34 . 2011-11-05 09:33        839112        ----a-w-        c:\windows\system32\deployJava1.dll
2012-05-04 08:21 . 2012-05-04 08:21        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CE42E1C-E1AB-4A9C-B000-68B8CD41F3DC}\gapaengine.dll
2012-04-22 09:04 . 2012-04-22 09:04        159527        ----a-w-        c:\windows\FlyChart Uninstaller.exe
2012-04-22 09:03 . 2012-04-22 08:59        159866        ----a-w-        c:\windows\FlyChart Uninstaller.exe.bak
2012-04-04 16:47 . 2012-01-21 20:23        687504        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-03 15:10 . 2012-04-03 15:10        418464        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 15:10 . 2011-08-23 13:12        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-26 23:42 . 2012-03-26 23:42        138360        ----a-w-        c:\windows\SysWow64\drivers\AnyDVD.sys
2012-03-26 23:42 . 2012-03-26 23:42        138360        ----a-w-        c:\windows\system32\drivers\AnyDVD.sys
2012-03-20 18:44 . 2012-03-20 18:44        98688        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44        203888        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2012-03-19 16:09 . 2012-03-19 16:09        49152        ----a-w-        c:\windows\system32\AntUsbCIv2.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 116648]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gpslc64;gpslc64;c:\windows\system32\Drivers\gpslc64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 116648]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
R4 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-29 3483600]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe [2011-08-09 918144]
R4 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe [2011-08-09 947328]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
R4 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.08\AsusFanControlService.exe [2011-09-19 1406080]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R4 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-08-26 134944]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5899240]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 MsDepSvc;Webbereitstellungs-Agent-Dienst;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:10]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 12:39]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 12:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-01 12856936]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.heise.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Adrian *****\AppData\Roaming\Mozilla\Firefox\Profiles\k00bo4vt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-DS4 Default Content 4.0.0.16 - c:\3d\DAZ 3D\Studio\My Library\Uninstallers\Remove-DS4 Default Content.exe
AddRemove-iNTERNET Turbo - c:\program files (x86)\iNTERNET Turbo\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Adrian *****\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-03  15:30:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-03 13:30
.
Vor Suchlauf: 9 Verzeichnis(se), 50'661'609'472 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 50'132'103'168 Bytes frei
.
- - End Of File - - A9AFCDB1B8979A93CB6A6BF4E70D7755
--- --- ---

cosinus 03.06.2012 16:27
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

ambit01 03.06.2012 17:02
Erster Versuch 'abgestürzt'. Dann mit AV scan: none

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 17:59:32
-----------------------------
17:59:32.621    OS Version: Windows x64 6.1.7601 Service Pack 1
17:59:32.621    Number of processors: 12 586 0x2D06
17:59:32.621    ComputerName: MY-PC  UserName:
17:59:32.933    Initialize success
17:59:35.304    AVAST engine defs: 12060300
17:59:42.246    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\Si3124r51Port0Path0Target10Lun0
17:59:42.246    Disk 0 Vendor: SiImage_ 0000 Size: 228963MB BusType: 8
17:59:42.246    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
17:59:42.246    Disk 1 Vendor: OCZ-VERTEX4 1.4 Size: 244198MB BusType: 11
17:59:42.246    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
17:59:42.246    Disk 2 Vendor: OCZ-AGILITY3 2.08 Size: 228936MB BusType: 11
17:59:42.246    Disk 1 MBR read successfully
17:59:42.246    Disk 1 MBR scan
17:59:42.262    Disk 1 Windows 7 default MBR code
17:59:42.262    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:59:42.262    Disk 1 Partition 2 00    07    HPFS/NTFS NTFS      244097 MB offset 206848
17:59:42.262    Disk 1 scanning C:\Windows\system32\drivers
17:59:44.461    Service scanning
17:59:50.483    Modules scanning
17:59:50.483    Disk 1 trace - called modules:
17:59:50.483    ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:59:50.483    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800e84a790]
17:59:50.483    3 CLASSPNP.SYS[fffff8800174d43f] -> nt!IofCallDriver -> [0xfffffa800e7b8e10]
17:59:50.483    5 vsflt61.sys[fffff88000fa60fd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800d1a1680]
17:59:50.498    Scan finished successfully
18:00:02.573    Disk 1 MBR has been saved successfully to "C:\Users\Adrian *****\Desktop\MBR.dat"
18:00:02.573    The log file has been saved successfully to "C:\Users\Adrian *****\Desktop\aswMBR.txt"

cosinus 03.06.2012 18:00
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ambit01 03.06.2012 19:09
Malwarebytes auch diesmal nichts gefunden:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Adrian ***** :: MY-PC [Administrator]

Schutz: Deaktiviert

03.06.2012 19:45:12
mbam-log-2012-06-03 (19-45-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 663443
Laufzeit: 13 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 03.06.2012 19:21
Das doch schonmal :daumenhoc

ambit01 03.06.2012 22:43
SUPERAntiSpaware hat 900 Threats gefunden. 893 Cookies und 7 Files. Leider ist es beim Öffnen des Logs dann abgestürzt.

Habe mir die Files aber vorher angesehen. Alles Fehlalarme. So bezeichnete SASW zum Beispiel die Software für meine Panasonic-Objektive als Virus.

Lasse es später nochmals laufen. Dauert über 40 Minuten.

cosinus 04.06.2012 10:29
Ist das Log nicht mehr greifbar oder hat das einen anderen Grund, dass du SASW nochmal scannen lässt :confused:

ambit01 04.06.2012 11:34
Liste der Anhänge anzeigen (Anzahl: 1)
Das Logfile wurde nicht gespeichert!?

Hängt vielleicht damit zusammen, dass ich seit dem OTL-Fix einige Berechtigungen verloren habe.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:04 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27