Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Laptop gesperrt: Schweizer Eidgenossenschaft (https://www.trojaner-board.de/120954-laptop-gesperrt-schweizer-eidgenossenschaft.html)

tjun 01.08.2012 10:21
Laptop gesperrt: Schweizer Eidgenossenschaft
 
Hallo meine lieben Helfer

ich war wiedermal so clever, mir irgendwie einen Virus oder etwas ähnliches auf meinen Laptop zu holen...
Wenn der Windows - Desktop erscheinen soll, geht nichts mehr und ein Schild erscheint, das inetwa besagt, dass mein Laptop von der Schweizer Eidgenossenschaft (ich bin Schweizer) gesperrt wurde und ich doch mittels Ukash irgendwie 100€ bezahlen soll.

Ich schreibe hier von einem anderen Laptop, kann den Infizierten jedoch im abgesicherten Modus starten.

Wie soll ich weiter vorgehen?

für Hilfe wäre ich extrem dankbar

Timo

markusg 01.08.2012 10:34
starte im abgesicherten modus mit netzwerk, wenn das geht:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

tjun 01.08.2012 11:34
das ist das Resultat (OTL.txt):


Code:
OTL logfile created on: 01.08.2012 12:01:24 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Brutus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 7,08 Gb Available Physical Memory | 89,67% Memory free
15,79 Gb Paging File | 14,99 Gb Available in Paging File | 94,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,42 Gb Total Space | 486,31 Gb Free Space | 83,64% Space Free | Partition Type: NTFS
 
Computer Name: TONTAFEL | User Name: Brutus | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Brutus\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (mxssvr) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (NINetworkDiscovery) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
SRV - (nimDNSResponder) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer64) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (McAWFwk) -- c:\Programme\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OpcEnum) -- C:\Windows\SysWOW64\Opcenum.exe (OPC Foundation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (d554scard) -- C:\Windows\SysNative\drivers\d554scard.sys (Ericsson AB)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {46CCA001-6A4E-4409-835A-BB1EA185CF7B}
IE:64bit: - HKLM\..\SearchScopes\{46CCA001-6A4E-4409-835A-BB1EA185CF7B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8972025C-042B-43D8-96F4-126236138A87}
IE - HKLM\..\SearchScopes\{8972025C-042B-43D8-96F4-126236138A87}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
IE - HKCU\..\SearchScopes,DefaultScope = {8D0F1903-B870-4DB0-8F4E-D9A6D8B0992A}
IE - HKCU\..\SearchScopes\{8D0F1903-B870-4DB0-8F4E-D9A6D8B0992A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.27 23:40:30 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2011.12.19 23:26:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120627180612.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627180612.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NI Update Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [pzggdovdcqqkrzu] C:\ProgramData\pzggdovd.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Brutus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCD9E43D-9C4E-4BA4-A16F-12C390CEFEDC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 11:43:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Brutus\Desktop\OTL.exe
[2012.08.01 11:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.08.01 10:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\omaklfhhcljjcvt
[2012.07.30 15:43:58 | 000,000,000 | ---D | C] -- C:\Users\Brutus\AppData\Roaming\canon
[2012.07.14 00:49:13 | 000,000,000 | ---D | C] -- C:\Users\Brutus\Desktop\upload
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 11:59:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 11:59:08 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 11:43:26 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Brutus\Desktop\OTL.exe
[2012.08.01 11:26:56 | 000,683,494 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 11:26:56 | 000,624,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 11:26:56 | 000,139,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 11:26:56 | 000,114,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.01 11:20:47 | 001,526,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 10:34:34 | 000,000,051 | ---- | M] () -- C:\ProgramData\rewfekfmucskxsb
[2012.08.01 10:34:25 | 000,184,320 | ---- | M] () -- C:\Users\Brutus\0.1853255995620059.exe
[2012.08.01 10:34:24 | 000,061,440 | ---- | M] () -- C:\ProgramData\pzggdovd.exe
[2012.08.01 10:34:24 | 000,061,440 | ---- | M] () -- C:\Users\Brutus\0.7984018144608425.exe
[2012.08.01 07:46:20 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 07:46:20 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 23:52:20 | 000,484,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 14:14:07 | 000,000,261 | ---- | M] () -- C:\Windows\SIERRA.INI
[2012.07.02 14:04:59 | 000,007,628 | ---- | M] () -- C:\Users\Brutus\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.01 10:34:33 | 000,061,440 | ---- | C] () -- C:\ProgramData\pzggdovd.exe
[2012.08.01 10:34:26 | 000,000,051 | ---- | C] () -- C:\ProgramData\rewfekfmucskxsb
[2012.08.01 10:34:24 | 000,184,320 | ---- | C] () -- C:\Users\Brutus\0.1853255995620059.exe
[2012.08.01 10:34:24 | 000,061,440 | ---- | C] () -- C:\Users\Brutus\0.7984018144608425.exe
[2012.01.05 13:20:48 | 000,007,168 | ---- | C] () -- C:\Users\Brutus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.19 23:18:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.19 23:18:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.19 23:18:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.19 23:18:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.19 23:18:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.13 16:22:38 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.10.27 13:17:10 | 000,000,261 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.06.10 14:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2011.04.16 20:10:49 | 000,007,628 | ---- | C] () -- C:\Users\Brutus\AppData\Local\Resmon.ResmonCfg
[2011.04.11 16:05:49 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.04.11 16:05:10 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.11 16:05:08 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.11 16:05:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.07.30 15:43:58 | 000,000,000 | ---D | M] -- C:\Users\Brutus\AppData\Roaming\canon
[2011.06.19 18:21:23 | 000,000,000 | ---D | M] -- C:\Users\Brutus\AppData\Roaming\Fingertapps
[2012.03.30 20:50:51 | 000,000,000 | ---D | M] -- C:\Users\Brutus\AppData\Roaming\Information Factory
[2011.12.19 00:08:27 | 000,000,000 | ---D | M] -- C:\Users\Brutus\AppData\Roaming\The Creative Assembly
[2012.06.07 23:24:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.10 12:19:42 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2011.04.11 14:10:10 | 000,000,000 | ---D | M] -- C:\apps
[2011.04.15 19:19:21 | 000,000,000 | ---D | M] -- C:\dell
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.04.15 18:59:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.11 16:06:13 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.06.25 10:23:41 | 000,000,000 | ---D | M] -- C:\FIND_EULA_PATH
[2011.04.11 13:38:17 | 000,000,000 | ---D | M] -- C:\Intel
[2012.04.20 14:20:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.05.22 21:01:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.02 14:17:37 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.08.01 10:34:36 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.04.15 18:59:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.19 23:30:28 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.10.27 13:17:45 | 000,000,000 | ---D | M] -- C:\SIERRA
[2011.04.15 19:08:27 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2012.07.31 12:25:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.25 18:32:19 | 000,000,000 | ---D | M] -- C:\Temp
[2011.04.15 18:59:08 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.20 08:03:02 | 000,000,000 | ---D | M] -- C:\Windows
[2011.12.19 22:13:42 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.01.27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2011a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.04.11 16:18:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.04.11 16:18:14 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.04.11 16:18:05 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011.04.11 16:18:08 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.04.11 16:18:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.04.11 16:18:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.04.11 16:18:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.04.11 16:18:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.04.11 16:18:14 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.04.11 16:18:05 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.04.11 16:18:08 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011.04.11 16:18:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.04.11 16:18:38 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.04.11 16:18:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.04.11 16:18:38 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.04.11 16:18:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011.04.11 16:18:14 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.04.11 16:18:14 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.08.01 10:34:25 | 000,184,320 | ---- | M] () -- C:\Users\Brutus\0.1853255995620059.exe
[2012.08.01 10:34:24 | 000,061,440 | ---- | M] () -- C:\Users\Brutus\0.7984018144608425.exe
[2012.08.01 12:12:18 | 002,883,584 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat
[2012.08.01 12:12:18 | 000,262,144 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat.LOG1
[2011.04.15 18:59:13 | 000,000,000 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat.LOG2
[2011.04.15 19:18:40 | 000,065,536 | -HS- | M] () -- C:\Users\Brutus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.04.15 19:18:40 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.04.15 19:18:40 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.04.20 18:08:14 | 000,065,536 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{2de5c140-8ae1-11e1-8e37-d9267407cead}.TM.blf
[2012.04.20 18:08:14 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{2de5c140-8ae1-11e1-8e37-d9267407cead}.TMContainer00000000000000000001.regtrans-ms
[2012.04.20 18:08:14 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{2de5c140-8ae1-11e1-8e37-d9267407cead}.TMContainer00000000000000000002.regtrans-ms
[2011.04.25 22:41:54 | 000,065,536 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{4cbb8120-6f7b-11e0-a6d6-028037ec0200}.TM.blf
[2011.04.25 22:41:54 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{4cbb8120-6f7b-11e0-a6d6-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2011.04.25 22:41:54 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{4cbb8120-6f7b-11e0-a6d6-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2011.07.03 18:29:33 | 000,065,536 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{6d084ce6-a575-11e0-9aeb-028037ec0200}.TM.blf
[2011.07.03 18:29:33 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{6d084ce6-a575-11e0-9aeb-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2011.07.03 18:29:33 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{6d084ce6-a575-11e0-9aeb-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2011.04.28 09:25:00 | 000,065,536 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{741e73e5-715e-11e0-afa4-028037ec0200}.TM.blf
[2011.04.28 09:25:00 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{741e73e5-715e-11e0-afa4-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2011.04.28 09:25:00 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{741e73e5-715e-11e0-afa4-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2011.06.25 05:12:39 | 000,065,536 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{cbbc6a1f-9eca-11e0-b228-028037ec0200}.TM.blf
[2011.06.25 05:12:39 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{cbbc6a1f-9eca-11e0-b228-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2011.06.25 05:12:39 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{cbbc6a1f-9eca-11e0-b228-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2011.11.13 18:12:39 | 000,065,536 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{d892dfa7-0de1-11e1-83d3-028037ec0200}.TM.blf
[2011.11.13 18:12:39 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{d892dfa7-0de1-11e1-83d3-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2011.11.13 18:12:39 | 000,524,288 | -HS- | M] () -- C:\Users\Brutus\ntuser.dat{d892dfa7-0de1-11e1-83d3-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2011.04.15 18:59:13 | 000,000,020 | -HS- | M] () -- C:\Users\Brutus\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >

sorry für meine Dummheit, aber wo kann ich denn das Extra.txt finden???

Danke vielmals für Deine Hilfe

markusg 01.08.2012 15:19
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco
Systems, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NI Update Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
[2012.08.01 10:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\omaklfhhcljjcvt
[2012.08.01 10:34:34 | 000,000,051 | ---- | M] () -- C:\ProgramData\rewfekfmucskxsb
[2012.08.01 10:34:25 | 000,184,320 | ---- | M] () -- C:\Users\Brutus\0.1853255995620059.exe
[2012.08.01 10:34:24 | 000,061,440 | ---- | M] () -- C:\ProgramData\pzggdovd.exe
[2012.08.01 10:34:24 | 000,061,440 | ---- | M] () -- C:\Users\Brutus\0.7984018144608425.exe
 :Files
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)


für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.

tjun 01.08.2012 15:47
sooo, der upload der beiden Datein hat problemlos geklappt.

allerdings komme ich mir doch langsam ziemlich blöd vor, da ich schon wieder diese Textdatei nicht finden kann...

Danke für Deine Bemühungen

markusg 01.08.2012 16:00
du hast alles richtig gemacht, ich aber einen kleinen fehler.
öffne mal c:
_OTl\datum
dort siehst du, dass alle verzeichnisse wie auf dem pc augebaut sind.
wir müssen folgene dateien an ihren original ort wiederherstellen
du musst sie also nur aus dem otl ordner kopieren und auf c:\ in ihr original verzeichniss zurück kopieren.
wobei die dateipfade, wie gesagt in otl und im original gleich sind.

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\SysNative\hkcmd.exe
C:\Windows\SysNative\igfxtray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\SysNative\nvHotkey.dll
C:\Windows\SysNative\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe

danach bitte neustarten
die textdatei habe ich

tjun 01.08.2012 16:24
hihihi

so, sind alle gegangen ausser:

- C:\Program Files\McAfee.com\Agent\mcagent.exe
(es kommt eine Meldung, die besagt, dass ich eine Berechtigung benötige, um es in diesen Ordner zu kopieren.)

und ich habe direkt den ganzen Ordner (C:\Windows\SysNative\) rüberkopiert, da dieser dort nicht mehr existierte..


und nun?
Danke für die Hilfe

markusg 01.08.2012 16:48
läuft mcafee denn noch?

tjun 01.08.2012 16:53
nee, ich glaub nicht

ich glaub das war gerade das Programm, welches ich brauche um das zu überprüfen und einzustellen...

markusg 01.08.2012 16:58
hi
lade dir hier mal die neueste version:
McAfee*&ndash; Lösungen für Virenschutz, Verschlüsselung, Schutz vor Datenverlust, Eindringungsschutzsysteme, Firewalls, E-Mail-Sicherheit, Web-Sicherheit, SaaS, Risiken und Compliance
und instaliere sie erneut

tjun 01.08.2012 17:05
puuuh, muss ich da bezahlen?
muss mal meinen Vater fragen, ob der da noch etwas hat àla Benutzerinformationen...

markusg 01.08.2012 17:14
normalerweise sind upgrades kostenlos, sollte bei mcafee auch so sein

tjun 01.08.2012 17:43
okay, vielen Dank für Deine Hilfe. Ich schau mir das morgen mal an...
ich muss jetzt 1.Aug. feiern.

schönen Abend

okay, McAfee hat sich selbstständig upgedated und läuft jetzt wieder...

vielen Danke und gute Nacht

joaa, oberflächlich scheint alles wieder gut zu laufen.
McAfee funktioniert, die Datei wurde beim Update durch eine neue ersetzt und auch die anderen Programme laufen einwandfrei...

Wie sieht es unter der Oberfläche aus?

Danke für Deine Hilfe

tjun 03.08.2012 10:41
hallo Markus

Ist es denn tatsächlich so, dass mein Laptop schon wieder voll funktionstüchtig ist???

Wenn nicht, was wäre der nächste Schritt? Malwarebites?

Vielen vielen Dank
timo

markusg 03.08.2012 19:04
sorry, is im moment viel zu tun!
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

tjun 03.08.2012 19:53
hi danke für die trotz dem Stress schnelle Antwort

es ist mir ja echt peinlich, aber ich krieg nicht raus, was ich falsch mach:
wenn ich ComboFix vom ersten Link auf dem Desktop speichere, und als Administrator ausführe, öffnet es sich zwar und startet etwas, dann erscheint aber die Meldung "Error - Win32 only" "Inkompatibles Betriebssystem. ComboFix läuft nur unter Windows 2000 und XP"

wenn ich versuche über den zweiten Link zu downloaden: wenn ich auf das Download-Symbol klicke erscheint nur eine riesige Seite voller verwirrter Zeichen...


ich werd echt nicht schlau draus

sorry.... und danke vielmals

markusg 04.08.2012 17:26
versuchen wir mal dies:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

tjun 04.08.2012 17:52
okay, das hat mal funktioniert...

