Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   my srart by incredibar ..... mich hat´s auch erwischt! (https://www.trojaner-board.de/118356-my-srart-by-incredibar-mich-hat-s-erwischt.html)

hai123 02.07.2012 18:48
my srart by incredibar ..... mich hat´s auch erwischt!
 
Hallo,
habe das selbe Problem wie hier schon des öfteren beschrieben : Beim downloaden von pdfcreator - jetzt hab ich auch diesen incredibar-Schrott.
Bin leider nicht sehr versiert, hoffe aber, das mir da ein freundlicher Mensch weiterhelfen kann. Danke schon mal im Voraus:
Malwarebytes hat ein Objekt gefunden. Das wurde gelöscht.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxxxxxxxxxxxx :: xxxxxxxxxxxx-PC [Administrator]

02.07.2012 12:49:30
mbam-log-2012-07-02 (12-49-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 290504
Laufzeit: 1 Stunde(n), 2 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{E9073B6D-D2AA-4B27-9A82-3F3042106810} (Trojan.ZbotR.Gen) -> Daten: "C:\Users\xxxxxxxxxxxxxxx\AppData\Roaming\Obfyh\viqaodl.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Vorher hat ein scan mit avira 2 Funde gezeigt:

ADWARE/Multplug.A.1 ist jetzt noch in avira quarantäne, der andere,
mit dem selben Namen( in etwa ) wurde leider gelöscht.

Malwarebytes hatte das Teil nicht gefunden.

Wäre schön, wenn Ihr mir helfen könnt. Bis auf weiteres
RS

INCREDIBAR IST JETZT WIDER WEG!!!!!!!!Vielen Dank an das Board!!!!!!!!!!!!!!!!!


Hallo,
bei mir ist die toolbar jetzt verschwunden, nach dem Einsatz von ADW-Cleaner:
Das ging ganz schnell - noch nicht mal eine Minute!
Und das nach eset mit einem Suchlauf, der fast 5 Stunden dauerte.
Ich habe gedacht, dass schaffe ich nie.
Ob es das jetzt war? Das wäre schön.

# AdwCleaner v1.701 - Logfile created 07/03/2012 at 08:34:08
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : -PC
# Running from : C:\Users\\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\\AppData\LocalLow\Incredibar.com
Folder Deleted : C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\extensions\ffxtlbr@incredibar.com
Folder Deleted : C:\Program Files\Incredibar.com
Folder Deleted : C:\Program Files\Web Assistant
File Deleted : C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\searchplugins\MyStart Search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Incredibar.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb139?a=6R8xKADKKA&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\prefs.js

C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6R8xKADKKA&loc=FF_NT");
Deleted : user_pref("browser.startup.homepage", "hxxp://Mystart.incredibar.com/mb124");
Deleted : user_pref("extensions.enabledAddons", "jl@leimbach-it.de:2.5,shopclever@extension:1.1.0.0,{9AA46F4F-[...]
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10669");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "0BE9D29A08051BDEE6C785E75DD9B082");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "98cd8f01000000000000001e90e9e576");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15523");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1410:27:28");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "123%5F1");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8xKADKKA&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8xKADKKA");
Deleted : user_pref("extensions.incredibar.upn2n", "92824634881737608");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1410:27:28");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10669");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "98cd8f01000000000000001e90e9e576");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15523");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "123%5F1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8xKADKKA&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8xKADKKA");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824634881737608");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1410:27:28");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8xKADKKA&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [11189 octets] - [03/07/2012 08:30:07]
AdwCleaner[S1].txt - [11546 octets] - [03/07/2012 08:34:08]

########## EOF - C:\AdwCleaner[S1].txt - [11675 octets] ##########

cosinus 04.07.2012 11:20
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

hai123 04.07.2012 13:34
Hallo,
hier die gewünschten Dateien.
Gruß
RS

********************************************************************


Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.02.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxxxxxxxxxxx :: xxxxxxxxxxxxxxxx-PC [Administrator]

02.07.2012 12:49:30
mbam-log-2012-07-02 (12-49-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 290504
Laufzeit: 1 Stunde(n), 2 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{E9073B6D-D2AA-4B27-9A82-3F3042106810} (Trojan.ZbotR.Gen) -> Daten: "C:\Users\xx\AppData\Roaming\Obfyh\viqaodl.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


*****************************************************************


Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.03.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-PC [Administrator]

03.07.2012 07:58:07
mbam-log-2012-07-03 (07-58-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 92435
Laufzeit: 30 Minute(n), 30 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hallo,
ich hab noch mal eine Frage:
das Problem haben scheinbar jene, die den pdf-creator pdfforge herunterladen.
Ich würde gerne einen pdf creator benutzen - vielleicht kann ich eine sichere Empfehlung erhalten. ( Produkt und Quelle )
Danke schon mal im Voraus und mit freundlichen Grüßen
RS

cosinus 05.07.2012 08:53
Zitat:
Ich würde gerne einen pdf creator benutzen - vielleicht kann ich eine sichere Empfehlung erhalten. ( Produkt und Quelle )
Ich nutze eigentlich unter Windows wenn überhaupt nur FreePDF
Ansonsten kann man eigentlich ohne Probleme unter MS-Office ab 2007 oder Open- und LibreOffice direkt als PDF speichern
Wozu genau braucht man diesen PDFCreator?

hai123 05.07.2012 09:11
Du hast recht, scheinbar geht das direkt unter open office. Das war mir unbekannt! Damit sollte ein separater pdf -Erzeuger eigentlich überflüssig sein.
Ich denke, es ist etwas umständlicher in der Handhabung......
Mal sehen, ob sich Deine Variante bewährt.
Danke erst einmal.
Gruß
RS

cosinus 05.07.2012 10:40
Du hast nicht erklärt wozu du den PDFCreator brauchst
Wenn man direkt aus Office Dateien PDFs machen willst druckt man die über den virtuellen PDF-Drucker von FreePDF in eine Datei oder man speichert sie direkt als PDF ab
Ansonsten kannst du jede beliebige andere Datei mit dem dazugehörigen Programm öffnen und über den FreePDF Drucker in eine PDF-Datei "drucken"

Wozu also genau der PDFCreator? :confused:

hai123 30.07.2012 11:53
Hi, ich möchte die Frage stellen, ob ich adwcleaner ganz normal, also präventiv von Zeit zu Zeit durchlaufen lassen kann, so wie meinetwegen Avira. Oder ist das nur dazu gedacht, im Falle der Infektion irgendetwas zu detektieren bzw zu löschen oder zu reparieren.

Danke schon mal im Voraus
Gruß
RS

cosinus 30.07.2012 18:02
Der adwCleaner löscht Toolbars und ähnlichen Werbemüll!
Ich finde du solltest mal deine allgemiene Strategie umdenken, meinst du nicht auch es wäre besser in Zukunft einfach mal besser aufzupassen was man sich installiert, anstatt alle Nase lang den Rechner von Müll zu befreien?! :wtf:

hai123 30.07.2012 19:19
Hi Cosinus, ich gebe Dir uneingeschränkt recht - seit der My Start Attacke bin ich vorsichtiger denn je. Ich denke, diese Lektion habe ich verstanden. Also software nur direkt vom Herausgeber und abschätzen, ob man das wirklich braucht oder nicht.Trotz allem hat mein Avira heute HTLM/FakeAV.AU gemeldet und in die Quarantäne gesteckt.
Ich glaube, das Internet ist wohl etwas tückischer geworden in der letzten Zeit. Mit solchen Problemen hatte ich in der Vergangenheit eher so gut wie nichts zu tun.
Dieses FakeAV.AU wurde danach weder von malwarebytes, eset, dawcleaner detektiert.
Ich denke, den werde ich erst mal vergessen. Siehst Du das ähnlich?
Viele Grüße
RS

cosinus 30.07.2012 21:01
Zitat:
Trotz allem hat mein Avira heute HTLM/FakeAV.AU gemeldet und in die Quarantäne gesteckt.
Damit kann ich nichts anfangen, wo ist das Log dazu?

hai123 31.07.2012 08:44
so sieht das aus:



Avira Free Antivirus
Report file date: Montag, 30. Juli 2012 12:00

Scanning for 4004920 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Professional
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : xxxxxxxxxxxxxxxx-PC

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 09.05.2012 06:03:20
AVSCAN.DLL : 12.3.0.15 54736 Bytes 09.05.2012 06:03:20
LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 06:03:20
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 06:03:20
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 17:32:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:03:45
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:08:04
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 12:49:48
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 16:43:12
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 16:43:12
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 16:43:12
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 16:43:12
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 16:43:12
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 16:43:12
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 16:43:12
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 16:43:12
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 16:43:12
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 16:43:17
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 05:56:22
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 12:28:22
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 06:57:22
VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 18:00:23
VBASE019.VDF : 7.11.36.45 118784 Bytes 13.07.2012 10:16:20
VBASE020.VDF : 7.11.36.107 123904 Bytes 16.07.2012 14:28:49
VBASE021.VDF : 7.11.36.147 238592 Bytes 17.07.2012 15:27:09
VBASE022.VDF : 7.11.36.209 135168 Bytes 19.07.2012 16:14:14
VBASE023.VDF : 7.11.37.19 116224 Bytes 21.07.2012 11:27:15
VBASE024.VDF : 7.11.37.79 149504 Bytes 23.07.2012 08:16:58
VBASE025.VDF : 7.11.37.137 992256 Bytes 25.07.2012 08:16:59
VBASE026.VDF : 7.11.37.195 120832 Bytes 26.07.2012 08:16:59
VBASE027.VDF : 7.11.37.196 2048 Bytes 26.07.2012 08:17:00
VBASE028.VDF : 7.11.37.197 2048 Bytes 26.07.2012 08:17:00
VBASE029.VDF : 7.11.37.198 2048 Bytes 26.07.2012 08:17:00
VBASE030.VDF : 7.11.37.199 2048 Bytes 26.07.2012 08:17:00
VBASE031.VDF : 7.11.37.248 142336 Bytes 29.07.2012 15:10:25
Engine version : 8.2.10.120
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 14:45:01
AESCRIPT.DLL : 8.1.4.36 459131 Bytes 28.07.2012 08:17:03
AESCN.DLL : 8.1.8.2 131444 Bytes 29.01.2012 09:30:15
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 07:09:24
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.3.0.18 807287 Bytes 28.07.2012 08:17:03
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 21.07.2012 11:27:19
AEHEUR.DLL : 8.1.4.80 5075318 Bytes 28.07.2012 08:17:02
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 05:47:20
AEGEN.DLL : 8.1.5.34 434548 Bytes 21.07.2012 11:27:16
AEEXP.DLL : 8.1.0.72 86389 Bytes 28.07.2012 08:17:03
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 14:45:01
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 14:45:00
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 06:03:20
AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 06:03:20
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 06:03:20
AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 06:03:20
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 06:03:20
SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 06:03:20
AVSMTP.DLL : 12.3.0.15 63440 Bytes 09.05.2012 06:03:20
NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 06:03:20
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 09.05.2012 06:03:20
RCTEXT.DLL : 12.3.0.15 96720 Bytes 09.05.2012 06:03:20

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Montag, 30. Juli 2012 12:00

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_268.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_268.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'thunderbird.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'googledrivesync.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'phonostarTimer.exe' - '1' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '1' Module(s) have been scanned
Scan process 'googledrivesync.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wmdc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Fuel.Service.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'aavus.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'atieclxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '3016' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\SpeedFan\uninstall.exe
[WARNING] Invalid end of file
C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V1XR1O6K\swflash[1].cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\135r9kpp.default\Cache\9\71\867CAd01
[DETECTION] Contains recognition pattern of the HTML/FakeAV.AU HTML script virus
C:\Users\\AppData\Local\Temp\install_flashplayer11x32_mssd_aih(1).exe
[WARNING] The file is password protected
C:\Users\\AppData\Local\Temp\jar_cache185021671257598841.tmp
[WARNING] Invalid end of file
C:\Users\\AppData\Local\Temp\jar_cache3832533257805597156.tmp
[WARNING] Invalid end of file
C:\Users\\AppData\Local\Temp\jar_cache389848016673712260.tmp
[WARNING] Invalid end of file
C:\Users\\AppData\Local\Temp\IM_6F77.tmp\terms.7z
[WARNING] The archive header is damaged
C:\Users\\AppData\LocalLow\Google\GoogleEarth\webdata\f_000004
[WARNING] Invalid end of file
C:\Users\\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\Roland Scholz\Downloads\install_flashplayer11x32_mssd_aih(1).exe
[WARNING] The file is password protected
C:\Users\\Downloads\install_flashplayer11x32_mssd_aih.exe
[WARNING] The file is password protected
C:\Windows\SoftwareDistribution\Download\73359e52f84f08cc68c71cf422b798bb\BIT4A4.tmp
[WARNING] The archive header is damaged
Begin scan in 'F:\' <Volume>
F:\-PC\Backup Set 2012-02-15 115516\Backup Files 2012-02-15 115516\Backup files 13.zip
[WARNING] The file is password protected
F:\-PC\Backup Set 2012-03-04 092405\Backup Files 2012-03-04 092405\Backup files 15.zip
[WARNING] The file is password protected
F:\-PC\Backup Set 2012-03-25 143403\Backup Files 2012-03-25 143403\Backup files 15.zip
[WARNING] The file is password protected
F:\-PC\Backup Set 2012-04-08 150637\Backup Files 2012-04-08 150637\Backup files 12.zip
[WARNING] The file is password protected
F:\-PC\Backup Set 2012-04-30 081909\Backup Files 2012-04-30 081909\Backup files 17.zip
[WARNING] The file is password protected
F:\-PC\Backup Set 2012-05-20 101202\Backup Files 2012-05-20 101202\Backup files 17.zip
[WARNING] The file is password protected

Beginning disinfection:
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\135r9kpp.default\Cache\9\71\867CAd01
[DETECTION] Contains recognition pattern of the HTML/FakeAV.AU HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '55b8ddf1.qua'.


End of the scan: Montag, 30. Juli 2012 13:40
Used time: 1:40:01 Hour(s)

The scan has been canceled!

25849 Scanned directories
1098110 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1098109 Files not concerned
21696 Archives were scanned
18 Warnings
1 Notes

cosinus 31.07.2012 11:27
Wo hast du eigentlich das Log von ESET? Bitte nochmal ausführen wenn du es nicht richtig gemacht hast


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


hai123 31.07.2012 18:10
Hi Arne, ich halte Dich ja auf Trab - hab schon ein schlechtes Gewissen.
Hier kommts -------- siehe letzte Zeile
Könnte man denn nicht einfach das Backup vom 22.07.2012 löschen?
F: ist eine Backup Festplatte nur für die regelmäßige Wartung

*****************************************************************

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c79c4f9bf24324ca94f5f91562443c8
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-02 06:57:27
# local_time=2012-07-02 08:57:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 22331864 22331864 0 0
# compatibility_mode=5893 16776573 100 94 24696 92886459 0 0
# compatibility_mode=8192 67108863 100 0 172 172 0 0
# scanned=386
# found=0
# cleaned=0
# scan_time=178
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c79c4f9bf24324ca94f5f91562443c8
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-02 07:03:39
# local_time=2012-07-02 09:03:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777215 100 0 22332328 22332328 0 0
# compatibility_mode=5893 16776573 100 94 25160 92886923 0 0
# compatibility_mode=8192 67108863 100 0 636 636 0 0
# scanned=386
# found=0
# cleaned=0
# scan_time=87
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c79c4f9bf24324ca94f5f91562443c8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 05:39:56
# local_time=2012-07-03 07:39:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 22332494 22332494 0 0
# compatibility_mode=5893 16776573 100 94 25326 92887089 0 0
# compatibility_mode=8192 67108863 100 0 802 802 0 0
# scanned=109112
# found=9
# cleaned=9
# scan_time=38098
C:\Users\\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi

application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\-PC\Backup Set 2012-02-15 115516\Backup Files 2012-02-15 115516\Backup files

8.zip Win32/Toolbar.Widgi application (deleted - quarantined)

00000000000000000000000000000000 C
F:\-PC\Backup Set 2012-03-04 092405\Backup Files 2012-03-04 092405\Backup files

8.zip Win32/Toolbar.Widgi application (deleted - quarantined)

00000000000000000000000000000000 C
F:\-PC\Backup Set 2012-03-25 143403\Backup Files 2012-03-25 143403\Backup files

8.zip Win32/Toolbar.Widgi application (deleted - quarantined)

00000000000000000000000000000000 C
F:\-PC\Backup Set 2012-04-08 150637\Backup Files 2012-04-08 150637\Backup files

5.zip Win32/Toolbar.Widgi application (deleted - quarantined)

00000000000000000000000000000000 C
F:\-PC\Backup Set 2012-04-30 081909\Backup Files 2012-04-30 081909\Backup files

9.zip Win32/Toolbar.Widgi application (deleted - quarantined)

00000000000000000000000000000000 C
F:\-PC\Backup Set 2012-05-20 101202\Backup Files 2012-05-20 101202\Backup files

9.zip Win32/Toolbar.Widgi application (deleted - quarantined)

00000000000000000000000000000000 C
F:\-PC\Backup Set 2012-06-11 075647\Backup Files 2012-06-11 075647\Backup files

9.zip Win32/Toolbar.Widgi application (deleted - quarantined)

00000000000000000000000000000000 C
F:\-PC\Backup Set 2012-07-01 184350\Backup Files 2012-07-01 184350\Backup files

11.zip Win32/Toolbar.Widgi application (deleted - quarantined)

00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c79c4f9bf24324ca94f5f91562443c8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 02:57:10
# local_time=2012-07-30 04:57:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 24732038 24732038 0 0
# compatibility_mode=5893 16776573 100 94 192027 95286633 0 0
# compatibility_mode=8192 67108863 100 0 2400346 2400346 0 0
# scanned=128840
# found=0
# cleaned=0
# scan_time=4789
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c79c4f9bf24324ca94f5f91562443c8
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 11:13:40
# local_time=2012-07-31 01:13:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 24809771 24809771 0 0
# compatibility_mode=5893 16776573 100 94 13150 95364366 0 0
# compatibility_mode=8192 67108863 100 0 2478079 2478079 0 0
# scanned=250
# found=0
# cleaned=0
# scan_time=45
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c79c4f9bf24324ca94f5f91562443c8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 04:33:09
# local_time=2012-07-31 06:33:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 24810213 24810213 0 0
# compatibility_mode=5893 16776573 100 94 13592 95364808 0 0
# compatibility_mode=8192 67108863 100 0 2478521 2478521 0 0
# scanned=130767
# found=1
# cleaned=0
# scan_time=18772
F:\-PC\Backup Set 2012-07-22 144216\Backup Files 2012-07-22 144216\Backup files

6.zip JS/TrojanDownloader.FraudLoad.NAY trojan (unable to clean)

00000000000000000000000000000000 I

cosinus 01.08.2012 18:29
Du willst das gnaze Backup löschen, nur weil darin ein paar schädliche Dateien drin sein könnten?! :confused:
Sry irgendwie macht das nicht so richtig Sinn oder kannst du auf Backup verzichten?

hai123 02.08.2012 07:43
War nur so ne Idee. Wenn es bessere Alternativen gibt wäre ich erfreut, wenn Du mir mitteilen würdest, wie es weitergeht, aus Deiner Sicht. Wir sprechen ja von aktuell 2 Stück detektierten Plagegeistern :
Ausgegangen war ich von
1) HTML/FakeAV.AU HTML script virus und neu gefunden wurde
2)JS/TrojanDownloader.FraudLoad.NAY trojan

Freue mich von Dir zu hören
Gruß
RS

cosinus 03.08.2012 09:41
Tja, lass das Backupset doch einfach in Ruhe :pfeiff:

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

hai123 03.08.2012 10:21
Hi Arne, schön von Dir zu hören
Zitat:
1.) Geht der normale Modus von Windows uneingeschränkt? ** Ja **
2.) Vermisst du irgendwas im Startmenü? ** Nein ** Sind da leere Ordner unter alle Programme oder ist alles vorhanden? ** Keine leeren Ordner-vermisse nichts! **
Es ist rein gar nichts vorgekommen, was mich irgendwie beunruhigt; bis auf die 2 detektierten " Plager "

Gruß
RS

cosinus 03.08.2012 18:51
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

hai123 06.08.2012 19:34
Hi Arne,
ich hab, so hoffe ich doch, alles gemacht wie gewünscht; vielen Dank schon mal im Voraus:OTL Logfile:
Code:
OTL logfile created on: 06.08.2012 19:54:50 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Roland \Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 75,57% Memory free
7,00 Gb Paging File | 5,93 Gb Available in Paging File | 84,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,61 Gb Total Space | 328,77 Gb Free Space | 88,23% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 70,35 Gb Free Space | 30,21% Space Free | Partition Type: NTFS
 
Computer Name: ROLAND-PC | User Name: Roland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Roland \Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Roland\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Programme\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\windows._cacheinvalidation.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\wx._gdi_.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\wx._misc_.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\pysqlite2._sqlite.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\pythoncom26.dll ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\win32com.shell.shell.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\pyexpat.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\pywintypes26.dll ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\win32api.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\_elementtree.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\_ctypes.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\wx._html2.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\_socket.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\win32crypt.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\wx._core_.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\wx._controls_.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\wx._windows_.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\_ssl.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\unicodedata.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\_hashlib.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\wx._wizard.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\win32file.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\win32inet.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\win32process.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\win32pdh.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\win32event.pyd ()
MOD - C:\Users\ROLAND~1\AppData\Local\Temp\_MEI242410\select.pyd ()
MOD - C:\Users\Roland\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Programme\Yahoo!\Widgets\jsd.dll ()
MOD - C:\Programme\Yahoo!\Widgets\js32.dll ()
MOD - C:\Programme\Yahoo!\Widgets\sqlite3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\AAVUpdateManager\aavus.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-889825940-3395924831-1080105970-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-889825940-3395924831-1080105970-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-889825940-3395924831-1080105970-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-889825940-3395924831-1080105970-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 E5 32 FF D4 1E CD 01  [binary data]
IE - HKU\S-1-5-21-889825940-3395924831-1080105970-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-889825940-3395924831-1080105970-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-889825940-3395924831-1080105970-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.03 10:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.29 18:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.03 10:49:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.07.22 15:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roland AppData\Roaming\mozilla\Extensions
[2012.07.23 06:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\135r9kpp.default\extensions
[2012.01.02 20:09:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Roland \AppData\Roaming\mozilla\Firefox\Profiles\135r9kpp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.06 15:26:57 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\135r9kpp.default\extensions\DeviceDetection@logitech.com
[2011.08.11 08:33:10 | 000,006,253 | ---- | M] () -- C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\searchplugins\0180-telefonbuch.xml
[2011.08.11 08:33:28 | 000,002,422 | ---- | M] () -- C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\searchplugins\0180info.xml
[2012.07.03 15:53:06 | 000,002,347 | ---- | M] () -- C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\searchplugins\finanzennet.xml
[2012.08.03 10:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.03 10:49:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.03 10:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.07.12 08:23:39 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\ROLAND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\135R9KPP.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.02.16 12:54:13 | 000,006,850 | ---- | M] () (No name found) -- C:\USERS\ROLAND \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\135R9KPP.DEFAULT\EXTENSIONS\JL@LEIMBACH-IT.DE.XPI
[2011.12.30 11:46:56 | 000,012,686 | ---- | M] () (No name found) -- C:\USERS\ROLAND \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\135R9KPP.DEFAULT\EXTENSIONS\SHOPCLEVER@EXTENSION.XPI
[2012.07.23 06:37:45 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\ROLAND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\135R9KPP.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.08.03 10:49:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.17 23:52:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.17 23:52:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.17 23:52:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.17 23:52:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.17 23:52:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.17 23:52:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-889825940-3395924831-1080105970-1001..\Run: [dradio-RecorderTimer] C:\Programme\dradio-Recorder\phonostarTimer.exe ()
O4 - HKU\S-1-5-21-889825940-3395924831-1080105970-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-889825940-3395924831-1080105970-1001..\Run: [Spotify Web Helper] C:\Users\Roland\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Programme\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Roland \AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BBE9971-380C-4B49-A31D-5F656225FA0E}: DhcpNameServer = 83.169.186.161 83.169.186.225
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{37a97548-b6bf-11e0-8196-001e90e9e576}\Shell - "" = AutoRun
O33 - MountPoints2\{37a97548-b6bf-11e0-8196-001e90e9e576}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 10:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.08.02 16:17:52 | 000,000,000 | ---D | C] -- C:\Users\Roland\Desktop\
[2012.07.31 18:57:23 | 000,000,000 | ---D | C] -- C:\Users\Roland \Documents\
[2012.07.30 13:14:35 | 000,000,000 | ---D | C] -- C:\Users\Roland \Documents\
[2012.07.17 08:31:01 | 000,000,000 | ---D | C] -- C:\Users\Roland \Documents\
[2012.07.10 16:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.10 16:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 19:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 19:29:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 18:27:27 | 000,016,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 18:27:27 | 000,016,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 18:20:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 18:19:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 18:19:51 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 10:14:28 | 001,744,400 | ---- | M] () -- C:\Users\Roland \Desktop\IMG_3067.JPG
[2012.08.02 16:12:24 | 003,408,739 | ---- | M] () -- C:\Users\Roland \Desktop\IMG_3054.JPG
[2012.07.30 13:15:08 | 000,014,305 | ---- | M] () -- C:\Users\Roland \Documents\.odt
[2012.07.29 18:08:23 | 006,438,320 | ---- | M] () -- C:\Users\Roland\Documents\Unbenannt 1.odt
[2012.07.21 13:35:20 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.18 21:36:05 | 000,438,849 | ---- | M] () -- C:\Users\Roland\Documents\
[2012.07.17 09:42:33 | 000,004,535 | ---- | M] () -- C:\Users\Roland\Desktop\roland
[2012.07.17 09:18:20 | 000,133,169 | ---- | M] () -- C:\Users\Roland\Documents\
[2012.07.17 09:10:09 | 000,004,535 | ---- | M] () -- C:\Users\Roland\Desktop\roland.bak
[2012.07.13 08:54:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.12 10:05:29 | 000,132,990 | ---- | M] () -- C:\Users\Roland\Documents
[2012.07.12 09:46:06 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Snapform Viewer.lnk
[2012.07.11 11:06:59 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.03 10:14:28 | 001,744,400 | ---- | C] () -- C:\Users\Roland\Desktop\IMG.JPG
[2012.08.02 16:12:23 | 003,408,739 | ---- | C] () -- C:\Users\Roland\Desktop\IMG.JPG
[2012.07.30 13:15:05 | 000,014,305 | ---- | C] () -- C:\Users\Roland\Documents\.odt
[2012.07.29 18:05:44 | 006,438,320 | ---- | C] () -- C:\Users\Roland Documents\Unbenannt 1.odt
[2012.07.18 21:36:05 | 000,438,849 | ---- | C] () -- C:\Users\Roland\Documents\
[2012.07.12 10:05:25 | 000,132,990 | ---- | C] () -- C:\Users\Roland \Documents\qdf
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.12.17 14:45:55 | 000,003,584 | ---- | C] () -- C:\Users\Roland AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.30 21:44:28 | 000,000,032 | ---- | C] () -- C:\Users\Roland \.simfy
[2011.11.26 20:48:00 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.29 10:50:33 | 000,007,605 | ---- | C] () -- C:\Users\Roland \AppData\Local\Resmon.ResmonCfg
[2011.07.30 00:05:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.23 20:11:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.07.22 14:39:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.07.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming
[2012.06.12 11:40:18 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Canneverbe Limited
[2012.06.19 08:07:30 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Canon
[2012.01.02 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\DVDVideoSoft
[2012.01.02 20:09:05 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.17 15:18:05 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Guqeisy
[2012.08.02 16:25:43 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\IrfanView
[2012.03.20 12:43:51 | 000,000,000 | ---D | M] -- C:\Users\Roland AppData\Roaming\Obfyh
[2011.07.23 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\OpenOffice.org
[2012.06.14 10:13:02 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\phonostar GmbH
[2011.07.31 17:22:38 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Simfy
[2012.07.21 13:37:13 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Spotify
[2011.07.22 21:04:05 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Thunderbird
[2012.07.23 11:15:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.31 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Adobe
[2011.07.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\
[2012.01.18 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\ATI
[2011.10.18 09:37:24 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Avira
[2012.06.12 11:40:18 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Canneverbe Limited
[2012.06.19 08:07:30 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Canon
[2012.01.02 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\DVDVideoSoft
[2012.01.02 20:09:05 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.17 15:18:05 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Guqeisy
[2011.07.22 14:47:00 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Identities
[2012.08.02 16:25:43 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\IrfanView
[2011.07.22 16:41:40 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Macromedia
[2012.07.02 12:47:01 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Media Center Programs
[2012.03.17 15:18:12 | 000,000,000 | --SD | M] -- C:\Users\Roland\AppData\Roaming\Microsoft
[2011.07.22 15:49:42 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Mozilla
[2012.03.20 12:43:51 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Obfyh
[2011.07.23 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\OpenOffice.org
[2012.06.14 10:13:02 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\phonostar GmbH
[2011.07.31 17:22:38 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Simfy
[2012.07.30 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Skype
[2012.07.21 13:37:13 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Spotify
[2011.07.22 21:04:05 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\Thunderbird
[2011.07.25 15:48:27 | 000,000,000 | ---D | M] -- C:\Users\Roland \AppData\Roaming\U3
 