hier ist das log:
Code:
18:45:03.0527 2976        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:45:04.0433 2976        ============================================================
18:45:04.0433 2976        Current date / time: 2012/08/04 18:45:04.0433
18:45:04.0433 2976        SystemInfo:
18:45:04.0433 2976       
18:45:04.0433 2976        OS Version: 6.1.7601 ServicePack: 1.0
18:45:04.0433 2976        Product type: Workstation
18:45:04.0433 2976        ComputerName: TONTAFEL
18:45:04.0433 2976        UserName: Brutus
18:45:04.0433 2976        Windows directory: C:\Windows
18:45:04.0433 2976        System windows directory: C:\Windows
18:45:04.0433 2976        Running under WOW64
18:45:04.0433 2976        Processor architecture: Intel x64
18:45:04.0433 2976        Number of processors: 8
18:45:04.0433 2976        Page size: 0x1000
18:45:04.0433 2976        Boot type: Normal boot
18:45:04.0433 2976        ============================================================
18:45:04.0803 2976        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:04.0813 2976        ============================================================
18:45:04.0813 2976        \Device\Harddisk0\DR0:
18:45:04.0813 2976        MBR partitions:
18:45:04.0813 2976        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
18:45:04.0813 2976        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x48AD8AE3
18:45:04.0813 2976        ============================================================
18:45:04.0853 2976        C: <-> \Device\Harddisk0\DR0\Partition1
18:45:04.0853 2976        ============================================================
18:45:04.0853 2976        Initialize success
18:45:04.0853 2976        ============================================================
18:46:31.0694 3776        ============================================================
18:46:31.0694 3776        Scan started
18:46:31.0694 3776        Mode: Manual; SigCheck; TDLFS;
18:46:31.0694 3776        ============================================================
18:46:32.0164 3776        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:46:32.0374 3776        1394ohci - ok
18:46:32.0414 3776        Acceler        (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
18:46:32.0504 3776        Acceler - ok
18:46:32.0534 3776        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:46:32.0574 3776        ACPI - ok
18:46:32.0594 3776        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:46:32.0734 3776        AcpiPmi - ok
18:46:32.0784 3776        acsock          (0ec911d24f14c969e980e92e4371464d) C:\Windows\system32\DRIVERS\acsock64.sys
18:46:32.0844 3776        acsock - ok
18:46:32.0966 3776        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:46:32.0991 3776        AdobeARMservice - ok
18:46:33.0046 3776        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:46:33.0070 3776        adp94xx - ok
18:46:33.0114 3776        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:46:33.0163 3776        adpahci - ok
18:46:33.0181 3776        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:46:33.0197 3776        adpu320 - ok
18:46:33.0225 3776        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:46:33.0325 3776        AeLookupSvc - ok
18:46:33.0395 3776        AERTFilters    (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:46:33.0465 3776        AERTFilters - ok
18:46:33.0535 3776        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:46:33.0685 3776        AFD - ok
18:46:33.0725 3776        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:46:33.0765 3776        agp440 - ok
18:46:33.0795 3776        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:46:33.0875 3776        ALG - ok
18:46:33.0915 3776        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:46:33.0957 3776        aliide - ok
18:46:33.0963 3776        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:46:33.0974 3776        amdide - ok
18:46:34.0001 3776        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:46:34.0085 3776        AmdK8 - ok
18:46:34.0114 3776        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:46:34.0166 3776        AmdPPM - ok
18:46:34.0218 3776        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:46:34.0282 3776        amdsata - ok
18:46:34.0332 3776        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:46:34.0372 3776        amdsbs - ok
18:46:34.0382 3776        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:46:34.0392 3776        amdxata - ok
18:46:34.0442 3776        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:46:34.0682 3776        AppID - ok
18:46:34.0712 3776        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:46:34.0792 3776        AppIDSvc - ok
18:46:34.0842 3776        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:46:34.0942 3776        Appinfo - ok
18:46:35.0002 3776        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:46:35.0032 3776        arc - ok
18:46:35.0042 3776        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:46:35.0062 3776        arcsas - ok
18:46:35.0082 3776        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:46:35.0162 3776        AsyncMac - ok
18:46:35.0212 3776        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:46:35.0242 3776        atapi - ok
18:46:35.0312 3776        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:46:35.0422 3776        AudioEndpointBuilder - ok
18:46:35.0432 3776        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:46:35.0462 3776        AudioSrv - ok
18:46:35.0512 3776        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:46:35.0662 3776        AxInstSV - ok
18:46:35.0732 3776        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:46:35.0832 3776        b06bdrv - ok
18:46:35.0862 3776        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:46:35.0932 3776        b57nd60a - ok
18:46:35.0982 3776        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:46:36.0042 3776        BDESVC - ok
18:46:36.0062 3776        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:46:36.0142 3776        Beep - ok
18:46:36.0242 3776        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:46:36.0332 3776        BFE - ok
18:46:36.0402 3776        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:46:36.0532 3776        BITS - ok
18:46:36.0592 3776        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:46:36.0662 3776        blbdrive - ok
18:46:36.0712 3776        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:46:36.0762 3776        bowser - ok
18:46:36.0782 3776        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:46:36.0882 3776        BrFiltLo - ok
18:46:36.0892 3776        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:46:36.0952 3776        BrFiltUp - ok
18:46:37.0003 3776        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:46:37.0083 3776        BridgeMP - ok
18:46:37.0143 3776        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:46:37.0243 3776        Browser - ok
18:46:37.0283 3776        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:46:37.0373 3776        Brserid - ok
18:46:37.0403 3776        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:46:37.0463 3776        BrSerWdm - ok
18:46:37.0483 3776        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:46:37.0543 3776        BrUsbMdm - ok
18:46:37.0573 3776        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:46:37.0613 3776        BrUsbSer - ok
18:46:37.0633 3776        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:46:37.0693 3776        BTHMODEM - ok
18:46:37.0743 3776        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:46:37.0833 3776        bthserv - ok
18:46:37.0863 3776        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:46:37.0923 3776        cdfs - ok
18:46:37.0963 3776        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:46:38.0018 3776        cdrom - ok
18:46:38.0056 3776        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:46:38.0150 3776        CertPropSvc - ok
18:46:38.0197 3776        cfwids          (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
18:46:38.0267 3776        cfwids - ok
18:46:38.0292 3776        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:46:38.0332 3776        circlass - ok
18:46:38.0382 3776        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:46:38.0422 3776        CLFS - ok
18:46:38.0492 3776        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:46:38.0532 3776        clr_optimization_v2.0.50727_32 - ok
18:46:38.0572 3776        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:46:38.0612 3776        clr_optimization_v2.0.50727_64 - ok
18:46:38.0692 3776        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:46:38.0722 3776        clr_optimization_v4.0.30319_32 - ok
18:46:38.0752 3776        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:46:38.0782 3776        clr_optimization_v4.0.30319_64 - ok
18:46:38.0802 3776        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:46:38.0862 3776        CmBatt - ok
18:46:38.0902 3776        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:46:38.0932 3776        cmdide - ok
18:46:39.0001 3776        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:46:39.0033 3776        CNG - ok
18:46:39.0072 3776        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:46:39.0082 3776        Compbatt - ok
18:46:39.0118 3776        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:46:39.0201 3776        CompositeBus - ok
18:46:39.0223 3776        COMSysApp - ok
18:46:39.0252 3776        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:46:39.0276 3776        crcdisk - ok
18:46:39.0309 3776        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:46:39.0429 3776        CryptSvc - ok
18:46:39.0479 3776        CtClsFlt        (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:46:39.0599 3776        CtClsFlt - ok
18:46:39.0619 3776        d554gps        (f0d19120042e8d1e6707767d2a3bbaa9) C:\Windows\system32\DRIVERS\d554gps64.sys
18:46:39.0679 3776        d554gps - ok
18:46:39.0719 3776        d554scard      (a85ac106a96a65fbf5e028535d6e866e) C:\Windows\system32\DRIVERS\d554scard.sys
18:46:39.0779 3776        d554scard - ok
18:46:39.0839 3776        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:46:39.0909 3776        DcomLaunch - ok
18:46:39.0969 3776        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:46:40.0035 3776        defragsvc - ok
18:46:40.0075 3776        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:46:40.0176 3776        DfsC - ok
18:46:40.0209 3776        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:46:40.0286 3776        Dhcp - ok
18:46:40.0311 3776        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:46:40.0371 3776        discache - ok
18:46:40.0391 3776        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:46:40.0401 3776        Disk - ok
18:46:40.0431 3776        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:46:40.0561 3776        Dnscache - ok
18:46:40.0601 3776        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:46:40.0701 3776        dot3svc - ok
18:46:40.0741 3776        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:46:40.0821 3776        DPS - ok
18:46:40.0861 3776        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:46:40.0931 3776        drmkaud - ok
18:46:41.0012 3776        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:46:41.0087 3776        DXGKrnl - ok
18:46:41.0121 3776        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:46:41.0189 3776        EapHost - ok
18:46:41.0362 3776        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:46:41.0442 3776        ebdrv - ok
18:46:41.0562 3776        ecnssndis      (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\system32\Drivers\wwuss64.sys
18:46:41.0622 3776        ecnssndis - ok
18:46:41.0642 3776        ecnssndisfltr  (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\system32\Drivers\wwussf64.sys
18:46:41.0652 3776        ecnssndisfltr - ok
18:46:41.0692 3776        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:46:41.0822 3776        EFS - ok
18:46:41.0912 3776        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:46:42.0052 3776        ehRecvr - ok
18:46:42.0102 3776        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:46:42.0152 3776        ehSched - ok
18:46:42.0222 3776        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:46:42.0262 3776        elxstor - ok
18:46:42.0292 3776        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:46:42.0352 3776        ErrDev - ok
18:46:42.0412 3776        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:46:42.0482 3776        EventSystem - ok
18:46:42.0652 3776        EvtEng          (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:46:42.0672 3776        EvtEng - ok
18:46:42.0792 3776        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:46:42.0872 3776        exfat - ok
18:46:42.0892 3776        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:46:42.0962 3776        fastfat - ok
18:46:43.0056 3776        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:46:43.0196 3776        Fax - ok
18:46:43.0220 3776        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:46:43.0233 3776        fdc - ok
18:46:43.0267 3776        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:46:43.0335 3776        fdPHost - ok
18:46:43.0355 3776        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:46:43.0415 3776        FDResPub - ok
18:46:43.0465 3776        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:46:43.0495 3776        FileInfo - ok
18:46:43.0515 3776        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:46:43.0595 3776        Filetrace - ok
18:46:43.0625 3776        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:46:43.0675 3776        flpydisk - ok
18:46:43.0725 3776        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:46:43.0755 3776        FltMgr - ok
18:46:43.0845 3776        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:46:43.0975 3776        FontCache - ok
18:46:44.0048 3776        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:46:44.0121 3776        FontCache3.0.0.0 - ok
18:46:44.0162 3776        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:46:44.0192 3776        FsDepends - ok
18:46:44.0235 3776        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:46:44.0302 3776        Fs_Rec - ok
18:46:44.0359 3776        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:46:44.0429 3776        fvevol - ok
18:46:44.0459 3776        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:46:44.0489 3776        gagp30kx - ok