< %APPDATA%\*.exe /s >
[2012.05.21 11:02:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Roland \AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.03.14 09:07:42 | 000,010,134 | R--- | M] () -- C:\Users\Roland \AppData\Roaming\Microsoft\Installer\{4F198874-3C7D-5983-02EB-9E234C43F174}\ARPPRODUCTICON.exe
[2012.07.21 13:36:51 | 007,609,560 | ---- | M] (Spotify Ltd) -- C:\Users\Roland \AppData\Roaming\Spotify\spotify.exe
[2012.07.21 13:36:51 | 000,114,392 | ---- | M] () -- C:\Users\Roland \AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.07.21 13:36:51 | 001,192,664 | ---- | M] () -- C:\Users\Roland \AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Roland \AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Roland \AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.04.06 04:16:52 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
<          >

< End of report >
--- --- ---

cosinus 07.08.2012 13:21
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{37a97548-b6bf-11e0-8196-001e90e9e576}\Shell - "" = AutoRun
O33 - MountPoints2\{37a97548-b6bf-11e0-8196-001e90e9e576}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
:Files
C:\Users\Roland AppData\Roaming\Obfyh
C:\Users\Roland \AppData\Roaming\Guqeisy
C:\Windows\System32\kdbsdk32.dll
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hai123 07.08.2012 18:18
Zitat: aus dem otl fix

ich gehe mal davon aus, dass es so aussehen sollte.
Das xxxxxxxxxxxxx\ ist der Nachname, wurde von mir gelöscht:

C:\Users\Roland xxxxxxxxxx\AppData\Roaming\Obfyh
C:\Users\Roland xxxxxxxxxx\AppData\Roaming\Guqeisy


Wäre das denn so richtiger?
Gruß

cosinus 08.08.2012 18:43
Das musst du doch wissen was du da wegeditiert hast! :wtf:
Und ja natürlich muss es wieder so zurückeditiert werden, wie es original im Log auch stand

hai123 09.08.2012 16:09
Hi Arne,
das sieht jetzt so aus: (editiert)
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37a97548-b6bf-11e0-8196-001e90e9e576}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37a97548-b6bf-11e0-8196-001e90e9e576}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37a97548-b6bf-11e0-8196-001e90e9e576}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37a97548-b6bf-11e0-8196-001e90e9e576}\ not found.
File E:\LaunchU3.exe -a not found.
========== FILES ==========
File\Folder C:\Users\Roland \ AppData\Roaming\Obfyh not found.
C:\Users\Roland \AppData\Roaming\Guqeisy folder moved successfully.
C:\Windows\System32\kdbsdk32.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Roland
->Temp folder emptied: 4005698087 bytes
->Temporary Internet Files folder emptied: 257116860 bytes
->Java cache emptied: 1865003 bytes
->FireFox cache emptied: 1151902231 bytes
->Flash cache emptied: 176089 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213601598 bytes
RecycleBin emptied: 782671080 bytes

Total Files Cleaned = 6.116,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Roland
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08092012_165216

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hi Arne,
nach dem Hochfahren des Rechners erhalte ich jetzt folgende Fehlermeldung:

kdbsync.exe-Systemfehler
Das Programm kann nicht gestartet werden, da kdbsdk32.dll auf dem Computer fehlt. Installieren Sie das Programm erneut um das Problem zu beheben.

Das ist irgenwas mit AMD / Grafikkarten ....... oder so. Es wäre schön, wenn wir
dieses Warnschild auch noch irgendwie wegbekommen könnten.......
Danke im Voraus Gruß R

cosinus 10.08.2012 18:59
Ach ok, jetzt weiß ich dass die Datei doch ok ist :stirn:

Code:
C:\Windows\System32\kdbsdk32.dll moved successfully.
Diese kdbsdk32.dll solltest du innerhalb des Ordner C:\_OTL\MovedFiles finden
Einfach wieder nach C:\Windows\system32 kopieren
Dann sollte die Meldung eigentlich spätestens beim nächsten Neustart weg sein

hai123 12.08.2012 18:44
Hi Arne, Du hast recht. Ich hab das so gemacht! Und die beschriebene Warnung kommt nicht mehr!
Es gibt noch eine zweite Warnung sofort nach dem Hochfahren: AMD Accelerated Video Transcoder - so eine Art MS-Dos Fenster, aber ohne Inhalt.
Dieses Fenster ist nur ganz kurz sichtbar ( so ne 1/4 Sekunde ) - und auf der Symbolleiste verschwindet der Eintrag nach 4~5 sec. Damit kann man wohl leben, denke ich.
Es sieht so aus, als ob jetzt alles wieder im Lot ist ??
War ja ne schwierige Geburt.......Vielen Dank, dass Du bis zum Ende mitgegangen bist. Ich bin Dir echt dankbar und Deine Tips für die Zukunft vergesse ich bestimmt nicht.
Viele Grüße
R

cosinus 13.08.2012 15:49
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

hai123 13.08.2012 19:08
Hui, ob ich da wohl etwas voreilig war?????
Hier der REPORT:


19:52:58.0277 0876 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:52:58.0449 0876 ============================================================
19:52:58.0449 0876 Current date / time: 2012/08/13 19:52:58.0449
19:52:58.0449 0876 SystemInfo:
19:52:58.0449 0876
19:52:58.0449 0876 OS Version: 6.1.7601 ServicePack: 1.0
19:52:58.0449 0876 Product type: Workstation
19:52:58.0449 0876 ComputerName: ROLAND-PC
19:52:58.0449 0876 UserName: Roland
19:52:58.0449 0876 Windows directory: C:\Windows
19:52:58.0449 0876 System windows directory: C:\Windows
19:52:58.0449 0876 Processor architecture: Intel x86
19:52:58.0449 0876 Number of processors: 2
19:52:58.0449 0876 Page size: 0x1000
19:52:58.0449 0876 Boot type: Normal boot
19:52:58.0449 0876 ============================================================
19:53:00.0695 0876 Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:53:00.0695 0876 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:53:00.0695 0876 ============================================================
19:53:00.0695 0876 \Device\Harddisk0\DR0:
19:53:00.0695 0876 MBR partitions:
19:53:00.0695 0876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2E937800
19:53:00.0695 0876 \Device\Harddisk1\DR1:
19:53:00.0695 0876 MBR partitions:
19:53:00.0695 0876 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4000
19:53:00.0695 0876 ============================================================
19:53:00.0726 0876 C: <-> \Device\Harddisk0\DR0\Partition0
19:53:00.0726 0876 F: <-> \Device\Harddisk1\DR1\Partition0
19:53:00.0726 0876 ============================================================
19:53:00.0726 0876 Initialize success
19:53:00.0726 0876 ============================================================
19:57:44.0554 0696 ============================================================
19:57:44.0554 0696 Scan started
19:57:44.0554 0696 Mode: Manual; SigCheck; TDLFS;
19:57:44.0554 0696 ============================================================
19:57:44.0975 0696 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:57:45.0068 0696 1394ohci - ok
19:57:45.0162 0696 AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files\AAVUpdateManager\aavus.exe
19:57:45.0162 0696 AAV UpdateService - ok
19:57:45.0224 0696 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:57:45.0240 0696 ACPI - ok
19:57:45.0287 0696 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:57:45.0334 0696 AcpiPmi - ok
19:57:45.0427 0696 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:57:45.0443 0696 AdobeARMservice - ok
19:57:45.0521 0696 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:45.0536 0696 AdobeFlashPlayerUpdateSvc - ok
19:57:45.0599 0696 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:57:45.0614 0696 adp94xx - ok
19:57:45.0646 0696 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:57:45.0661 0696 adpahci - ok
19:57:45.0677 0696 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:57:45.0692 0696 adpu320 - ok
19:57:45.0724 0696 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:57:45.0786 0696 AeLookupSvc - ok
19:57:45.0833 0696 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:57:45.0895 0696 AFD - ok
19:57:45.0926 0696 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:57:45.0942 0696 agp440 - ok
19:57:45.0989 0696 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:57:45.0989 0696 aic78xx - ok
19:57:46.0036 0696 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:57:46.0082 0696 ALG - ok
19:57:46.0114 0696 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:57:46.0129 0696 aliide - ok
19:57:46.0176 0696 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe
19:57:46.0223 0696 AMD External Events Utility - ok
19:57:46.0316 0696 AMD FUEL Service - ok
19:57:46.0348 0696 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:57:46.0379 0696 amdagp - ok
19:57:46.0410 0696 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:57:46.0426 0696 amdide - ok
19:57:46.0441 0696 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
19:57:46.0457 0696 amdiox86 - ok
19:57:46.0519 0696 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:57:46.0582 0696 AmdK8 - ok
19:57:47.0159 0696 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:47.0424 0696 amdkmdag - ok
19:57:47.0580 0696 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys
19:57:47.0627 0696 amdkmdap - ok
19:57:47.0674 0696 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:57:47.0705 0696 AmdPPM - ok
19:57:47.0736 0696 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:57:47.0752 0696 amdsata - ok
19:57:47.0783 0696 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:57:47.0798 0696 amdsbs - ok
19:57:47.0814 0696 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:57:47.0830 0696 amdxata - ok
19:57:47.0939 0696 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:57:47.0954 0696 AntiVirSchedulerService - ok
19:57:47.0986 0696 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:57:48.0001 0696 AntiVirService - ok
19:57:48.0032 0696 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:57:48.0142 0696 AppID - ok
19:57:48.0188 0696 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:57:48.0235 0696 AppIDSvc - ok
19:57:48.0251 0696 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:57:48.0298 0696 Appinfo - ok
19:57:48.0329 0696 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
19:57:48.0376 0696 AppMgmt - ok
19:57:48.0407 0696 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:57:48.0422 0696 arc - ok
19:57:48.0438 0696 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:57:48.0454 0696 arcsas - ok
19:57:48.0485 0696 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:48.0578 0696 AsyncMac - ok
19:57:48.0625 0696 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:57:48.0656 0696 atapi - ok
19:57:48.0719 0696 AtiHDAudioService (6adc42cf4a6ab84975ca63dccfaaf5d8) C:\Windows\system32\drivers\AtihdW73.sys
19:57:48.0719 0696 AtiHDAudioService - ok
19:57:49.0249 0696 atikmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:49.0390 0696 atikmdag - ok
19:57:49.0514 0696 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:57:49.0561 0696 AudioEndpointBuilder - ok
19:57:49.0561 0696 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:57:49.0592 0696 Audiosrv - ok
19:57:49.0670 0696 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:57:49.0686 0696 avgntflt - ok
19:57:49.0733 0696 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:57:49.0748 0696 avipbb - ok
19:57:49.0764 0696 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:57:49.0780 0696 avkmgr - ok
19:57:49.0811 0696 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:57:49.0873 0696 AxInstSV - ok
19:57:49.0920 0696 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:57:49.0967 0696 b06bdrv - ok
19:57:50.0014 0696 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:57:50.0029 0696 b57nd60x - ok
19:57:50.0076 0696 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:57:50.0107 0696 BDESVC - ok
19:57:50.0123 0696 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:57:50.0170 0696 Beep - ok
19:57:50.0232 0696 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
19:57:50.0279 0696 BFE - ok
19:57:50.0326 0696 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:57:50.0372 0696 BITS - ok
19:57:50.0404 0696 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:57:50.0435 0696 blbdrive - ok
19:57:50.0450 0696 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:57:50.0497 0696 bowser - ok
19:57:50.0513 0696 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:57:50.0560 0696 BrFiltLo - ok
19:57:50.0575 0696 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:57:50.0622 0696 BrFiltUp - ok
19:57:50.0653 0696 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:57:50.0700 0696 Browser - ok
19:57:50.0731 0696 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:57:50.0762 0696 Brserid - ok
19:57:50.0778 0696 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:57:50.0809 0696 BrSerWdm - ok
19:57:50.0840 0696 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:57:50.0872 0696 BrUsbMdm - ok
19:57:50.0887 0696 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:57:50.0918 0696 BrUsbSer - ok
19:57:50.0950 0696 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
19:57:50.0996 0696 BthEnum - ok
19:57:51.0028 0696 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:57:51.0043 0696 BTHMODEM - ok
19:57:51.0074 0696 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:57:51.0090 0696 BthPan - ok
19:57:51.0137 0696 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
19:57:51.0168 0696 BTHPORT - ok
19:57:51.0199 0696 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:57:51.0246 0696 bthserv - ok
19:57:51.0262 0696 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
19:57:51.0293 0696 BTHUSB - ok
19:57:51.0324 0696 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:57:51.0371 0696 cdfs - ok
19:57:51.0418 0696 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:57:51.0449 0696 cdrom - ok
19:57:51.0480 0696 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:57:51.0527 0696 CertPropSvc - ok
19:57:51.0542 0696 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:57:51.0558 0696 circlass - ok
19:57:51.0792 0696 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:57:51.0823 0696 CLFS - ok
19:57:51.0886 0696 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:51.0901 0696 clr_optimization_v2.0.50727_32 - ok
19:57:51.0964 0696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:51.0979 0696 clr_optimization_v4.0.30319_32 - ok
19:57:51.0995 0696 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:52.0010 0696 CmBatt - ok
19:57:52.0042 0696 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:57:52.0042 0696 cmdide - ok
19:57:52.0088 0696 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
19:57:52.0120 0696 CNG - ok
19:57:52.0135 0696 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:57:52.0151 0696 Compbatt - ok
19:57:52.0198 0696 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:57:52.0213 0696 CompositeBus - ok
19:57:52.0213 0696 COMSysApp - ok
19:57:52.0229 0696 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:57:52.0244 0696 crcdisk - ok
19:57:52.0276 0696 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
19:57:52.0338 0696 CryptSvc - ok
19:57:52.0385 0696 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:57:52.0432 0696 CSC - ok
19:57:52.0478 0696 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
19:57:52.0510 0696 CscService - ok
19:57:52.0541 0696 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:57:52.0603 0696 DcomLaunch - ok
19:57:52.0634 0696 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:57:52.0681 0696 defragsvc - ok
19:57:52.0744 0696 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:57:52.0822 0696 DfsC - ok
19:57:52.0868 0696 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:57:52.0915 0696 Dhcp - ok
19:57:52.0946 0696 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:57:52.0993 0696 discache - ok
19:57:53.0040 0696 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:57:53.0040 0696 Disk - ok
19:57:53.0071 0696 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:57:53.0118 0696 Dnscache - ok
19:57:53.0149 0696 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:57:53.0196 0696 dot3svc - ok
19:57:53.0227 0696 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:57:53.0274 0696 DPS - ok
19:57:53.0321 0696 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:57:53.0336 0696 drmkaud - ok
19:57:53.0414 0696 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:57:53.0430 0696 DXGKrnl - ok
19:57:53.0461 0696 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:57:53.0508 0696 EapHost - ok
19:57:53.0711 0696 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:57:53.0804 0696 ebdrv - ok
19:57:53.0898 0696 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:57:53.0945 0696 EFS - ok
19:57:54.0007 0696 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:57:54.0054 0696 ehRecvr - ok
19:57:54.0085 0696 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:57:54.0132 0696 ehSched - ok
19:57:54.0210 0696 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:57:54.0257 0696 elxstor - ok
19:57:54.0272 0696 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:57:54.0304 0696 ErrDev - ok
19:57:54.0350 0696 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:57:54.0413 0696 EventSystem - ok
19:57:54.0428 0696 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:57:54.0475 0696 exfat - ok
19:57:54.0506 0696 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:57:54.0553 0696 fastfat - ok
19:57:54.0616 0696 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:57:54.0662 0696 Fax - ok
19:57:54.0694 0696 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:57:54.0725 0696 fdc - ok
19:57:54.0756 0696 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:57:54.0787 0696 fdPHost - ok
19:57:54.0803 0696 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:57:54.0850 0696 FDResPub - ok
19:57:54.0865 0696 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:57:54.0881 0696 FileInfo - ok
19:57:54.0896 0696 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:57:54.0928 0696 Filetrace - ok
19:57:54.0943 0696 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:54.0959 0696 flpydisk - ok
19:57:54.0990 0696 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:57:55.0006 0696 FltMgr - ok
19:57:55.0084 0696 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
19:57:55.0162 0696 FontCache - ok
19:57:55.0240 0696 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:57:55.0255 0696 FontCache3.0.0.0 - ok
19:57:55.0271 0696 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:57:55.0286 0696 FsDepends - ok
19:57:55.0302 0696 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
19:57:55.0318 0696 Fs_Rec - ok
19:57:55.0364 0696 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:57:55.0380 0696 fvevol - ok
19:57:55.0411 0696 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:57:55.0427 0696 gagp30kx - ok
19:57:55.0474 0696 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
19:57:55.0474 0696 giveio ( UnsignedFile.Multi.Generic ) - warning
19:57:55.0474 0696 giveio - detected UnsignedFile.Multi.Generic (1)
19:57:55.0536 0696 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:57:55.0583 0696 gpsvc - ok
19:57:55.0692 0696 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:55.0723 0696 gupdate - ok
19:57:55.0723 0696 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:55.0739 0696 gupdatem - ok
19:57:55.0770 0696 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:57:55.0801 0696 hcw85cir - ok
19:57:55.0864 0696 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:57:55.0895 0696 HdAudAddService - ok
19:57:55.0942 0696 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:57:55.0973 0696 HDAudBus - ok
19:57:55.0988 0696 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:57:56.0004 0696 HidBatt - ok
19:57:56.0035 0696 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:57:56.0066 0696 HidBth - ok
19:57:56.0098 0696 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:57:56.0144 0696 HidIr - ok
19:57:56.0176 0696 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:57:56.0207 0696 hidserv - ok
19:57:56.0269 0696 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:57:56.0285 0696 HidUsb - ok
19:57:56.0300 0696 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:57:56.0347 0696 hkmsvc - ok
19:57:56.0378 0696 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:57:56.0425 0696 HomeGroupListener - ok
19:57:56.0456 0696 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:57:56.0488 0696 HomeGroupProvider - ok
19:57:56.0534 0696 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:57:56.0550 0696 HpSAMD - ok
19:57:56.0597 0696 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:57:56.0628 0696 HTTP - ok
19:57:56.0659 0696 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:57:56.0675 0696 hwpolicy - ok
19:57:56.0722 0696 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:57:56.0737 0696 i8042prt - ok
19:57:56.0800 0696 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:57:56.0846 0696 iaStorV - ok
19:57:56.0956 0696 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:57:57.0002 0696 idsvc - ok
19:57:57.0034 0696 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:57:57.0034 0696 iirsp - ok
19:57:57.0112 0696 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:57:57.0174 0696 IKEEXT - ok
19:57:57.0205 0696 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:57:57.0221 0696 intelide - ok
19:57:57.0236 0696 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:57:57.0268 0696 intelppm - ok
19:57:57.0299 0696 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:57:57.0330 0696 IPBusEnum - ok
19:57:57.0346 0696 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:57.0392 0696 IpFilterDriver - ok
19:57:57.0455 0696 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:57:57.0517 0696 iphlpsvc - ok
19:57:57.0548 0696 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:57:57.0580 0696 IPMIDRV - ok
19:57:57.0595 0696 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:57:57.0642 0696 IPNAT - ok
19:57:57.0673 0696 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:57:57.0689 0696 IRENUM - ok
19:57:57.0736 0696 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:57:57.0751 0696 isapnp - ok
19:57:57.0767 0696 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:57:57.0798 0696 iScsiPrt - ok
19:57:57.0829 0696 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:57:57.0829 0696 kbdclass - ok
19:57:57.0860 0696 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
19:57:57.0892 0696 kbdhid - ok
19:57:57.0907 0696 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:57:57.0923 0696 KeyIso - ok
19:57:57.0938 0696 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
19:57:57.0954 0696 KSecDD - ok
19:57:57.0985 0696 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
19:57:58.0001 0696 KSecPkg - ok
19:57:58.0048 0696 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:57:58.0079 0696 KtmRm - ok
19:57:58.0141 0696 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:57:58.0157 0696 L8042Kbd - ok
19:57:58.0204 0696 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:57:58.0250 0696 LanmanServer - ok
19:57:58.0266 0696 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:57:58.0313 0696 LanmanWorkstation - ok
19:57:58.0375 0696 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:57:58.0422 0696 lltdio - ok
19:57:58.0453 0696 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:57:58.0500 0696 lltdsvc - ok
19:57:58.0516 0696 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:57:58.0547 0696 lmhosts - ok
19:57:58.0578 0696 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:57:58.0594 0696 LSI_FC - ok
19:57:58.0609 0696 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:57:58.0625 0696 LSI_SAS - ok
19:57:58.0656 0696 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:57:58.0656 0696 LSI_SAS2 - ok
19:57:58.0687 0696 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:57:58.0703 0696 LSI_SCSI - ok
19:57:58.0718 0696 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:57:58.0750 0696 luafv - ok
19:57:58.0796 0696 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\Windows\system32\drivers\LVUSBSta.sys
19:57:58.0812 0696 LVUSBSta - ok
19:57:58.0828 0696 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:57:58.0843 0696 Mcx2Svc - ok
19:57:58.0859 0696 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:57:58.0874 0696 megasas - ok
19:57:58.0906 0696 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:57:58.0921 0696 MegaSR - ok
19:57:58.0952 0696 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:57:58.0999 0696 MMCSS - ok
19:57:59.0015 0696 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:57:59.0062 0696 Modem - ok
19:57:59.0077 0696 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:57:59.0108 0696 monitor - ok
19:57:59.0140 0696 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:57:59.0155 0696 mouclass - ok
19:57:59.0186 0696 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:57:59.0218 0696 mouhid - ok
19:57:59.0249 0696 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:57:59.0264 0696 mountmgr - ok
19:57:59.0389 0696 MozillaMaintenance (c1b935882344f9db73168611ebda1c11) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:57:59.0405 0696 MozillaMaintenance - ok
19:57:59.0436 0696 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:57:59.0452 0696 mpio - ok
19:57:59.0467 0696 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:57:59.0514 0696 mpsdrv - ok
19:57:59.0576 0696 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:57:59.0623 0696 MpsSvc - ok
19:57:59.0654 0696 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:57:59.0686 0696 MRxDAV - ok
19:57:59.0717 0696 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:59.0764 0696 mrxsmb - ok
19:57:59.0795 0696 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:59.0826 0696 mrxsmb10 - ok
19:57:59.0857 0696 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:59.0873 0696 mrxsmb20 - ok
19:57:59.0888 0696 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:57:59.0904 0696 msahci - ok
19:57:59.0935 0696 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:57:59.0951 0696 msdsm - ok
19:57:59.0982 0696 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:58:00.0013 0696 MSDTC - ok
19:58:00.0060 0696 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:58:00.0076 0696 Msfs - ok
19:58:00.0091 0696 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:58:00.0138 0696 mshidkmdf - ok
19:58:00.0169 0696 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:58:00.0185 0696 msisadrv - ok
19:58:00.0216 0696 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:58:00.0263 0696 MSiSCSI - ok
19:58:00.0263 0696 msiserver - ok
19:58:00.0294 0696 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:00.0325 0696 MSKSSRV - ok
19:58:00.0325 0696 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:00.0372 0696 MSPCLOCK - ok
19:58:00.0388 0696 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:58:00.0434 0696 MSPQM - ok
19:58:00.0450 0696 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:58:00.0481 0696 MsRPC - ok
19:58:00.0497 0696 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:58:00.0512 0696 mssmbios - ok
19:58:00.0528 0696 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:58:00.0559 0696 MSTEE - ok
19:58:00.0559 0696 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:58:00.0575 0696 MTConfig - ok
19:58:00.0606 0696 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:58:00.0622 0696 Mup - ok
19:58:00.0653 0696 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:58:00.0700 0696 napagent - ok
19:58:00.0731 0696 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:00.0762 0696 NativeWifiP - ok
19:58:00.0824 0696 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:58:00.0856 0696 NDIS - ok