18:46:44.0559 3776        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:46:44.0669 3776        gpsvc - ok
18:46:44.0699 3776        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:46:44.0779 3776        hcw85cir - ok
18:46:44.0829 3776        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:46:44.0899 3776        HDAudBus - ok
18:46:44.0929 3776        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:46:44.0969 3776        HidBatt - ok
18:46:44.0999 3776        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:46:45.0050 3776        HidBth - ok
18:46:45.0087 3776        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:46:45.0135 3776        HidIr - ok
18:46:45.0173 3776        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:46:45.0264 3776        hidserv - ok
18:46:45.0320 3776        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:46:45.0380 3776        HidUsb - ok
18:46:45.0430 3776        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:46:45.0530 3776        hkmsvc - ok
18:46:45.0580 3776        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:46:45.0680 3776        HomeGroupListener - ok
18:46:45.0710 3776        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:46:45.0780 3776        HomeGroupProvider - ok
18:46:45.0830 3776        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:46:45.0890 3776        HpSAMD - ok
18:46:45.0950 3776        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:46:46.0058 3776        HTTP - ok
18:46:46.0093 3776        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:46:46.0110 3776        hwpolicy - ok
18:46:46.0150 3776        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:46:46.0178 3776        i8042prt - ok
18:46:46.0232 3776        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
18:46:46.0259 3776        iaStor - ok
18:46:46.0299 3776        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:46:46.0374 3776        iaStorV - ok
18:46:46.0474 3776        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:46:46.0534 3776        idsvc - ok
18:46:47.0059 3776        igfx            (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:46:47.0378 3776        igfx - ok
18:46:47.0498 3776        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:46:47.0538 3776        iirsp - ok
18:46:47.0608 3776        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:46:47.0728 3776        IKEEXT - ok
18:46:47.0768 3776        Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:46:47.0868 3776        Impcd - ok
18:46:48.0028 3776        IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
18:46:48.0108 3776        IntcAzAudAddService - ok
18:46:48.0238 3776        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:46:48.0358 3776        IntcDAud - ok
18:46:48.0398 3776        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:46:48.0428 3776        intelide - ok
18:46:48.0458 3776        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:46:48.0508 3776        intelppm - ok
18:46:48.0548 3776        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:46:48.0608 3776        IPBusEnum - ok
18:46:48.0638 3776        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:46:48.0718 3776        IpFilterDriver - ok
18:46:48.0788 3776        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:46:48.0888 3776        iphlpsvc - ok
18:46:48.0928 3776        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:46:48.0988 3776        IPMIDRV - ok
18:46:49.0018 3776        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:46:49.0094 3776        IPNAT - ok
18:46:49.0128 3776        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:46:49.0252 3776        IRENUM - ok
18:46:49.0277 3776        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:46:49.0308 3776        isapnp - ok
18:46:49.0337 3776        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:46:49.0409 3776        iScsiPrt - ok
18:46:49.0459 3776        JMCR            (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys
18:46:49.0529 3776        JMCR - ok
18:46:49.0569 3776        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:46:49.0609 3776        kbdclass - ok
18:46:49.0649 3776        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:46:49.0729 3776        kbdhid - ok
18:46:49.0779 3776        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:46:49.0809 3776        KeyIso - ok
18:46:49.0849 3776        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:46:49.0879 3776        KSecDD - ok
18:46:49.0899 3776        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:46:49.0909 3776        KSecPkg - ok
18:46:49.0939 3776        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:46:50.0009 3776        ksthunk - ok
18:46:50.0059 3776        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:46:50.0138 3776        KtmRm - ok
18:46:50.0208 3776        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:46:50.0285 3776        LanmanServer - ok
18:46:50.0315 3776        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:46:50.0383 3776        LanmanWorkstation - ok
18:46:50.0503 3776        LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
18:46:50.0583 3776        LkCitadelServer - ok
18:46:50.0623 3776        lkClassAds      (b07d786736e7b1719a90365911bc2d0a) C:\Windows\SysWOW64\lkads.exe
18:46:50.0693 3776        lkClassAds - ok
18:46:50.0703 3776        lkTimeSync      (ab1faa47332ec2ee43bbfed7a6f0ea09) C:\Windows\SysWOW64\lktsrv.exe
18:46:50.0743 3776        lkTimeSync - ok
18:46:50.0853 3776        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:46:50.0943 3776        lltdio - ok
18:46:50.0983 3776        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:46:51.0043 3776        lltdsvc - ok
18:46:51.0083 3776        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:46:51.0150 3776        lmhosts - ok
18:46:51.0242 3776        LMS            (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:46:51.0362 3776        LMS - ok
18:46:51.0412 3776        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:46:51.0452 3776        LSI_FC - ok
18:46:51.0472 3776        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:46:51.0512 3776        LSI_SAS - ok
18:46:51.0532 3776        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:46:51.0562 3776        LSI_SAS2 - ok
18:46:51.0572 3776        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:46:51.0582 3776        LSI_SCSI - ok
18:46:51.0612 3776        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:46:51.0692 3776        luafv - ok
18:46:51.0752 3776        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
18:46:51.0782 3776        MBAMProtector - ok
18:46:51.0852 3776        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:46:51.0932 3776        MBAMService - ok
18:46:51.0992 3776        Mbm3CBus        (6ed76604a833d403f24c48c360d2e8b1) C:\Windows\system32\DRIVERS\Mbm3CBus.sys
18:46:52.0072 3776        Mbm3CBus - ok
18:46:52.0092 3776        Mbm3DevMt      (1c2b0e328c181a481f55b53305ae19d6) C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
18:46:52.0164 3776        Mbm3DevMt - ok
18:46:52.0186 3776        Mbm3mdfl        (b1324558985b6c06773655195571f613) C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
18:46:52.0249 3776        Mbm3mdfl - ok
18:46:52.0274 3776        Mbm3Mdm        (f3cc1ccbdae0d8f42028cf4c38589714) C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
18:46:52.0344 3776        Mbm3Mdm - ok
18:46:52.0437 3776        McAWFwk        (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
18:46:52.0497 3776        McAWFwk - ok
18:46:52.0577 3776        McMPFSvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:46:52.0647 3776        McMPFSvc - ok
18:46:52.0657 3776        mcmscsvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:46:52.0707 3776        mcmscsvc - ok
18:46:52.0707 3776        McNaiAnn        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:46:52.0747 3776        McNaiAnn - ok
18:46:52.0767 3776        McNASvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:46:52.0817 3776        McNASvc - ok
18:46:52.0887 3776        McODS          (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe
18:46:52.0917 3776        McODS - ok
18:46:52.0917 3776        McOobeSv        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:46:52.0967 3776        McOobeSv - ok
18:46:52.0967 3776        McProxy        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:46:53.0017 3776        McProxy - ok
18:46:53.0057 3776        McShield        (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:46:53.0127 3776        McShield - ok
18:46:53.0234 3776        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:46:53.0316 3776        Mcx2Svc - ok
18:46:53.0365 3776        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:46:53.0395 3776        megasas - ok
18:46:53.0432 3776        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:46:53.0472 3776        MegaSR - ok
18:46:53.0502 3776        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:46:53.0562 3776        MEIx64 - ok
18:46:53.0612 3776        mfeapfk        (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
18:46:53.0652 3776        mfeapfk - ok
18:46:53.0702 3776        mfeavfk        (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
18:46:53.0782 3776        mfeavfk - ok
18:46:53.0802 3776        mfeavfk01 - ok
18:46:53.0842 3776        mfefire        (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:46:53.0872 3776        mfefire - ok
18:46:53.0912 3776        mfefirek        (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
18:46:53.0992 3776        mfefirek - ok
18:46:54.0072 3776        mfehidk        (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
18:46:54.0112 3776        mfehidk - ok
18:46:54.0132 3776        mfenlfk        (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
18:46:54.0198 3776        mfenlfk - ok
18:46:54.0228 3776        mferkdet        (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
18:46:54.0294 3776        mferkdet - ok
18:46:54.0323 3776        mfevtp          (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
18:46:54.0386 3776        mfevtp - ok
18:46:54.0407 3776        mfewfpk        (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
18:46:54.0420 3776        mfewfpk - ok
18:46:54.0498 3776        Microsoft SharePoint Workspace Audit Service - ok
18:46:54.0538 3776        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:46:54.0608 3776        MMCSS - ok
18:46:54.0638 3776        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:46:54.0668 3776        Modem - ok
18:46:54.0698 3776        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:46:54.0748 3776        monitor - ok
18:46:54.0808 3776        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:46:54.0838 3776        mouclass - ok
18:46:54.0858 3776        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:46:54.0868 3776        mouhid - ok
18:46:54.0908 3776        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:46:54.0948 3776        mountmgr - ok
18:46:54.0988 3776        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:46:55.0048 3776        mpio - ok
18:46:55.0088 3776        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:46:55.0168 3776        mpsdrv - ok
18:46:55.0247 3776        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:46:55.0353 3776        MpsSvc - ok
18:46:55.0392 3776        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:46:55.0468 3776        MRxDAV - ok
18:46:55.0495 3776        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:46:55.0575 3776        mrxsmb - ok
18:46:55.0605 3776        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:46:55.0655 3776        mrxsmb10 - ok
18:46:55.0695 3776        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:46:55.0705 3776        mrxsmb20 - ok
18:46:55.0755 3776        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:46:55.0825 3776        msahci - ok
18:46:55.0865 3776        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:46:55.0945 3776        msdsm - ok
18:46:55.0975 3776        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:46:56.0035 3776        MSDTC - ok
18:46:56.0075 3776        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:46:56.0135 3776        Msfs - ok
18:46:56.0155 3776        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:46:56.0195 3776        mshidkmdf - ok
18:46:56.0205 3776        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:46:56.0222 3776        msisadrv - ok
18:46:56.0263 3776        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:46:56.0319 3776        MSiSCSI - ok
18:46:56.0321 3776        msiserver - ok
18:46:56.0431 3776        MSK80Service    (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:46:56.0500 3776        MSK80Service - ok
18:46:56.0540 3776        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:46:56.0610 3776        MSKSSRV - ok
18:46:56.0630 3776        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:46:56.0700 3776        MSPCLOCK - ok
18:46:56.0730 3776        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:46:56.0790 3776        MSPQM - ok
18:46:56.0840 3776        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:46:56.0890 3776        MsRPC - ok
18:46:56.0920 3776        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:46:56.0960 3776        mssmbios - ok
18:46:56.0980 3776        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:46:57.0060 3776        MSTEE - ok
18:46:57.0090 3776        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:46:57.0100 3776        MTConfig - ok
18:46:57.0120 3776        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:46:57.0130 3776        Mup - ok
18:46:57.0245 3776        mxssvr          (a3ba8a14490fdbf106939c37a125e82c) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
18:46:57.0322 3776        mxssvr - ok
18:46:57.0393 3776        MyWiFiDHCPDNS  (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:46:57.0417 3776        MyWiFiDHCPDNS - ok
18:46:57.0486 3776        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:46:57.0577 3776        napagent - ok
18:46:57.0637 3776        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:46:57.0727 3776        NativeWifiP - ok
18:46:57.0817 3776        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:46:57.0847 3776        NDIS - ok
18:46:57.0867 3776        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:46:57.0897 3776        NdisCap - ok
18:46:57.0937 3776        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:46:58.0027 3776        NdisTapi - ok
18:46:58.0077 3776        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:46:58.0197 3776        Ndisuio - ok