19:58:00.0887 0696 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:00.0934 0696 NdisCap - ok
19:58:00.0949 0696 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:00.0996 0696 NdisTapi - ok
19:58:01.0043 0696 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:01.0074 0696 Ndisuio - ok
19:58:01.0121 0696 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:01.0152 0696 NdisWan - ok
19:58:01.0168 0696 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:58:01.0199 0696 NDProxy - ok
19:58:01.0214 0696 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:58:01.0261 0696 NetBIOS - ok
19:58:01.0308 0696 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:58:01.0339 0696 NetBT - ok
19:58:01.0355 0696 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:58:01.0370 0696 Netlogon - ok
19:58:01.0417 0696 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:58:01.0511 0696 Netman - ok
19:58:01.0542 0696 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:58:01.0589 0696 netprofm - ok
19:58:01.0667 0696 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:58:01.0682 0696 NetTcpPortSharing - ok
19:58:01.0714 0696 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:58:01.0729 0696 nfrd960 - ok
19:58:01.0776 0696 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:58:01.0807 0696 NlaSvc - ok
19:58:01.0854 0696 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:58:01.0901 0696 Npfs - ok
19:58:01.0916 0696 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:58:01.0948 0696 nsi - ok
19:58:01.0963 0696 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:58:01.0994 0696 nsiproxy - ok
19:58:02.0088 0696 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:58:02.0119 0696 Ntfs - ok
19:58:02.0135 0696 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:58:02.0182 0696 Null - ok
19:58:02.0228 0696 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:58:02.0275 0696 NVENETFD - ok
19:58:02.0322 0696 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
19:58:02.0338 0696 NVNET - ok
19:58:02.0369 0696 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:58:02.0384 0696 nvraid - ok
19:58:02.0416 0696 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:58:02.0416 0696 nvstor - ok
19:58:02.0447 0696 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:58:02.0462 0696 nv_agp - ok
19:58:02.0478 0696 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:58:02.0509 0696 ohci1394 - ok
19:58:02.0556 0696 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:58:02.0618 0696 p2pimsvc - ok
19:58:02.0665 0696 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:58:02.0696 0696 p2psvc - ok
19:58:02.0743 0696 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:58:02.0759 0696 Parport - ok
19:58:02.0790 0696 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
19:58:02.0806 0696 partmgr - ok
19:58:02.0821 0696 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:58:02.0852 0696 Parvdm - ok
19:58:02.0868 0696 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:58:02.0884 0696 PcaSvc - ok
19:58:02.0915 0696 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:58:02.0930 0696 pci - ok
19:58:02.0946 0696 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:58:02.0962 0696 pciide - ok
19:58:02.0977 0696 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:58:03.0008 0696 pcmcia - ok
19:58:03.0024 0696 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:58:03.0040 0696 pcw - ok
19:58:03.0102 0696 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:58:03.0149 0696 PEAUTH - ok
19:58:03.0227 0696 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
19:58:03.0305 0696 PeerDistSvc - ok
19:58:03.0367 0696 pepifilter (d30eda6e1ab3c8c82f2ca085ab79040a) C:\Windows\system32\DRIVERS\lv302af.sys
19:58:03.0383 0696 pepifilter - ok
19:58:03.0476 0696 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\Windows\system32\DRIVERS\LV302V32.SYS
19:58:03.0523 0696 PID_PEPI - ok
19:58:03.0617 0696 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:58:03.0664 0696 pla - ok
19:58:03.0804 0696 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:58:03.0835 0696 PlugPlay - ok
19:58:03.0866 0696 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:58:03.0882 0696 PNRPAutoReg - ok
19:58:03.0913 0696 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:58:03.0929 0696 PNRPsvc - ok
19:58:03.0976 0696 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:58:04.0007 0696 PolicyAgent - ok
19:58:04.0054 0696 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:58:04.0085 0696 Power - ok
19:58:04.0163 0696 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:04.0225 0696 PptpMiniport - ok
19:58:04.0241 0696 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:58:04.0288 0696 Processor - ok
19:58:04.0319 0696 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
19:58:04.0366 0696 ProfSvc - ok
19:58:04.0397 0696 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:58:04.0412 0696 ProtectedStorage - ok
19:58:04.0444 0696 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:58:04.0475 0696 Psched - ok
19:58:04.0553 0696 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:58:04.0600 0696 ql2300 - ok
19:58:04.0709 0696 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:58:04.0740 0696 ql40xx - ok
19:58:04.0771 0696 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:58:04.0787 0696 QWAVE - ok
19:58:04.0802 0696 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:58:04.0818 0696 QWAVEdrv - ok
19:58:04.0880 0696 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
19:58:04.0896 0696 RapiMgr - ok
19:58:04.0912 0696 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:04.0958 0696 RasAcd - ok
19:58:04.0990 0696 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:58:05.0036 0696 RasAgileVpn - ok
19:58:05.0068 0696 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:58:05.0099 0696 RasAuto - ok
19:58:05.0130 0696 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:05.0177 0696 Rasl2tp - ok
19:58:05.0224 0696 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:58:05.0270 0696 RasMan - ok
19:58:05.0286 0696 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:05.0333 0696 RasPppoe - ok
19:58:05.0348 0696 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:05.0395 0696 RasSstp - ok
19:58:05.0442 0696 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:05.0520 0696 rdbss - ok
19:58:05.0536 0696 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:58:05.0551 0696 rdpbus - ok
19:58:05.0582 0696 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:05.0614 0696 RDPCDD - ok
19:58:05.0645 0696 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:58:05.0676 0696 RDPDR - ok
19:58:05.0692 0696 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:58:05.0723 0696 RDPENCDD - ok
19:58:05.0738 0696 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:58:05.0754 0696 RDPREFMP - ok
19:58:05.0801 0696 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
19:58:05.0848 0696 RDPWD - ok
19:58:05.0894 0696 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:58:05.0926 0696 rdyboost - ok
19:58:05.0957 0696 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:58:06.0035 0696 RemoteAccess - ok
19:58:06.0066 0696 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:58:06.0113 0696 RemoteRegistry - ok
19:58:06.0160 0696 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:58:06.0191 0696 RFCOMM - ok
19:58:06.0206 0696 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:58:06.0238 0696 RpcEptMapper - ok
19:58:06.0269 0696 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:58:06.0284 0696 RpcLocator - ok
19:58:06.0331 0696 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:58:06.0362 0696 RpcSs - ok
19:58:06.0409 0696 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:06.0440 0696 rspndr - ok
19:58:06.0472 0696 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:58:06.0503 0696 s3cap - ok
19:58:06.0518 0696 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:58:06.0534 0696 SamSs - ok
19:58:06.0581 0696 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:58:06.0596 0696 sbp2port - ok
19:58:06.0628 0696 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:58:06.0659 0696 SCardSvr - ok
19:58:06.0674 0696 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:58:06.0721 0696 scfilter - ok
19:58:06.0784 0696 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:58:06.0877 0696 Schedule - ok
19:58:06.0893 0696 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:58:06.0924 0696 SCPolicySvc - ok
19:58:06.0955 0696 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:58:07.0002 0696 SDRSVC - ok
19:58:07.0033 0696 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:58:07.0080 0696 secdrv - ok
19:58:07.0111 0696 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:58:07.0142 0696 seclogon - ok
19:58:07.0174 0696 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:58:07.0220 0696 SENS - ok
19:58:07.0252 0696 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:58:07.0283 0696 SensrSvc - ok
19:58:07.0298 0696 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:58:07.0314 0696 Serenum - ok
19:58:07.0330 0696 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:58:07.0361 0696 Serial - ok
19:58:07.0376 0696 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:58:07.0408 0696 sermouse - ok
19:58:07.0439 0696 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:58:07.0486 0696 SessionEnv - ok
19:58:07.0517 0696 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:58:07.0548 0696 sffdisk - ok
19:58:07.0564 0696 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:58:07.0595 0696 sffp_mmc - ok
19:58:07.0610 0696 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:58:07.0626 0696 sffp_sd - ok
19:58:07.0657 0696 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:58:07.0673 0696 sfloppy - ok
19:58:07.0720 0696 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:58:07.0766 0696 SharedAccess - ok
19:58:07.0813 0696 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:58:07.0891 0696 ShellHWDetection - ok
19:58:07.0922 0696 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:58:07.0922 0696 sisagp - ok
19:58:07.0954 0696 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:58:07.0969 0696 SiSRaid2 - ok
19:58:07.0985 0696 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:58:08.0000 0696 SiSRaid4 - ok
19:58:08.0266 0696 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:58:08.0344 0696 Skype C2C Service - ok
19:58:08.0453 0696 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
19:58:08.0468 0696 SkypeUpdate - ok
19:58:08.0609 0696 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:58:08.0640 0696 Smb - ok
19:58:08.0687 0696 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:58:08.0702 0696 SNMPTRAP - ok
19:58:08.0765 0696 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
19:58:08.0780 0696 speedfan - ok
19:58:08.0812 0696 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:58:08.0827 0696 spldr - ok
19:58:08.0874 0696 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:58:08.0921 0696 Spooler - ok
19:58:09.0108 0696 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:58:09.0202 0696 sppsvc - ok
19:58:09.0295 0696 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:58:09.0342 0696 sppuinotify - ok
19:58:09.0404 0696 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:58:09.0451 0696 srv - ok
19:58:09.0467 0696 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:58:09.0498 0696 srv2 - ok
19:58:09.0529 0696 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:09.0545 0696 srvnet - ok
19:58:09.0576 0696 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:58:09.0623 0696 SSDPSRV - ok
19:58:09.0670 0696 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:58:09.0685 0696 ssmdrv - ok
19:58:09.0701 0696 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:58:09.0763 0696 SstpSvc - ok
19:58:09.0794 0696 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:58:09.0794 0696 stexstor - ok
19:58:09.0841 0696 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:58:09.0888 0696 StiSvc - ok
19:58:09.0919 0696 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:58:09.0935 0696 storflt - ok
19:58:09.0966 0696 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
19:58:09.0997 0696 StorSvc - ok
19:58:10.0013 0696 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:58:10.0028 0696 storvsc - ok
19:58:10.0044 0696 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:58:10.0060 0696 swenum - ok
19:58:10.0106 0696 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:58:10.0138 0696 swprv - ok
19:58:10.0231 0696 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:58:10.0294 0696 SysMain - ok
19:58:10.0325 0696 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:58:10.0356 0696 TabletInputService - ok
19:58:10.0387 0696 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:58:10.0418 0696 TapiSrv - ok
19:58:10.0450 0696 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:58:10.0496 0696 TBS - ok
19:58:10.0606 0696 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
19:58:10.0637 0696 Tcpip - ok
19:58:10.0668 0696 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:10.0699 0696 TCPIP6 - ok
19:58:10.0808 0696 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:58:10.0871 0696 tcpipreg - ok
19:58:10.0902 0696 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:58:10.0933 0696 TDPIPE - ok
19:58:10.0949 0696 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:58:10.0964 0696 TDTCP - ok
19:58:10.0996 0696 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:58:11.0042 0696 tdx - ok
19:58:11.0074 0696 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:58:11.0089 0696 TermDD - ok
19:58:11.0152 0696 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:58:11.0198 0696 TermService - ok
19:58:11.0230 0696 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:58:11.0261 0696 Themes - ok
19:58:11.0292 0696 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:58:11.0323 0696 THREADORDER - ok
19:58:11.0339 0696 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:58:11.0386 0696 TrkWks - ok
19:58:11.0448 0696 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:58:11.0510 0696 TrustedInstaller - ok
19:58:11.0542 0696 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:11.0573 0696 tssecsrv - ok
19:58:11.0620 0696 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:58:11.0651 0696 TsUsbFlt - ok
19:58:11.0698 0696 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:11.0744 0696 tunnel - ok
19:58:11.0760 0696 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:58:11.0776 0696 uagp35 - ok
19:58:11.0807 0696 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:58:11.0854 0696 udfs - ok
19:58:11.0900 0696 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:58:11.0932 0696 UI0Detect - ok
19:58:11.0963 0696 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:58:11.0994 0696 uliagpkx - ok
19:58:12.0025 0696 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
19:58:12.0072 0696 umbus - ok
19:58:12.0119 0696 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:58:12.0150 0696 UmPass - ok
19:58:12.0181 0696 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
19:58:12.0212 0696 UmRdpService - ok
19:58:12.0259 0696 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:58:12.0306 0696 upnphost - ok
19:58:12.0337 0696 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:58:12.0368 0696 usbaudio - ok
19:58:12.0400 0696 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:12.0446 0696 usbccgp - ok
19:58:12.0478 0696 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:58:12.0509 0696 usbcir - ok
19:58:12.0540 0696 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:58:12.0556 0696 usbehci - ok
19:58:12.0587 0696 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:12.0618 0696 usbhub - ok
19:58:12.0634 0696 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:58:12.0649 0696 usbohci - ok
19:58:12.0696 0696 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:58:12.0712 0696 usbprint - ok
19:58:12.0727 0696 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:58:12.0758 0696 usbscan - ok
19:58:12.0774 0696 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:12.0805 0696 USBSTOR - ok
19:58:12.0805 0696 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
19:58:12.0821 0696 usbuhci - ok
19:58:12.0852 0696 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:58:12.0883 0696 UxSms - ok
19:58:12.0914 0696 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:58:12.0930 0696 VaultSvc - ok
19:58:12.0946 0696 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:58:12.0961 0696 vdrvroot - ok
19:58:13.0008 0696 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:58:13.0055 0696 vds - ok
19:58:13.0086 0696 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:13.0102 0696 vga - ok
19:58:13.0117 0696 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:58:13.0148 0696 VgaSave - ok
19:58:13.0195 0696 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:58:13.0211 0696 vhdmp - ok
19:58:13.0226 0696 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:58:13.0242 0696 viaagp - ok
19:58:13.0258 0696 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:58:13.0289 0696 ViaC7 - ok
19:58:13.0304 0696 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:58:13.0320 0696 viaide - ok
19:58:13.0351 0696 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:58:13.0367 0696 vmbus - ok
19:58:13.0382 0696 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:58:13.0398 0696 VMBusHID - ok
19:58:13.0414 0696 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:58:13.0429 0696 volmgr - ok
19:58:13.0460 0696 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:58:13.0476 0696 volmgrx - ok
19:58:13.0507 0696 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:58:13.0523 0696 volsnap - ok
19:58:13.0554 0696 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:58:13.0570 0696 vsmraid - ok
19:58:13.0648 0696 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:58:13.0694 0696 VSS - ok
19:58:13.0726 0696 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:58:13.0741 0696 vwifibus - ok
19:58:13.0788 0696 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:58:13.0835 0696 W32Time - ok
19:58:13.0866 0696 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:58:13.0897 0696 WacomPen - ok
19:58:13.0928 0696 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:14.0006 0696 WANARP - ok
19:58:14.0006 0696 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:14.0053 0696 Wanarpv6 - ok
19:58:14.0162 0696 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:58:14.0225 0696 wbengine - ok
19:58:14.0256 0696 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:58:14.0287 0696 WbioSrvc - ok
19:58:14.0350 0696 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
19:58:14.0365 0696 WcesComm - ok
19:58:14.0412 0696 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:58:14.0443 0696 wcncsvc - ok
19:58:14.0459 0696 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:58:14.0506 0696 WcsPlugInService - ok
19:58:14.0568 0696 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:58:14.0599 0696 Wd - ok
19:58:14.0630 0696 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:58:14.0662 0696 Wdf01000 - ok
19:58:14.0677 0696 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:58:14.0724 0696 WdiServiceHost - ok
19:58:14.0724 0696 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:58:14.0755 0696 WdiSystemHost - ok
19:58:14.0786 0696 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:58:14.0818 0696 WebClient - ok
19:58:14.0833 0696 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:58:14.0864 0696 Wecsvc - ok
19:58:14.0864 0696 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:58:14.0896 0696 wercplsupport - ok
19:58:14.0927 0696 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:58:14.0958 0696 WerSvc - ok
19:58:14.0989 0696 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:58:15.0005 0696 WfpLwf - ok
19:58:15.0020 0696 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:58:15.0036 0696 WIMMount - ok
19:58:15.0130 0696 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:58:15.0192 0696 WinDefend - ok
19:58:15.0223 0696 WinHttpAutoProxySvc - ok
19:58:15.0286 0696 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:58:15.0317 0696 Winmgmt - ok
19:58:15.0395 0696 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:58:15.0457 0696 WinRM - ok
19:58:15.0520 0696 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:58:15.0566 0696 WinUsb - ok
19:58:15.0660 0696 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:58:15.0691 0696 Wlansvc - ok
19:58:15.0722 0696 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:58:15.0738 0696 WmiAcpi - ok
19:58:15.0800 0696 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:58:15.0832 0696 wmiApSrv - ok
19:58:15.0956 0696 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:58:16.0003 0696 WMPNetworkSvc - ok
19:58:16.0019 0696 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:58:16.0066 0696 WPCSvc - ok
19:58:16.0097 0696 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:58:16.0128 0696 WPDBusEnum - ok
19:58:16.0175 0696 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:16.0222 0696 ws2ifsl - ok
19:58:16.0253 0696 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
19:58:16.0284 0696 wscsvc - ok
19:58:16.0284 0696 WSearch - ok
19:58:16.0409 0696 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:58:16.0456 0696 wuauserv - ok
19:58:16.0596 0696 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:58:16.0627 0696 WudfPf - ok
19:58:16.0674 0696 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:16.0705 0696 WUDFRd - ok
19:58:16.0736 0696 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:58:16.0768 0696 wudfsvc - ok
19:58:16.0799 0696 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:58:16.0846 0696 WwanSvc - ok
19:58:16.0877 0696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:58:17.0189 0696 \Device\Harddisk0\DR0 - ok
19:58:17.0204 0696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:58:17.0267 0696 \Device\Harddisk1\DR1 - ok
19:58:17.0298 0696 Boot (0x1200) (9886de89c5c5d3c69595bc4452f700ed) \Device\Harddisk0\DR0\Partition0
19:58:17.0298 0696 \Device\Harddisk0\DR0\Partition0 - ok
19:58:17.0314 0696 Boot (0x1200) (67535f5cbdfbd0f6102ccaff19ac2328) \Device\Harddisk1\DR1\Partition0
19:58:17.0329 0696 \Device\Harddisk1\DR1\Partition0 - ok
19:58:17.0329 0696 ============================================================
19:58:17.0329 0696 Scan finished
19:58:17.0329 0696 ============================================================
19:58:17.0329 4000 Detected object count: 1
19:58:17.0329 4000 Actual detected object count: 1
19:59:27.0139 4000 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:27.0139 4000 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 13.08.2012 19:36
Die Logs bitte in CODE-Tags posten!!!