18:46:58.0242 3776        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:46:58.0348 3776        NdisWan - ok
18:46:58.0372 3776        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:46:58.0476 3776        NDProxy - ok
18:46:58.0511 3776        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:46:58.0563 3776        NetBIOS - ok
18:46:58.0613 3776        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:46:58.0733 3776        NetBT - ok
18:46:58.0783 3776        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:46:58.0823 3776        Netlogon - ok
18:46:58.0863 3776        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:46:58.0953 3776        Netman - ok
18:46:59.0003 3776        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:46:59.0053 3776        netprofm - ok
18:46:59.0123 3776        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:46:59.0153 3776        NetTcpPortSharing - ok
18:46:59.0529 3776        NETwNs64        (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
18:46:59.0739 3776        NETwNs64 - ok
18:46:59.0859 3776        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:46:59.0899 3776        nfrd960 - ok
18:47:00.0009 3776        NIApplicationWebServer (f0e38750822eecc47b9913c55990f86a) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
18:47:00.0089 3776        NIApplicationWebServer - ok
18:47:00.0179 3776        NIApplicationWebServer64 (633cdf3ef922dd438f82468de1c10700) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
18:47:00.0239 3776        NIApplicationWebServer64 - ok
18:47:00.0310 3776        NIDomainService (908b9667f2fd7453cbcf3a2a0444dcc1) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
18:47:00.0407 3776        NIDomainService - ok
18:47:00.0537 3776        NILM License Manager (aa8896bcd689851665efc02dc41181ac) C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
18:47:00.0627 3776        NILM License Manager - ok
18:47:00.0687 3776        nimDNSResponder (8fed4893cb017f81cd1769448ad567e5) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
18:47:00.0757 3776        nimDNSResponder - ok
18:47:00.0777 3776        NINetworkDiscovery (5ff602d7890da09f45811c3263f81264) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
18:47:00.0847 3776        NINetworkDiscovery - ok
18:47:00.0907 3776        niSvcLoc        (fc87856060bd0b667d2086b7050240a3) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
18:47:00.0987 3776        niSvcLoc - ok
18:47:01.0047 3776        NITaggerService (4dc8c4ec1f9637110142c7d65ffb40e5) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
18:47:01.0137 3776        NITaggerService - ok
18:47:01.0257 3776        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:47:01.0374 3776        NlaSvc - ok
18:47:01.0561 3776        NOBU            (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
18:47:01.0602 3776        NOBU - ok
18:47:01.0702 3776        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:47:01.0772 3776        Npfs - ok
18:47:01.0792 3776        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:47:01.0862 3776        nsi - ok
18:47:01.0892 3776        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:47:01.0952 3776        nsiproxy - ok
18:47:02.0072 3776        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:47:02.0112 3776        Ntfs - ok
18:47:02.0222 3776        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:47:02.0282 3776        Null - ok
18:47:02.0342 3776        nusb3hub        (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:47:02.0448 3776        nusb3hub - ok
18:47:02.0469 3776        nusb3xhc        (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:47:02.0574 3776        nusb3xhc - ok
18:47:03.0114 3776        nvlddmkm        (24aa5e3ed7a2b48b8e798a1059a2b323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:47:03.0484 3776        nvlddmkm - ok
18:47:03.0583 3776        nvpciflt        (58aa797b41410daea6a6eb33e77f9b7a) C:\Windows\system32\DRIVERS\nvpciflt.sys
18:47:03.0613 3776        nvpciflt - ok
18:47:03.0673 3776        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:47:03.0743 3776        nvraid - ok
18:47:03.0763 3776        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:47:03.0833 3776        nvstor - ok
18:47:03.0863 3776        NvStUSB        (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\DRIVERS\nvstusb.sys
18:47:03.0923 3776        NvStUSB - ok
18:47:04.0003 3776        NVSvc          (0f954db804453f5ace4865c3d0b24468) C:\Windows\system32\nvvsvc.exe
18:47:04.0063 3776        NVSvc - ok
18:47:04.0243 3776        nvUpdatusService (a1b93cd258ef1d59efa6c78b5603b7b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:47:04.0325 3776        nvUpdatusService - ok
18:47:04.0434 3776        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:47:04.0480 3776        nv_agp - ok
18:47:04.0516 3776        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:47:04.0599 3776        ohci1394 - ok
18:47:04.0679 3776        OpcEnum        (eae6208900e2986f66f68b30aef86e4d) C:\Windows\SysWOW64\OpcEnum.exe
18:47:04.0779 3776        OpcEnum ( UnsignedFile.Multi.Generic ) - warning
18:47:04.0779 3776        OpcEnum - detected UnsignedFile.Multi.Generic (1)
18:47:04.0889 3776        ose64          (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:47:04.0919 3776        ose64 - ok
18:47:05.0199 3776        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:47:05.0279 3776        osppsvc - ok
18:47:05.0392 3776        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:47:05.0481 3776        p2pimsvc - ok
18:47:05.0509 3776        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:47:05.0556 3776        p2psvc - ok
18:47:05.0592 3776        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:47:05.0630 3776        Parport - ok
18:47:05.0660 3776        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:47:05.0690 3776        partmgr - ok
18:47:05.0710 3776        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:47:05.0770 3776        PcaSvc - ok
18:47:05.0820 3776        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:47:05.0840 3776        pci - ok
18:47:05.0870 3776        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:47:05.0900 3776        pciide - ok
18:47:05.0920 3776        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:47:05.0960 3776        pcmcia - ok
18:47:05.0990 3776        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:47:06.0020 3776        pcw - ok
18:47:06.0070 3776        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:47:06.0170 3776        PEAUTH - ok
18:47:06.0260 3776        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:47:06.0290 3776        PerfHost - ok
18:47:06.0390 3776        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:47:06.0510 3776        pla - ok
18:47:06.0590 3776        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:47:06.0630 3776        PlugPlay - ok
18:47:06.0650 3776        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:47:06.0720 3776        PNRPAutoReg - ok
18:47:06.0760 3776        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:47:06.0800 3776        PNRPsvc - ok
18:47:06.0850 3776        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:47:06.0950 3776        PolicyAgent - ok
18:47:06.0990 3776        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:47:07.0080 3776        Power - ok
18:47:07.0150 3776        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:47:07.0250 3776        PptpMiniport - ok
18:47:07.0280 3776        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:47:07.0340 3776        Processor - ok
18:47:07.0390 3776        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:47:07.0480 3776        ProfSvc - ok
18:47:07.0520 3776        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:47:07.0550 3776        ProtectedStorage - ok
18:47:07.0600 3776        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:47:07.0680 3776        Psched - ok
18:47:07.0720 3776        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:47:07.0730 3776        PxHlpa64 - ok
18:47:07.0770 3776        qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
18:47:07.0840 3776        qicflt - ok
18:47:07.0940 3776        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:47:08.0000 3776        ql2300 - ok
18:47:08.0090 3776        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:47:08.0130 3776        ql40xx - ok
18:47:08.0180 3776        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:47:08.0260 3776        QWAVE - ok
18:47:08.0300 3776        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:47:08.0365 3776        QWAVEdrv - ok
18:47:08.0389 3776        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:47:08.0441 3776        RasAcd - ok
18:47:08.0494 3776        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:47:08.0555 3776        RasAgileVpn - ok
18:47:08.0573 3776        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:47:08.0641 3776        RasAuto - ok
18:47:08.0681 3776        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:47:08.0731 3776        Rasl2tp - ok
18:47:08.0781 3776        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:47:08.0871 3776        RasMan - ok
18:47:08.0921 3776        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:47:09.0001 3776        RasPppoe - ok
18:47:09.0041 3776        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:47:09.0121 3776        RasSstp - ok
18:47:09.0171 3776        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:47:09.0271 3776        rdbss - ok
18:47:09.0291 3776        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:47:09.0346 3776        rdpbus - ok
18:47:09.0380 3776        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:47:09.0431 3776        RDPCDD - ok
18:47:09.0437 3776        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:47:09.0513 3776        RDPENCDD - ok
18:47:09.0549 3776        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:47:09.0599 3776        RDPREFMP - ok
18:47:09.0639 3776        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:47:09.0709 3776        RDPWD - ok
18:47:09.0759 3776        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:47:09.0789 3776        rdyboost - ok
18:47:09.0919 3776        RegSrvc        (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:47:09.0959 3776        RegSrvc - ok
18:47:09.0999 3776        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:47:10.0079 3776        RemoteAccess - ok
18:47:10.0129 3776        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:47:10.0209 3776        RemoteRegistry - ok
18:47:10.0374 3776        RoxMediaDB12OEM (bddc447ab46625a54619808575d5cb46) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
18:47:10.0461 3776        RoxMediaDB12OEM - ok
18:47:10.0504 3776        RoxWatch12      (ce203243adf512540249df9c264f12dd) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
18:47:10.0589 3776        RoxWatch12 - ok
18:47:10.0682 3776        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:47:10.0742 3776        RpcEptMapper - ok
18:47:10.0762 3776        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:47:10.0782 3776        RpcLocator - ok
18:47:10.0832 3776        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:47:10.0872 3776        RpcSs - ok
18:47:10.0922 3776        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:47:11.0012 3776        rspndr - ok
18:47:11.0072 3776        RTL8167        (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:47:11.0152 3776        RTL8167 - ok
18:47:11.0182 3776        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:47:11.0222 3776        SamSs - ok
18:47:11.0262 3776        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:47:11.0332 3776        sbp2port - ok
18:47:11.0375 3776        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:47:11.0440 3776        SCardSvr - ok
18:47:11.0474 3776        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:47:11.0580 3776        scfilter - ok
18:47:11.0666 3776        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:47:11.0746 3776        Schedule - ok
18:47:11.0766 3776        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:47:11.0796 3776        SCPolicySvc - ok
18:47:11.0826 3776        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
18:47:11.0896 3776        sdbus - ok
18:47:11.0946 3776        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:47:12.0026 3776        SDRSVC - ok
18:47:12.0066 3776        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:47:12.0146 3776        secdrv - ok
18:47:12.0156 3776        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:47:12.0226 3776        seclogon - ok
18:47:12.0276 3776        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:47:12.0356 3776        SENS - ok
18:47:12.0386 3776        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:47:12.0447 3776        SensrSvc - ok
18:47:12.0465 3776        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:47:12.0478 3776        Serenum - ok
18:47:12.0499 3776        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:47:12.0531 3776        Serial - ok
18:47:12.0583 3776        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:47:12.0629 3776        sermouse - ok
18:47:12.0674 3776        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:47:12.0767 3776        SessionEnv - ok
18:47:12.0797 3776        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:47:12.0867 3776        sffdisk - ok
18:47:12.0877 3776        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:47:12.0937 3776        sffp_mmc - ok
18:47:12.0947 3776        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:47:13.0027 3776        sffp_sd - ok
18:47:13.0077 3776        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:47:13.0137 3776        sfloppy - ok
18:47:13.0247 3776        SftService      (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:47:13.0347 3776        SftService - ok
18:47:13.0387 3776        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:47:13.0478 3776        SharedAccess - ok
18:47:13.0536 3776        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:47:13.0652 3776        ShellHWDetection - ok
18:47:13.0714 3776        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:47:13.0754 3776        SiSRaid2 - ok
18:47:13.0764 3776        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:47:13.0784 3776        SiSRaid4 - ok
18:47:13.0874 3776        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:47:13.0904 3776        SkypeUpdate - ok
18:47:13.0944 3776        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:47:14.0034 3776        Smb - ok
18:47:14.0084 3776        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:47:14.0134 3776        SNMPTRAP - ok