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hai123 13.08.2012 20:04
Die Logs bitte in CODE-Tags posten!!!
Sorry - wie geht das?

Na, habs doch noch geschafft:
hier bitte

Code:
19:52:58.0277 0876        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:52:58.0449 0876        ============================================================
19:52:58.0449 0876        Current date / time: 2012/08/13 19:52:58.0449
19:52:58.0449 0876        SystemInfo:
19:52:58.0449 0876       
19:52:58.0449 0876        OS Version: 6.1.7601 ServicePack: 1.0
19:52:58.0449 0876        Product type: Workstation
19:52:58.0449 0876        ComputerName: ROLAND-PC
19:52:58.0449 0876        UserName: Roland
19:52:58.0449 0876        Windows directory: C:\Windows
19:52:58.0449 0876        System windows directory: C:\Windows
19:52:58.0449 0876        Processor architecture: Intel x86
19:52:58.0449 0876        Number of processors: 2
19:52:58.0449 0876        Page size: 0x1000
19:52:58.0449 0876        Boot type: Normal boot
19:52:58.0449 0876        ============================================================
19:53:00.0695 0876        Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:53:00.0695 0876        Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:53:00.0695 0876        ============================================================
19:53:00.0695 0876        \Device\Harddisk0\DR0:
19:53:00.0695 0876        MBR partitions:
19:53:00.0695 0876        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2E937800
19:53:00.0695 0876        \Device\Harddisk1\DR1:
19:53:00.0695 0876        MBR partitions:
19:53:00.0695 0876        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4000
19:53:00.0695 0876        ============================================================
19:53:00.0726 0876        C: <-> \Device\Harddisk0\DR0\Partition0
19:53:00.0726 0876        F: <-> \Device\Harddisk1\DR1\Partition0
19:53:00.0726 0876        ============================================================
19:53:00.0726 0876        Initialize success
19:53:00.0726 0876        ============================================================
19:57:44.0554 0696        ============================================================
19:57:44.0554 0696        Scan started
19:57:44.0554 0696        Mode: Manual; SigCheck; TDLFS;
19:57:44.0554 0696        ============================================================
19:57:44.0975 0696        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:57:45.0068 0696        1394ohci - ok
19:57:45.0162 0696        AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files\AAVUpdateManager\aavus.exe
19:57:45.0162 0696        AAV UpdateService - ok
19:57:45.0224 0696        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:57:45.0240 0696        ACPI - ok
19:57:45.0287 0696        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:57:45.0334 0696        AcpiPmi - ok
19:57:45.0427 0696        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:57:45.0443 0696        AdobeARMservice - ok
19:57:45.0521 0696        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:45.0536 0696        AdobeFlashPlayerUpdateSvc - ok
19:57:45.0599 0696        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:57:45.0614 0696        adp94xx - ok
19:57:45.0646 0696        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:57:45.0661 0696        adpahci - ok
19:57:45.0677 0696        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:57:45.0692 0696        adpu320 - ok
19:57:45.0724 0696        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:57:45.0786 0696        AeLookupSvc - ok
19:57:45.0833 0696        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:57:45.0895 0696        AFD - ok
19:57:45.0926 0696        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:57:45.0942 0696        agp440 - ok
19:57:45.0989 0696        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:57:45.0989 0696        aic78xx - ok
19:57:46.0036 0696        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:57:46.0082 0696        ALG - ok
19:57:46.0114 0696        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:57:46.0129 0696        aliide - ok
19:57:46.0176 0696        AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe
19:57:46.0223 0696        AMD External Events Utility - ok
19:57:46.0316 0696        AMD FUEL Service - ok
19:57:46.0348 0696        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:57:46.0379 0696        amdagp - ok
19:57:46.0410 0696        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:57:46.0426 0696        amdide - ok
19:57:46.0441 0696        amdiox86        (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
19:57:46.0457 0696        amdiox86 - ok
19:57:46.0519 0696        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:57:46.0582 0696        AmdK8 - ok
19:57:47.0159 0696        amdkmdag        (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:47.0424 0696        amdkmdag - ok
19:57:47.0580 0696        amdkmdap        (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys
19:57:47.0627 0696        amdkmdap - ok
19:57:47.0674 0696        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:57:47.0705 0696        AmdPPM - ok
19:57:47.0736 0696        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:57:47.0752 0696        amdsata - ok
19:57:47.0783 0696        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:57:47.0798 0696        amdsbs - ok
19:57:47.0814 0696        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:57:47.0830 0696        amdxata - ok
19:57:47.0939 0696        AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:57:47.0954 0696        AntiVirSchedulerService - ok
19:57:47.0986 0696        AntiVirService  (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:57:48.0001 0696        AntiVirService - ok
19:57:48.0032 0696        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:57:48.0142 0696        AppID - ok
19:57:48.0188 0696        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:57:48.0235 0696        AppIDSvc - ok
19:57:48.0251 0696        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:57:48.0298 0696        Appinfo - ok
19:57:48.0329 0696        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
19:57:48.0376 0696        AppMgmt - ok
19:57:48.0407 0696        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:57:48.0422 0696        arc - ok
19:57:48.0438 0696        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:57:48.0454 0696        arcsas - ok
19:57:48.0485 0696        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:48.0578 0696        AsyncMac - ok
19:57:48.0625 0696        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:57:48.0656 0696        atapi - ok
19:57:48.0719 0696        AtiHDAudioService (6adc42cf4a6ab84975ca63dccfaaf5d8) C:\Windows\system32\drivers\AtihdW73.sys
19:57:48.0719 0696        AtiHDAudioService - ok
19:57:49.0249 0696        atikmdag        (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:49.0390 0696        atikmdag - ok
19:57:49.0514 0696        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:57:49.0561 0696        AudioEndpointBuilder - ok
19:57:49.0561 0696        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:57:49.0592 0696        Audiosrv - ok
19:57:49.0670 0696        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:57:49.0686 0696        avgntflt - ok
19:57:49.0733 0696        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:57:49.0748 0696        avipbb - ok
19:57:49.0764 0696        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:57:49.0780 0696        avkmgr - ok
19:57:49.0811 0696        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:57:49.0873 0696        AxInstSV - ok
19:57:49.0920 0696        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:57:49.0967 0696        b06bdrv - ok
19:57:50.0014 0696        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:57:50.0029 0696        b57nd60x - ok
19:57:50.0076 0696        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:57:50.0107 0696        BDESVC - ok
19:57:50.0123 0696        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:57:50.0170 0696        Beep - ok
19:57:50.0232 0696        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
19:57:50.0279 0696        BFE - ok
19:57:50.0326 0696        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:57:50.0372 0696        BITS - ok
19:57:50.0404 0696        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:57:50.0435 0696        blbdrive - ok
19:57:50.0450 0696        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:57:50.0497 0696        bowser - ok
19:57:50.0513 0696        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:57:50.0560 0696        BrFiltLo - ok
19:57:50.0575 0696        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:57:50.0622 0696        BrFiltUp - ok
19:57:50.0653 0696        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:57:50.0700 0696        Browser - ok
19:57:50.0731 0696        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:57:50.0762 0696        Brserid - ok
19:57:50.0778 0696        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:57:50.0809 0696        BrSerWdm - ok
19:57:50.0840 0696        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:57:50.0872 0696        BrUsbMdm - ok
19:57:50.0887 0696        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:57:50.0918 0696        BrUsbSer - ok
19:57:50.0950 0696        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
19:57:50.0996 0696        BthEnum - ok
19:57:51.0028 0696        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:57:51.0043 0696        BTHMODEM - ok
19:57:51.0074 0696        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:57:51.0090 0696        BthPan - ok
19:57:51.0137 0696        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
19:57:51.0168 0696        BTHPORT - ok
19:57:51.0199 0696        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:57:51.0246 0696        bthserv - ok
19:57:51.0262 0696        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
19:57:51.0293 0696        BTHUSB - ok
19:57:51.0324 0696        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:57:51.0371 0696        cdfs - ok
19:57:51.0418 0696        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:57:51.0449 0696        cdrom - ok
19:57:51.0480 0696        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:57:51.0527 0696        CertPropSvc - ok
19:57:51.0542 0696        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:57:51.0558 0696        circlass - ok
19:57:51.0792 0696        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:57:51.0823 0696        CLFS - ok
19:57:51.0886 0696        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:51.0901 0696        clr_optimization_v2.0.50727_32 - ok
19:57:51.0964 0696        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:51.0979 0696        clr_optimization_v4.0.30319_32 - ok
19:57:51.0995 0696        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:52.0010 0696        CmBatt - ok
19:57:52.0042 0696        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:57:52.0042 0696        cmdide - ok
19:57:52.0088 0696        CNG            (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
19:57:52.0120 0696        CNG - ok
19:57:52.0135 0696        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:57:52.0151 0696        Compbatt - ok
19:57:52.0198 0696        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:57:52.0213 0696        CompositeBus - ok
19:57:52.0213 0696        COMSysApp - ok
19:57:52.0229 0696        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:57:52.0244 0696        crcdisk - ok
19:57:52.0276 0696        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
19:57:52.0338 0696        CryptSvc - ok
19:57:52.0385 0696        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:57:52.0432 0696        CSC - ok
19:57:52.0478 0696        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
19:57:52.0510 0696        CscService - ok
19:57:52.0541 0696        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:57:52.0603 0696        DcomLaunch - ok
19:57:52.0634 0696        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:57:52.0681 0696        defragsvc - ok
19:57:52.0744 0696        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:57:52.0822 0696        DfsC - ok
19:57:52.0868 0696        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:57:52.0915 0696        Dhcp - ok
19:57:52.0946 0696        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:57:52.0993 0696        discache - ok
19:57:53.0040 0696        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:57:53.0040 0696        Disk - ok
19:57:53.0071 0696        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:57:53.0118 0696        Dnscache - ok
19:57:53.0149 0696        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:57:53.0196 0696        dot3svc - ok
19:57:53.0227 0696        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:57:53.0274 0696        DPS - ok
19:57:53.0321 0696        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:57:53.0336 0696        drmkaud - ok
19:57:53.0414 0696        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:57:53.0430 0696        DXGKrnl - ok
19:57:53.0461 0696        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:57:53.0508 0696        EapHost - ok
19:57:53.0711 0696        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:57:53.0804 0696        ebdrv - ok
19:57:53.0898 0696        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:57:53.0945 0696        EFS - ok
19:57:54.0007 0696        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:57:54.0054 0696        ehRecvr - ok
19:57:54.0085 0696        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:57:54.0132 0696        ehSched - ok
19:57:54.0210 0696        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:57:54.0257 0696        elxstor - ok
19:57:54.0272 0696        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:57:54.0304 0696        ErrDev - ok
19:57:54.0350 0696        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:57:54.0413 0696        EventSystem - ok
19:57:54.0428 0696        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:57:54.0475 0696        exfat - ok
19:57:54.0506 0696        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:57:54.0553 0696        fastfat - ok
19:57:54.0616 0696        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:57:54.0662 0696        Fax - ok
19:57:54.0694 0696        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:57:54.0725 0696        fdc - ok
19:57:54.0756 0696        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:57:54.0787 0696        fdPHost - ok
19:57:54.0803 0696        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:57:54.0850 0696        FDResPub - ok
19:57:54.0865 0696        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:57:54.0881 0696        FileInfo - ok
19:57:54.0896 0696        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:57:54.0928 0696        Filetrace - ok
19:57:54.0943 0696        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:54.0959 0696        flpydisk - ok
19:57:54.0990 0696        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:57:55.0006 0696        FltMgr - ok
19:57:55.0084 0696        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
19:57:55.0162 0696        FontCache - ok
19:57:55.0240 0696        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:57:55.0255 0696        FontCache3.0.0.0 - ok
19:57:55.0271 0696        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:57:55.0286 0696        FsDepends - ok
19:57:55.0302 0696        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
19:57:55.0318 0696        Fs_Rec - ok
19:57:55.0364 0696        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:57:55.0380 0696        fvevol - ok
19:57:55.0411 0696        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:57:55.0427 0696        gagp30kx - ok
19:57:55.0474 0696        giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
19:57:55.0474 0696        giveio ( UnsignedFile.Multi.Generic ) - warning
19:57:55.0474 0696        giveio - detected UnsignedFile.Multi.Generic (1)
19:57:55.0536 0696        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:57:55.0583 0696        gpsvc - ok
19:57:55.0692 0696        gupdate        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:55.0723 0696        gupdate - ok
19:57:55.0723 0696        gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:55.0739 0696        gupdatem - ok
19:57:55.0770 0696        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:57:55.0801 0696        hcw85cir - ok
19:57:55.0864 0696        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:57:55.0895 0696        HdAudAddService - ok
19:57:55.0942 0696        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:57:55.0973 0696        HDAudBus - ok
19:57:55.0988 0696        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:57:56.0004 0696        HidBatt - ok
19:57:56.0035 0696        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:57:56.0066 0696        HidBth - ok
19:57:56.0098 0696        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:57:56.0144 0696        HidIr - ok
19:57:56.0176 0696        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:57:56.0207 0696        hidserv - ok
19:57:56.0269 0696        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:57:56.0285 0696        HidUsb - ok
19:57:56.0300 0696        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:57:56.0347 0696        hkmsvc - ok
19:57:56.0378 0696        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:57:56.0425 0696        HomeGroupListener - ok
19:57:56.0456 0696        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:57:56.0488 0696        HomeGroupProvider - ok
19:57:56.0534 0696        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:57:56.0550 0696        HpSAMD - ok
19:57:56.0597 0696        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:57:56.0628 0696        HTTP - ok
19:57:56.0659 0696        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:57:56.0675 0696        hwpolicy - ok
19:57:56.0722 0696        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:57:56.0737 0696        i8042prt - ok
19:57:56.0800 0696        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:57:56.0846 0696        iaStorV - ok
19:57:56.0956 0696        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:57:57.0002 0696        idsvc - ok
19:57:57.0034 0696        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:57:57.0034 0696        iirsp - ok
19:57:57.0112 0696        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:57:57.0174 0696        IKEEXT - ok
19:57:57.0205 0696        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:57:57.0221 0696        intelide - ok
19:57:57.0236 0696        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:57:57.0268 0696        intelppm - ok
19:57:57.0299 0696        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:57:57.0330 0696        IPBusEnum - ok
19:57:57.0346 0696        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:57.0392 0696        IpFilterDriver - ok
19:57:57.0455 0696        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:57:57.0517 0696        iphlpsvc - ok
19:57:57.0548 0696        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:57:57.0580 0696        IPMIDRV - ok
19:57:57.0595 0696        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:57:57.0642 0696        IPNAT - ok
19:57:57.0673 0696        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:57:57.0689 0696        IRENUM - ok
19:57:57.0736 0696        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:57:57.0751 0696        isapnp - ok
19:57:57.0767 0696        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:57:57.0798 0696        iScsiPrt - ok
19:57:57.0829 0696        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:57:57.0829 0696        kbdclass - ok
19:57:57.0860 0696        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
19:57:57.0892 0696        kbdhid - ok
19:57:57.0907 0696        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:57:57.0923 0696        KeyIso - ok
19:57:57.0938 0696        KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
19:57:57.0954 0696        KSecDD - ok
19:57:57.0985 0696        KSecPkg        (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
19:57:58.0001 0696        KSecPkg - ok
19:57:58.0048 0696        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:57:58.0079 0696        KtmRm - ok
19:57:58.0141 0696        L8042Kbd        (d88846f9f4f27ae9be584a6e5b6b8753) C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:57:58.0157 0696        L8042Kbd - ok
19:57:58.0204 0696        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:57:58.0250 0696        LanmanServer - ok
19:57:58.0266 0696        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:57:58.0313 0696        LanmanWorkstation - ok
19:57:58.0375 0696        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:57:58.0422 0696        lltdio - ok
19:57:58.0453 0696        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:57:58.0500 0696        lltdsvc - ok
19:57:58.0516 0696        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:57:58.0547 0696        lmhosts - ok
19:57:58.0578 0696        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:57:58.0594 0696        LSI_FC - ok
19:57:58.0609 0696        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:57:58.0625 0696        LSI_SAS - ok
19:57:58.0656 0696        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:57:58.0656 0696        LSI_SAS2 - ok
19:57:58.0687 0696        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:57:58.0703 0696        LSI_SCSI - ok
19:57:58.0718 0696        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:57:58.0750 0696        luafv - ok
19:57:58.0796 0696        LVUSBSta        (9e9306063ecd8aa91b3fb76678d3cee2) C:\Windows\system32\drivers\LVUSBSta.sys
19:57:58.0812 0696        LVUSBSta - ok
19:57:58.0828 0696        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:57:58.0843 0696        Mcx2Svc - ok
19:57:58.0859 0696        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:57:58.0874 0696        megasas - ok
19:57:58.0906 0696        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:57:58.0921 0696        MegaSR - ok
19:57:58.0952 0696        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:57:58.0999 0696        MMCSS - ok
19:57:59.0015 0696        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:57:59.0062 0696        Modem - ok
19:57:59.0077 0696        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:57:59.0108 0696        monitor - ok
19:57:59.0140 0696        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:57:59.0155 0696        mouclass - ok
19:57:59.0186 0696        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:57:59.0218 0696        mouhid - ok
19:57:59.0249 0696        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:57:59.0264 0696        mountmgr - ok
19:57:59.0389 0696        MozillaMaintenance (c1b935882344f9db73168611ebda1c11) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:57:59.0405 0696        MozillaMaintenance - ok
19:57:59.0436 0696        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:57:59.0452 0696        mpio - ok
19:57:59.0467 0696        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:57:59.0514 0696        mpsdrv - ok
19:57:59.0576 0696        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:57:59.0623 0696        MpsSvc - ok
19:57:59.0654 0696        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:57:59.0686 0696        MRxDAV - ok
19:57:59.0717 0696        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:59.0764 0696        mrxsmb - ok
19:57:59.0795 0696        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:59.0826 0696        mrxsmb10 - ok
19:57:59.0857 0696        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:59.0873 0696        mrxsmb20 - ok
19:57:59.0888 0696        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:57:59.0904 0696        msahci - ok
19:57:59.0935 0696        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:57:59.0951 0696        msdsm - ok
19:57:59.0982 0696        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:58:00.0013 0696        MSDTC - ok
19:58:00.0060 0696        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:58:00.0076 0696        Msfs - ok
19:58:00.0091 0696        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:58:00.0138 0696        mshidkmdf - ok
19:58:00.0169 0696        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:58:00.0185 0696        msisadrv - ok
19:58:00.0216 0696        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:58:00.0263 0696        MSiSCSI - ok
19:58:00.0263 0696        msiserver - ok
19:58:00.0294 0696        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:00.0325 0696        MSKSSRV - ok
19:58:00.0325 0696        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:00.0372 0696        MSPCLOCK - ok
19:58:00.0388 0696        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:58:00.0434 0696        MSPQM - ok
19:58:00.0450 0696        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:58:00.0481 0696        MsRPC - ok
19:58:00.0497 0696        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:58:00.0512 0696        mssmbios - ok
19:58:00.0528 0696        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:58:00.0559 0696        MSTEE - ok
19:58:00.0559 0696        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:58:00.0575 0696        MTConfig - ok
19:58:00.0606 0696        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:58:00.0622 0696        Mup - ok
19:58:00.0653 0696        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:58:00.0700 0696        napagent - ok
19:58:00.0731 0696        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:00.0762 0696        NativeWifiP - ok
19:58:00.0824 0696        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:58:00.0856 0696        NDIS - ok
19:58:00.0887 0696        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:00.0934 0696        NdisCap - ok
19:58:00.0949 0696        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:00.0996 0696        NdisTapi - ok
19:58:01.0043 0696        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:01.0074 0696        Ndisuio - ok
19:58:01.0121 0696        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:01.0152 0696        NdisWan - ok
19:58:01.0168 0696        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:58:01.0199 0696        NDProxy - ok
19:58:01.0214 0696        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:58:01.0261 0696        NetBIOS - ok
19:58:01.0308 0696        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:58:01.0339 0696        NetBT - ok
19:58:01.0355 0696        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:58:01.0370 0696        Netlogon - ok
19:58:01.0417 0696        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:58:01.0511 0696        Netman - ok
19:58:01.0542 0696        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:58:01.0589 0696        netprofm - ok
19:58:01.0667 0696        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:58:01.0682 0696        NetTcpPortSharing - ok
19:58:01.0714 0696        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:58:01.0729 0696        nfrd960 - ok
19:58:01.0776 0696        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:58:01.0807 0696        NlaSvc - ok
19:58:01.0854 0696        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:58:01.0901 0696        Npfs - ok
19:58:01.0916 0696        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:58:01.0948 0696        nsi - ok
19:58:01.0963 0696        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:58:01.0994 0696        nsiproxy - ok
19:58:02.0088 0696        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:58:02.0119 0696        Ntfs - ok
19:58:02.0135 0696        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:58:02.0182 0696        Null - ok
19:58:02.0228 0696        NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:58:02.0275 0696        NVENETFD - ok
19:58:02.0322 0696        NVNET          (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
19:58:02.0338 0696        NVNET - ok
19:58:02.0369 0696        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:58:02.0384 0696        nvraid - ok
19:58:02.0416 0696        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:58:02.0416 0696        nvstor - ok
19:58:02.0447 0696        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:58:02.0462 0696        nv_agp - ok
19:58:02.0478 0696        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:58:02.0509 0696        ohci1394 - ok
19:58:02.0556 0696        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:58:02.0618 0696        p2pimsvc - ok
19:58:02.0665 0696        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:58:02.0696 0696        p2psvc - ok
19:58:02.0743 0696        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:58:02.0759 0696        Parport - ok
19:58:02.0790 0696        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
19:58:02.0806 0696        partmgr - ok
19:58:02.0821 0696        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:58:02.0852 0696        Parvdm - ok
19:58:02.0868 0696        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:58:02.0884 0696        PcaSvc - ok
19:58:02.0915 0696        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:58:02.0930 0696        pci - ok
19:58:02.0946 0696        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:58:02.0962 0696        pciide - ok
19:58:02.0977 0696        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:58:03.0008 0696        pcmcia - ok
19:58:03.0024 0696        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:58:03.0040 0696        pcw - ok
19:58:03.0102 0696        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:58:03.0149 0696        PEAUTH - ok
19:58:03.0227 0696        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
19:58:03.0305 0696        PeerDistSvc - ok
19:58:03.0367 0696        pepifilter      (d30eda6e1ab3c8c82f2ca085ab79040a) C:\Windows\system32\DRIVERS\lv302af.sys
19:58:03.0383 0696        pepifilter - ok
19:58:03.0476 0696        PID_PEPI        (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\Windows\system32\DRIVERS\LV302V32.SYS
19:58:03.0523 0696        PID_PEPI - ok
19:58:03.0617 0696        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:58:03.0664 0696        pla - ok
19:58:03.0804 0696        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:58:03.0835 0696        PlugPlay - ok
19:58:03.0866 0696        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:58:03.0882 0696        PNRPAutoReg - ok
19:58:03.0913 0696        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:58:03.0929 0696        PNRPsvc - ok
19:58:03.0976 0696        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:58:04.0007 0696        PolicyAgent - ok
19:58:04.0054 0696        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:58:04.0085 0696        Power - ok
19:58:04.0163 0696        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:04.0225 0696        PptpMiniport - ok
19:58:04.0241 0696        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:58:04.0288 0696        Processor - ok
19:58:04.0319 0696        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
19:58:04.0366 0696        ProfSvc - ok
19:58:04.0397 0696        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:58:04.0412 0696        ProtectedStorage - ok
19:58:04.0444 0696        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:58:04.0475 0696        Psched - ok
19:58:04.0553 0696        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:58:04.0600 0696        ql2300 - ok
19:58:04.0709 0696        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:58:04.0740 0696        ql40xx - ok
19:58:04.0771 0696        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:58:04.0787 0696        QWAVE - ok
19:58:04.0802 0696        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:58:04.0818 0696        QWAVEdrv - ok
19:58:04.0880 0696        RapiMgr        (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
19:58:04.0896 0696        RapiMgr - ok
19:58:04.0912 0696        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:04.0958 0696        RasAcd - ok
19:58:04.0990 0696        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:58:05.0036 0696        RasAgileVpn - ok
19:58:05.0068 0696        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:58:05.0099 0696        RasAuto - ok
19:58:05.0130 0696        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:05.0177 0696        Rasl2tp - ok
19:58:05.0224 0696        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:58:05.0270 0696        RasMan - ok
19:58:05.0286 0696        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:05.0333 0696        RasPppoe - ok
19:58:05.0348 0696        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:05.0395 0696        RasSstp - ok
19:58:05.0442 0696        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:05.0520 0696        rdbss - ok
19:58:05.0536 0696        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:58:05.0551 0696        rdpbus - ok
19:58:05.0582 0696        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:05.0614 0696        RDPCDD - ok
19:58:05.0645 0696        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:58:05.0676 0696        RDPDR - ok
19:58:05.0692 0696        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:58:05.0723 0696        RDPENCDD - ok
19:58:05.0738 0696        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:58:05.0754 0696        RDPREFMP - ok
19:58:05.0801 0696        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
19:58:05.0848 0696        RDPWD - ok
19:58:05.0894 0696        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:58:05.0926 0696        rdyboost - ok
19:58:05.0957 0696        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:58:06.0035 0696        RemoteAccess - ok
19:58:06.0066 0696        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:58:06.0113 0696        RemoteRegistry - ok
19:58:06.0160 0696        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:58:06.0191 0696        RFCOMM - ok
19:58:06.0206 0696        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:58:06.0238 0696        RpcEptMapper - ok
19:58:06.0269 0696        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:58:06.0284 0696        RpcLocator - ok
19:58:06.0331 0696        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:58:06.0362 0696        RpcSs - ok
19:58:06.0409 0696        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:06.0440 0696        rspndr - ok
19:58:06.0472 0696        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:58:06.0503 0696        s3cap - ok
19:58:06.0518 0696        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:58:06.0534 0696        SamSs - ok
19:58:06.0581 0696        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:58:06.0596 0696        sbp2port - ok
19:58:06.0628 0696        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:58:06.0659 0696        SCardSvr - ok
19:58:06.0674 0696        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:58:06.0721 0696        scfilter - ok
19:58:06.0784 0696        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:58:06.0877 0696        Schedule - ok
19:58:06.0893 0696        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:58:06.0924 0696        SCPolicySvc - ok
19:58:06.0955 0696        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:58:07.0002 0696        SDRSVC - ok
19:58:07.0033 0696        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:58:07.0080 0696        secdrv - ok
19:58:07.0111 0696        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:58:07.0142 0696        seclogon - ok
19:58:07.0174 0696        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:58:07.0220 0696        SENS - ok
19:58:07.0252 0696        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:58:07.0283 0696        SensrSvc - ok
19:58:07.0298 0696        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:58:07.0314 0696        Serenum - ok
19:58:07.0330 0696        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:58:07.0361 0696        Serial - ok
19:58:07.0376 0696        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:58:07.0408 0696        sermouse - ok
19:58:07.0439 0696        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:58:07.0486 0696        SessionEnv - ok
19:58:07.0517 0696        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:58:07.0548 0696        sffdisk - ok
19:58:07.0564 0696        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:58:07.0595 0696        sffp_mmc - ok
19:58:07.0610 0696        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:58:07.0626 0696        sffp_sd - ok
19:58:07.0657 0696        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:58:07.0673 0696        sfloppy - ok
19:58:07.0720 0696        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:58:07.0766 0696        SharedAccess - ok
19:58:07.0813 0696        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:58:07.0891 0696        ShellHWDetection - ok
19:58:07.0922 0696        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:58:07.0922 0696        sisagp - ok
19:58:07.0954 0696        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:58:07.0969 0696        SiSRaid2 - ok
19:58:07.0985 0696        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:58:08.0000 0696        SiSRaid4 - ok
19:58:08.0266 0696        Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:58:08.0344 0696        Skype C2C Service - ok
19:58:08.0453 0696        SkypeUpdate    (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
19:58:08.0468 0696        SkypeUpdate - ok
19:58:08.0609 0696        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:58:08.0640 0696        Smb - ok
19:58:08.0687 0696        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:58:08.0702 0696        SNMPTRAP - ok
19:58:08.0765 0696        speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
19:58:08.0780 0696        speedfan - ok
19:58:08.0812 0696        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:58:08.0827 0696        spldr - ok
19:58:08.0874 0696        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:58:08.0921 0696        Spooler - ok
19:58:09.0108 0696        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:58:09.0202 0696        sppsvc - ok
19:58:09.0295 0696        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:58:09.0342 0696        sppuinotify - ok
19:58:09.0404 0696        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:58:09.0451 0696        srv - ok
19:58:09.0467 0696        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:58:09.0498 0696        srv2 - ok
19:58:09.0529 0696        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:09.0545 0696        srvnet - ok
19:58:09.0576 0696        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:58:09.0623 0696        SSDPSRV - ok
19:58:09.0670 0696        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:58:09.0685 0696        ssmdrv - ok
19:58:09.0701 0696        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:58:09.0763 0696        SstpSvc - ok
19:58:09.0794 0696        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:58:09.0794 0696        stexstor - ok
19:58:09.0841 0696        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:58:09.0888 0696        StiSvc - ok
19:58:09.0919 0696        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:58:09.0935 0696        storflt - ok
19:58:09.0966 0696        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
19:58:09.0997 0696        StorSvc - ok
19:58:10.0013 0696        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:58:10.0028 0696        storvsc - ok
19:58:10.0044 0696        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:58:10.0060 0696        swenum - ok
19:58:10.0106 0696        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:58:10.0138 0696        swprv - ok
19:58:10.0231 0696        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:58:10.0294 0696        SysMain - ok
19:58:10.0325 0696        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:58:10.0356 0696        TabletInputService - ok
19:58:10.0387 0696        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:58:10.0418 0696        TapiSrv - ok
19:58:10.0450 0696        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:58:10.0496 0696        TBS - ok
19:58:10.0606 0696        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
19:58:10.0637 0696        Tcpip - ok
19:58:10.0668 0696        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:10.0699 0696        TCPIP6 - ok
19:58:10.0808 0696        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:58:10.0871 0696        tcpipreg - ok
19:58:10.0902 0696        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:58:10.0933 0696        TDPIPE - ok
19:58:10.0949 0696        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:58:10.0964 0696        TDTCP - ok
19:58:10.0996 0696        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:58:11.0042 0696        tdx - ok
19:58:11.0074 0696        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:58:11.0089 0696        TermDD - ok
19:58:11.0152 0696        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:58:11.0198 0696        TermService - ok
19:58:11.0230 0696        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:58:11.0261 0696        Themes - ok
19:58:11.0292 0696        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:58:11.0323 0696        THREADORDER - ok
19:58:11.0339 0696        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:58:11.0386 0696        TrkWks - ok
19:58:11.0448 0696        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:58:11.0510 0696        TrustedInstaller - ok
19:58:11.0542 0696        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:11.0573 0696        tssecsrv - ok
19:58:11.0620 0696        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:58:11.0651 0696        TsUsbFlt - ok
19:58:11.0698 0696        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:11.0744 0696        tunnel - ok
19:58:11.0760 0696        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:58:11.0776 0696        uagp35 - ok
19:58:11.0807 0696        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:58:11.0854 0696        udfs - ok
19:58:11.0900 0696        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:58:11.0932 0696        UI0Detect - ok
19:58:11.0963 0696        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:58:11.0994 0696        uliagpkx - ok
19:58:12.0025 0696        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
19:58:12.0072 0696        umbus - ok
19:58:12.0119 0696        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:58:12.0150 0696        UmPass - ok
19:58:12.0181 0696        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
19:58:12.0212 0696        UmRdpService - ok
19:58:12.0259 0696        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:58:12.0306 0696        upnphost - ok
19:58:12.0337 0696        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:58:12.0368 0696        usbaudio - ok
19:58:12.0400 0696        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:12.0446 0696        usbccgp - ok
19:58:12.0478 0696        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:58:12.0509 0696        usbcir - ok
19:58:12.0540 0696        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:58:12.0556 0696        usbehci - ok
19:58:12.0587 0696        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:12.0618 0696        usbhub - ok
19:58:12.0634 0696        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:58:12.0649 0696        usbohci - ok
19:58:12.0696 0696        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:58:12.0712 0696        usbprint - ok
19:58:12.0727 0696        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:58:12.0758 0696        usbscan - ok
19:58:12.0774 0696        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:12.0805 0696        USBSTOR - ok
19:58:12.0805 0696        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
19:58:12.0821 0696        usbuhci - ok
19:58:12.0852 0696        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:58:12.0883 0696        UxSms - ok
19:58:12.0914 0696        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:58:12.0930 0696        VaultSvc - ok
19:58:12.0946 0696        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:58:12.0961 0696        vdrvroot - ok
19:58:13.0008 0696        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:58:13.0055 0696        vds - ok
19:58:13.0086 0696        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:13.0102 0696        vga - ok
19:58:13.0117 0696        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:58:13.0148 0696        VgaSave - ok
19:58:13.0195 0696        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:58:13.0211 0696        vhdmp - ok
19:58:13.0226 0696        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:58:13.0242 0696        viaagp - ok
19:58:13.0258 0696        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:58:13.0289 0696        ViaC7 - ok
19:58:13.0304 0696        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:58:13.0320 0696        viaide - ok
19:58:13.0351 0696        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:58:13.0367 0696        vmbus - ok
19:58:13.0382 0696        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:58:13.0398 0696        VMBusHID - ok
19:58:13.0414 0696        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:58:13.0429 0696        volmgr - ok
19:58:13.0460 0696        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:58:13.0476 0696        volmgrx - ok
19:58:13.0507 0696        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:58:13.0523 0696        volsnap - ok
19:58:13.0554 0696        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:58:13.0570 0696        vsmraid - ok
19:58:13.0648 0696        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:58:13.0694 0696        VSS - ok
19:58:13.0726 0696        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:58:13.0741 0696        vwifibus - ok
19:58:13.0788 0696        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:58:13.0835 0696        W32Time - ok
19:58:13.0866 0696        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:58:13.0897 0696        WacomPen - ok
19:58:13.0928 0696        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:14.0006 0696        WANARP - ok
19:58:14.0006 0696        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:14.0053 0696        Wanarpv6 - ok
19:58:14.0162 0696        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:58:14.0225 0696        wbengine - ok
19:58:14.0256 0696        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:58:14.0287 0696        WbioSrvc - ok
19:58:14.0350 0696        WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
19:58:14.0365 0696        WcesComm - ok
19:58:14.0412 0696        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:58:14.0443 0696        wcncsvc - ok
19:58:14.0459 0696        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:58:14.0506 0696        WcsPlugInService - ok
19:58:14.0568 0696        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:58:14.0599 0696        Wd - ok
19:58:14.0630 0696        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:58:14.0662 0696        Wdf01000 - ok
19:58:14.0677 0696        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:58:14.0724 0696        WdiServiceHost - ok
19:58:14.0724 0696        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:58:14.0755 0696        WdiSystemHost - ok
19:58:14.0786 0696        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:58:14.0818 0696        WebClient - ok
19:58:14.0833 0696        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:58:14.0864 0696        Wecsvc - ok
19:58:14.0864 0696        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:58:14.0896 0696        wercplsupport - ok
19:58:14.0927 0696        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:58:14.0958 0696        WerSvc - ok
19:58:14.0989 0696        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:58:15.0005 0696        WfpLwf - ok
19:58:15.0020 0696        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:58:15.0036 0696        WIMMount - ok
19:58:15.0130 0696        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:58:15.0192 0696        WinDefend - ok
19:58:15.0223 0696        WinHttpAutoProxySvc - ok
19:58:15.0286 0696        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:58:15.0317 0696        Winmgmt - ok
19:58:15.0395 0696        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:58:15.0457 0696        WinRM - ok
19:58:15.0520 0696        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:58:15.0566 0696        WinUsb - ok
19:58:15.0660 0696        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:58:15.0691 0696        Wlansvc - ok
19:58:15.0722 0696        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:58:15.0738 0696        WmiAcpi - ok
19:58:15.0800 0696        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:58:15.0832 0696        wmiApSrv - ok
19:58:15.0956 0696        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:58:16.0003 0696        WMPNetworkSvc - ok
19:58:16.0019 0696        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:58:16.0066 0696        WPCSvc - ok
19:58:16.0097 0696        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:58:16.0128 0696        WPDBusEnum - ok
19:58:16.0175 0696        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:16.0222 0696        ws2ifsl - ok
19:58:16.0253 0696        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
19:58:16.0284 0696        wscsvc - ok
19:58:16.0284 0696        WSearch - ok
19:58:16.0409 0696        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:58:16.0456 0696        wuauserv - ok
19:58:16.0596 0696        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:58:16.0627 0696        WudfPf - ok
19:58:16.0674 0696        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:16.0705 0696        WUDFRd - ok
19:58:16.0736 0696        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:58:16.0768 0696        wudfsvc - ok
19:58:16.0799 0696        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:58:16.0846 0696        WwanSvc - ok
19:58:16.0877 0696        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:58:17.0189 0696        \Device\Harddisk0\DR0 - ok
19:58:17.0204 0696        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:58:17.0267 0696        \Device\Harddisk1\DR1 - ok
19:58:17.0298 0696        Boot (0x1200)  (9886de89c5c5d3c69595bc4452f700ed) \Device\Harddisk0\DR0\Partition0
19:58:17.0298 0696        \Device\Harddisk0\DR0\Partition0 - ok
19:58:17.0314 0696        Boot (0x1200)  (67535f5cbdfbd0f6102ccaff19ac2328) \Device\Harddisk1\DR1\Partition0
19:58:17.0329 0696        \Device\Harddisk1\DR1\Partition0 - ok
19:58:17.0329 0696        ============================================================
19:58:17.0329 0696        Scan finished
19:58:17.0329 0696        ============================================================
19:58:17.0329 4000        Detected object count: 1
19:58:17.0329 4000        Actual detected object count: 1
19:59:27.0139 4000        giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:27.0139 4000        giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:42:23.0944 3884        Deinitialize success
PS : giveio soll etwas zu tun haben mit " SpeedFan Hardware und SMART Monitor"
So ein kleines Programm zur Temperaturüberwachung, Lüfter-Drehzahl, Zustand der Festplatten usw