18:47:14.0154 3776        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:47:14.0174 3776        spldr - ok
18:47:14.0234 3776        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:47:14.0324 3776        Spooler - ok
18:47:14.0526 3776        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:47:14.0658 3776        sppsvc - ok
18:47:14.0750 3776        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:47:14.0850 3776        sppuinotify - ok
18:47:14.0910 3776        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:47:15.0000 3776        srv - ok
18:47:15.0040 3776        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:47:15.0090 3776        srv2 - ok
18:47:15.0130 3776        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:47:15.0180 3776        srvnet - ok
18:47:15.0240 3776        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:47:15.0330 3776        SSDPSRV - ok
18:47:15.0370 3776        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:47:15.0429 3776        SstpSvc - ok
18:47:15.0463 3776        stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
18:47:15.0477 3776        stdcfltn - ok
18:47:15.0568 3776        Stereo Service  (a3df1d4a293746a71c4c5c7e71b2734f) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:47:15.0640 3776        Stereo Service - ok
18:47:15.0669 3776        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:47:15.0680 3776        stexstor - ok
18:47:15.0747 3776        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:47:15.0827 3776        stisvc - ok
18:47:15.0907 3776        stllssvr        (9e182dd94496550a22a392cc1a8e0f52) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:47:15.0987 3776        stllssvr - ok
18:47:16.0007 3776        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:47:16.0037 3776        swenum - ok
18:47:16.0087 3776        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:47:16.0177 3776        swprv - ok
18:47:16.0277 3776        SynTP          (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
18:47:16.0357 3776        SynTP - ok
18:47:16.0545 3776        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:47:16.0600 3776        SysMain - ok
18:47:16.0659 3776        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:47:16.0724 3776        TabletInputService - ok
18:47:16.0774 3776        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:47:16.0884 3776        TapiSrv - ok
18:47:16.0924 3776        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:47:16.0984 3776        TBS - ok
18:47:17.0114 3776        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:47:17.0174 3776        Tcpip - ok
18:47:17.0334 3776        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:47:17.0364 3776        TCPIP6 - ok
18:47:17.0440 3776        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:47:17.0550 3776        tcpipreg - ok
18:47:17.0588 3776        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:47:17.0662 3776        TDPIPE - ok
18:47:17.0692 3776        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:47:17.0771 3776        TDTCP - ok
18:47:17.0811 3776        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:47:17.0901 3776        tdx - ok
18:47:17.0961 3776        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:47:18.0011 3776        TermDD - ok
18:47:18.0071 3776        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:47:18.0161 3776        TermService - ok
18:47:18.0181 3776        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:47:18.0241 3776        Themes - ok
18:47:18.0271 3776        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:47:18.0321 3776        THREADORDER - ok
18:47:18.0331 3776        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:47:18.0371 3776        TrkWks - ok
18:47:18.0426 3776        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:47:18.0486 3776        TrustedInstaller - ok
18:47:18.0525 3776        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:47:18.0608 3776        tssecsrv - ok
18:47:18.0658 3776        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:47:18.0725 3776        TsUsbFlt - ok
18:47:18.0765 3776        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:47:18.0865 3776        tunnel - ok
18:47:18.0905 3776        TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
18:47:18.0975 3776        TurboB - ok
18:47:19.0055 3776        TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:47:19.0075 3776        TurboBoost - ok
18:47:19.0105 3776        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:47:19.0135 3776        uagp35 - ok
18:47:19.0175 3776        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:47:19.0265 3776        udfs - ok
18:47:19.0295 3776        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:47:19.0355 3776        UI0Detect - ok
18:47:19.0395 3776        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:47:19.0425 3776        uliagpkx - ok
18:47:19.0456 3776        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:47:19.0522 3776        umbus - ok
18:47:19.0544 3776        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:47:19.0585 3776        UmPass - ok
18:47:19.0801 3776        UNS            (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:47:19.0971 3776        UNS - ok
18:47:20.0101 3776        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:47:20.0211 3776        upnphost - ok
18:47:20.0281 3776        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:47:20.0411 3776        usbccgp - ok
18:47:20.0454 3776        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:47:20.0523 3776        usbcir - ok
18:47:20.0556 3776        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:47:20.0636 3776        usbehci - ok
18:47:20.0689 3776        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:47:20.0764 3776        usbhub - ok
18:47:20.0784 3776        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:47:20.0864 3776        usbohci - ok
18:47:20.0904 3776        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:47:20.0964 3776        usbprint - ok
18:47:21.0004 3776        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:47:21.0144 3776        USBSTOR - ok
18:47:21.0164 3776        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:47:21.0244 3776        usbuhci - ok
18:47:21.0294 3776        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:47:21.0354 3776        usbvideo - ok
18:47:21.0394 3776        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:47:21.0454 3776        UxSms - ok
18:47:21.0497 3776        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:47:21.0527 3776        VaultSvc - ok
18:47:21.0585 3776        VBoxDrv        (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:47:21.0651 3776        VBoxDrv - ok
18:47:21.0672 3776        VBoxNetAdp      (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:47:21.0733 3776        VBoxNetAdp - ok
18:47:21.0753 3776        VBoxNetFlt      (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:47:21.0803 3776        VBoxNetFlt - ok
18:47:21.0853 3776        VBoxUSBMon      (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:47:21.0923 3776        VBoxUSBMon - ok
18:47:21.0973 3776        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:47:22.0003 3776        vdrvroot - ok
18:47:22.0073 3776        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:47:22.0153 3776        vds - ok
18:47:22.0183 3776        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:47:22.0213 3776        vga - ok
18:47:22.0223 3776        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:47:22.0293 3776        VgaSave - ok
18:47:22.0343 3776        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:47:22.0403 3776        vhdmp - ok
18:47:22.0433 3776        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:47:22.0443 3776        viaide - ok
18:47:22.0483 3776        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:47:22.0493 3776        volmgr - ok
18:47:22.0549 3776        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:47:22.0584 3776        volmgrx - ok
18:47:22.0614 3776        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:47:22.0645 3776        volsnap - ok
18:47:22.0738 3776        vpnagent        (67e65c5108818ad08cc45835d494a4fb) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:47:22.0797 3776        vpnagent - ok
18:47:22.0837 3776        vpnva          (845dae50510383b7f6aca73ce2099048) C:\Windows\system32\DRIVERS\vpnva64.sys
18:47:22.0877 3776        vpnva - ok
18:47:22.0917 3776        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:47:22.0967 3776        vsmraid - ok
18:47:23.0077 3776        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:47:23.0227 3776        VSS - ok
18:47:23.0317 3776        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:47:23.0387 3776        vwifibus - ok
18:47:23.0417 3776        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:47:23.0481 3776        vwififlt - ok
18:47:23.0517 3776        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:47:23.0560 3776        vwifimp - ok
18:47:23.0616 3776        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:47:23.0709 3776        W32Time - ok
18:47:23.0739 3776        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:47:23.0784 3776        WacomPen - ok
18:47:23.0844 3776        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:47:23.0934 3776        WANARP - ok
18:47:23.0964 3776        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:47:24.0004 3776        Wanarpv6 - ok
18:47:24.0104 3776        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:47:24.0174 3776        WatAdminSvc - ok
18:47:24.0274 3776        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:47:24.0434 3776        wbengine - ok
18:47:24.0534 3776        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:47:24.0592 3776        WbioSrvc - ok
18:47:24.0638 3776        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:47:24.0705 3776        wcncsvc - ok
18:47:24.0736 3776        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:47:24.0771 3776        WcsPlugInService - ok
18:47:24.0801 3776        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:47:24.0831 3776        Wd - ok
18:47:24.0881 3776        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:47:24.0921 3776        Wdf01000 - ok
18:47:24.0941 3776        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:47:25.0041 3776        WdiServiceHost - ok
18:47:25.0041 3776        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:47:25.0061 3776        WdiSystemHost - ok
18:47:25.0101 3776        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:47:25.0181 3776        WebClient - ok
18:47:25.0221 3776        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:47:25.0321 3776        Wecsvc - ok
18:47:25.0361 3776        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:47:25.0411 3776        wercplsupport - ok
18:47:25.0441 3776        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:47:25.0477 3776        WerSvc - ok
18:47:25.0532 3776        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:47:25.0586 3776        WfpLwf - ok
18:47:25.0625 3776        WimFltr        (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:47:25.0697 3776        WimFltr - ok
18:47:25.0715 3776        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:47:25.0726 3776        WIMMount - ok
18:47:25.0748 3776        WinDefend - ok
18:47:25.0757 3776        WinHttpAutoProxySvc - ok
18:47:25.0827 3776        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:47:25.0927 3776        Winmgmt - ok
18:47:26.0057 3776        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:47:26.0167 3776        WinRM - ok
18:47:26.0287 3776        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:47:26.0387 3776        WinUsb - ok
18:47:26.0467 3776        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:47:26.0518 3776        Wlansvc - ok
18:47:26.0584 3776        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:47:26.0637 3776        wlcrasvc - ok
18:47:26.0776 3776        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:47:26.0816 3776        wlidsvc - ok
18:47:26.0886 3776        WMCoreService - ok
18:47:26.0986 3776        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:47:27.0046 3776        WmiAcpi - ok
18:47:27.0136 3776        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:47:27.0206 3776        wmiApSrv - ok
18:47:27.0236 3776        WMPNetworkSvc - ok
18:47:27.0276 3776        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:47:27.0326 3776        WPCSvc - ok
18:47:27.0376 3776        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:47:27.0436 3776        WPDBusEnum - ok
18:47:27.0456 3776        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:47:27.0522 3776        ws2ifsl - ok
18:47:27.0558 3776        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:47:27.0627 3776        wscsvc - ok
18:47:27.0632 3776        WSearch - ok
18:47:27.0797 3776        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:47:27.0830 3776        wuauserv - ok
18:47:27.0950 3776        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:47:28.0070 3776        WudfPf - ok
18:47:28.0110 3776        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:47:28.0220 3776        WUDFRd - ok
18:47:28.0240 3776        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:47:28.0320 3776        wudfsvc - ok
18:47:28.0360 3776        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:47:28.0400 3776        WwanSvc - ok
18:47:28.0440 3776        WwanUsbServ    (ea6bb634641479986065024ac38a8c1c) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
18:47:28.0511 3776        WwanUsbServ - ok
18:47:28.0560 3776        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:47:29.0414 3776        \Device\Harddisk0\DR0 - ok
18:47:29.0444 3776        Boot (0x1200)  (88ee01164cad8e84a2000f4756073a2d) \Device\Harddisk0\DR0\Partition0
18:47:29.0454 3776        \Device\Harddisk0\DR0\Partition0 - ok
18:47:29.0464 3776        Boot (0x1200)  (b0cc0a523351ad7b640aaf402af4bc05) \Device\Harddisk0\DR0\Partition1
18:47:29.0474 3776        \Device\Harddisk0\DR0\Partition1 - ok
18:47:29.0474 3776        ============================================================
18:47:29.0474 3776        Scan finished
18:47:29.0474 3776        ============================================================
18:47:29.0484 2124        Detected object count: 1
18:47:29.0484 2124        Actual detected object count: 1
18:47:46.0621 2124        OpcEnum ( UnsignedFile.Multi.Generic ) - skipped by user
18:47:46.0621 2124        OpcEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
danke, dass Du Dir Zeit für mich nimmst