cosinus 14.08.2012 14:01
Ja schön, aber was ist jetzt mit Combofix? :confused:

hai123 14.08.2012 15:21
Sorry Arne, aber ich hab mich da nicht so recht ran getraut. Was ist denn mit Defender
und Firewall von Windows? Soll und kann man die auch abschalten?

cosinus 14.08.2012 16:51
Windows-Firewall kann und sollte an bleiben
Der Defender sollte auch nicht stören

hai123 15.08.2012 09:41
[CODE]
Combofix Logfile:
Code:
ComboFix 12-08-14.05 - Roland 15.08.2012  9:00.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3582.2454 [GMT 2:00]
ausgeführt von:: c:\users\Roland \Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roland \AppData\Local\Temp\_MEI30802\_ctypes.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\_elementtree.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\_hashlib.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\_socket.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\_ssl.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\pyexpat.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\pysqlite2._sqlite.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\python26.dll
c:\users\Roland \AppData\Local\Temp\_MEI30802\pythoncom26.dll
c:\users\Roland \AppData\Local\Temp\_MEI30802\PyWinTypes26.dll
c:\users\Roland \AppData\Local\Temp\_MEI30802\select.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\unicodedata.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\win32api.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\win32com.shell.shell.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\win32crypt.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\win32event.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\win32file.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\win32inet.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\win32pdh.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\win32process.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\windows._cacheinvalidation.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\wx._controls_.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\wx._core_.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\wx._gdi_.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\wx._html2.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\wx._misc_.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\wx._windows_.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\wx._wizard.pyd
c:\users\Roland \AppData\Local\Temp\_MEI30802\wxbase293u_net_vc.dll
c:\users\Roland \AppData\Local\Temp\_MEI30802\wxbase293u_vc.dll
c:\users\Roland \AppData\Local\Temp\_MEI30802\wxmsw293u_adv_vc.dll
c:\users\Roland \AppData\Local\Temp\_MEI30802\wxmsw293u_core_vc.dll
c:\users\Roland \AppData\Local\Temp\_MEI30802\wxmsw293u_html_vc.dll
c:\users\Roland \AppData\Local\Temp\_MEI30802\wxmsw293u_webview_vc.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\_ctypes.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\_elementtree.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\_hashlib.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\_socket.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\_ssl.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\pyexpat.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\pysqlite2._sqlite.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\python26.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\pythoncom26.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\PyWinTypes26.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\select.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\unicodedata.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\win32api.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\win32com.shell.shell.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\win32crypt.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\win32event.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\win32file.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\win32inet.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\win32pdh.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\win32process.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\windows._cacheinvalidation.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wx._controls_.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wx._core_.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wx._gdi_.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wx._html2.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wx._misc_.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wx._windows_.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wx._wizard.pyd
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wxbase293u_net_vc.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wxbase293u_vc.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wxmsw293u_adv_vc.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wxmsw293u_core_vc.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wxmsw293u_html_vc.dll
c:\users\ROLAND~1\AppData\Local\Temp\_MEI30802\wxmsw293u_webview_vc.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-15 bis 2012-08-15  ))))))))))))))))))))))))))))))
.
.
2012-08-15 07:11 . 2012-08-15 07:14        --------        d-----w-        c:\users\Roland\AppData\Local\temp
2012-08-15 06:47 . 2012-07-06 19:23        393728        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-08-15 06:44 . 2012-05-05 07:46        400896        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 06:44 . 2012-07-18 17:47        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 06:44 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-15 06:44 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 06:43 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 06:43 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 06:43 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
2012-08-14 06:46 . 2012-07-16 00:41        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA64F1B9-294C-40B5-AA65-C0EE9FE4683B}\mpengine.dll
2012-08-11 14:01 . 2012-03-09 12:06        24576        ----a-w-        c:\windows\system32\kdbsdk32.dll
2012-08-09 14:52 . 2012-08-09 14:52        --------        d-----w-        C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 07:32 . 2012-03-31 16:40        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-03 07:32 . 2011-07-22 14:41        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-07-02 10:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-11 11:50 . 2012-06-11 11:50        159232        ----a-w-        c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50        65024        ----a-w-        c:\windows\system32\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50        56320        ----a-w-        c:\windows\system32\OVDecode.dll
2012-06-11 11:49 . 2012-06-11 11:49        13008896        ----a-w-        c:\windows\system32\amdocl.dll
2012-06-06 05:05 . 2012-07-11 06:54        1390080        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 06:54        1236992        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 06:54        805376        ----a-w-        c:\windows\system32\cdosys.dll
2012-06-04 09:54 . 2012-06-04 09:54        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-06-04 09:54 . 2012-06-04 09:54        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-06-04 09:54 . 2012-06-04 09:54        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-06-04 09:54 . 2012-06-04 09:54        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-06-04 09:54 . 2012-06-04 09:54        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-06-04 09:54 . 2012-06-04 09:54        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-06-04 09:54 . 2012-06-04 09:54        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-06-04 09:54 . 2012-06-04 09:54        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-06-04 09:54 . 2012-06-04 09:54        367104        ----a-w-        c:\windows\system32\html.iec
2012-06-04 09:54 . 2012-06-04 09:54        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-06-04 09:54 . 2012-06-04 09:54        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-06-04 09:54 . 2012-06-04 09:54        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-06-04 09:54 . 2012-06-04 09:54        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-06-04 09:54 . 2012-06-04 09:54        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-06-04 09:54 . 2012-06-04 09:54        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-06-04 09:54 . 2012-06-04 09:54        101888        ----a-w-        c:\windows\system32\admparse.dll
2012-06-02 22:19 . 2012-06-22 06:00        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 06:00        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 05:59        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 05:59        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 06:00        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 06:00        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 05:59        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 05:59        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 05:59        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 06:55        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 06:55        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 06:55        369336        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 06:55        225280        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 06:55        219136        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2011-07-22 13:59        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-08-12 09:32 . 2012-08-12 09:32        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17        556376        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17        556376        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17        556376        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17        556376        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
"Spotify Web Helper"="c:\users\Roland\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-21 1192664]
"dradio-RecorderTimer"="c:\program files\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
c:\users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\AAVUpdateManager\aavus.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:32]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-26 09:19]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-26 09:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\Roland\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 83.169.186.161 83.169.186.225
FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Canon ScanGear Toolbox 3.1 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-15  09:23:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-15 07:23
.
Vor Suchlauf: 10 Verzeichnis(se), 356.501.880.832 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 357.217.341.440 Bytes frei
.
- - End Of File - - 712AEAEF3B0ECA5EC13E204D3B95ABEE
--- --- ---

cosinus 15.08.2012 19:55
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131