markusg 07.08.2012 15:44
sieht gut aus.
sorry, außerdem, für die wartezeit.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

tjun 08.08.2012 19:12
sooo, ebenfalls sorry für die Wartezeit. bin etwas im Prüfungsstress...

anbei das Dokument, ich hoff es ist leserlich...

Code:
AccelerometerP11        STMicroelectronics        11.04.2011                2.00.11.22                unbekannt
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        18.07.2012        6.00MB        11.3.300.265                nötig
Adobe Reader X (10.1.3) MUI        Adobe Systems Incorporated        01.05.2012        479MB        10.1.3                nötig
Advanced Audio FX Engine        Creative Technology Ltd        11.04.2011                1.12.05                unbekannt
CANON iMAGE GATEWAY MyCamera Download Plugin        Canon Inc.        10.03.2012                3.1.1.2                nötig
CANON iMAGE GATEWAY Task for ZoomBrowser EX        Canon Inc.        10.03.2012                1.9.0.9                nötig
Canon MOV Decoder        Canon Inc.        10.03.2012                1.8.0.7                nötig
Canon MOV Encoder        Canon Inc.        10.03.2012                1.6.0.1                nöitg
Canon MovieEdit Task for ZoomBrowser EX        Canon Inc.        10.03.2012                3.7.0.4                nötig
Canon Utilities CameraWindow DC 8        Canon Inc.        10.03.2012                8.4.0.3                nötig
Canon Utilities CameraWindow Launcher        Canon Inc.        10.03.2012                7.5.0.2                nötig
Canon Utilities Movie Uploader for YouTube        Canon Inc.        10.03.2012                1.2.0.7                nötig
Canon Utilities MyCamera        Canon Inc.        10.03.2012                7.4.0.2                nötig
Canon Utilities PhotoStitch        Canon Inc.        10.03.2012                3.1.22.46                nötig
Canon Utilities ZoomBrowser EX        Canon Inc.        10.03.2012                6.7.0.24                nötig
Canon ZoomBrowser EX Memory Card Utility        Canon Inc.        10.03.2012                1.5.0.9                nötig
CCleaner        Piriform        24.07.2012                3.21                nötig
Cisco AnyConnect Secure Mobility Client        Cisco Systems, Inc.        31.10.2011                3.0.3054                nötig
Dell DataSafe Local Backup        Dell        11.04.2011                9.4.47                nötig
Dell DataSafe Local Backup - Support Software        Dell        11.04.2011                        nötig       
Dell DataSafe Online        Dell        11.04.2011        6.46MB        2.1.19634                nötig
Dell Driver Download Manager        Dell Inc.        03.08.2011                2.1.0.0                nötig
Dell Getting Started Guide        Dell Inc.        11.04.2011                1.00.0000                nötig
Dell Mobile Broadband Manager        Dell        11.04.2011                6.1.24.2                nötig
Dell MusicStage        Fingertapps        11.04.2011                1.4.162.0                nötig
Dell PhotoStage        ArcSoft        11.04.2011        101MB        1.5.0.30                nötig
Dell Stage        Fingertapps        11.04.2011                1.4.173.0                nötig
Dell Support Center        Dell Inc.        11.04.2011                3.0.5621.01                nötig
Dell VideoStage        CyberLink Corp.        11.04.2011                1.1.1.1303                nötig
Dell Webcam Central        Creative Technology Ltd        11.04.2011                2.00.35                nötig
Dell Wireless HSPA Mini-Card Drivers        Dell        11.04.2011                6.1.26.6                nötig
eBay        eBay Inc.        11.04.2011                1.4.0                unnötig
Intel(R) Control Center        Intel Corporation        24.09.2011                1.2.1.1007                nötig
Intel(R) Management Engine Components        Intel Corporation        24.09.2011                7.0.0.1144                nötig
Intel(R) Processor Graphics        Intel Corporation        24.09.2011                8.15.10.2253                nötig
Intel(R) PROSet/Wireless WiFi-Software        Intel Corporation        11.04.2011        142MB        14.00.1000                nötig
Java(TM) 6 Update 23 (64-bit)        Oracle        11.04.2011        90.8MB        6.0.230                nötig
Java(TM) 6 Update 31        Oracle        31.03.2012        95.1MB        6.0.310                nötig
Malwarebytes Anti-Malware Version 1.62.0.1300        Malwarebytes Corporation        18.07.2012        18.7MB        1.62.0.1300                unnötig
MATLAB R2011a        The MathWorks, Inc.        25.10.2011                7.12                nötig
McAfee SecurityCenter        McAfee, Inc.        02.08.2012                11.0.678                nötig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        26.09.2011        38.8MB        4.0.30319                unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        26.09.2011        2.93MB        4.0.30319                unbekannt
Microsoft Age of Empires II                15.10.2011                unnötig
Microsoft Office 2010        Microsoft Corporation        11.04.2011        6.31MB        14.0.4763.1000                unnötig
Microsoft Office Professional Plus 2010        Microsoft Corporation        24.09.2011                14.0.6029.1000                nötig
Microsoft Silverlight        Microsoft Corporation        22.05.2012        50.6MB        5.1.10411.0                unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        11.04.2011        1.69MB        3.1.0000                unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        24.09.2011        300KB        8.0.58299                unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        25.10.2011        620KB        8.0.61000                unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        19.09.2011        608KB        9.0.30729                unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        25.09.2011        600KB        9.0.30729.6161                unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319        Microsoft Corporation        27.10.2011        11.0MB        10.0.30319                unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        16.04.2011        1.27MB        4.20.9870.0                unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        16.04.2011        1.33MB        4.20.9876.0                unbekannt
National Instruments - Software        National Instruments        29.02.2012                nötig               
NVIDIA 3D Vision Treiber 265.94        NVIDIA Corporation        11.04.2011                265.94                nötig
NVIDIA Grafiktreiber 265.94        NVIDIA Corporation        11.04.2011                265.94                nötig
Oracle VM VirtualBox 4.1.8        Oracle Corporation        28.02.2012        132MB        4.1.8                nötig
Quickset64        Dell Inc.        11.04.2011                11.0.10                unbekannt
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        11.04.2011                6.0.1.6267                nötig
Roxio Burn        Roxio        18.12.2011        58.5MB        1.8.57.4                nötig
Roxio Creator Starter        Roxio        11.04.2011        1.45GB        12.1.40.0                nötig
Skype Click to Call        Skype Technologies S.A.        28.04.2012        8.25MB        5.9.9216                unbekannt
Skype™ 5.8        Skype Technologies S.A.        28.04.2012        19.0MB        5.8.158                nötig
Steuer 2011 12.0.1        Information Factory AG        30.03.2012                nötig                12.0.1
Synaptics Pointing Device Driver        Synaptics Incorporated        11.04.2011        46.4MB        15.2.6.0                unbekannt
UGS NX 7.5        UGS        26.10.2011        5.08GB        7.5.0.32                nötig
UGS NX 7.5 Documentation        UGS        26.10.2011        1.88GB        7.5.0.32                nötig
Warcraft III        Blizzard Entertainment        11.08.2011                unnötig               
Windows Live Essentials        Microsoft Corporation        11.04.2011                15.4.3508.1109                unbekannt
Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        11.04.2011        5.57MB        15.4.5722.2                unbekannt
Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)        Wolfram Research, Inc.        08.11.2011        2.85GB        8.0.1                nötig
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0        Intel        11.04.2011                2.1.23.0                unbekannt

markusg 08.08.2012 19:20
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
http://filepony.de/download-adobe_reader/
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
eBay
Java: beide
Download der kostenlosen Java-Software
downloade java jre instalieren
deinstaliere:
Warcraft
Windows Live alle für dich unnötigen
öffne ccleaner, analysieren starten.
öffne otl, cleanup, pc startet neu testen wie er läuft

tjun 08.08.2012 20:00
soooo, Anweisungen ausgeführt.

Der Computer scheint gut zu laufen. Keine Mängel festzustellen...


Danke für Deine Hilfe

tjun 14.08.2012 17:03
sorry, ich will ja wirklich nicht drängeln, aber ohne Deine Bestätigung, dass alles wieder in Ordnung ist, fühle ich mich irgendwie unwohl.

Ich wäre sehr dankbar, wenn Du kurz bestätgen könntest, dass alles i.O. ist oder neue Anweisungen geben.

ganz herzlichen Dank

markusg 17.08.2012 19:33
sorry,
nur noch absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

tjun 18.08.2012 09:07
okay, vielen Dank für Deine Hilfe, werde die Anleitung wahrscheinlich am Donnerstag abarbeiten, da ich bis am Mittwoch noch wichtige Prüfungen habe. sorry.

bezüglich dem Antiviren-programm:
nur um sicherzugehen, dass ich Dich richtig verstanden habe. Avast ist Deiner Meinung nach besser als McAfee?

vielen Dank

markusg 20.08.2012 17:20
mcafee ist auch ok.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19