Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan:Win32/Reveton.N gefunden. (https://www.trojaner-board.de/128434-trojan-win32-reveton-n-gefunden.html)

Kapott 21.12.2012 19:16
Trojan:Win32/Reveton.N gefunden.
 
Hallo,

Microsoft Security Essentials hat Trojan:Win32/Reveton.N gefunden in der Datei:

Code:
file:C:\Users\Hugo Bosnickel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-1d348372
Ich habe nun wie im 'Für alle Hilfesuchenden!' Thread beschrieben einen Scan mit OTL gemacht. Seltsamerweise ging bei mir aber keine EXTRAS.txt auf.

Würde mich freuen, wenn mir jemand erklären könnte wie ich nun am Besten vorgehe. Anbei noch der Inhalt der OTL.txt

Vielen Dank!

Code:
OTL logfile created on: 21.12.2012 19:05:19 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Hugo Bosnickel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,92 Gb Available Physical Memory | 87,21% Memory free
31,92 Gb Paging File | 29,93 Gb Available in Paging File | 93,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,02 Gb Total Space | 6,48 Gb Free Space | 5,45% Space Free | Partition Type: NTFS
Drive D: | 931,39 Gb Total Space | 512,83 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
 
Computer Name: MEINER | User Name: Hugo Bosnickel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Hugo Bosnickel\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hugo Bosnickel\Downloads\Defogger.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Hugo Bosnickel\Downloads\Defogger.exe ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.)
DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6C 88 50 F4 DE CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 23:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 23:11:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.26 20:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hugo Bosnickel\AppData\Roaming\mozilla\Extensions
[2012.10.26 20:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hugo Bosnickel\AppData\Roaming\mozilla\Firefox\Profiles\22u5pwby.default\extensions
[2012.12.06 23:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 23:11:12 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.18.3.5 212.18.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57C75925-EC9F-482D-BE35-6B01F6CB7193}: DhcpNameServer = 212.18.3.5 212.18.0.5
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{167ef472-1fc7-11e2-8295-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{167ef472-1fc7-11e2-8295-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.12.19 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\LolClient
[2012.12.19 19:45:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\PMB Files
[2012.12.19 19:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.12.19 19:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.12.19 19:45:02 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.swt
[2012.12.17 19:18:06 | 000,185,720 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll
[2012.12.16 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Play withSIX
[2012.12.16 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Play withSIX
[2012.12.16 16:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2012.12.16 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2012.12.06 23:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 20:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.04 20:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.12.04 20:32:20 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.12.02 15:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCanvas
[2012.12.02 03:11:45 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\Documents\Baldur's Gate - Enhanced Edition
[2012.12.02 01:09:15 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\BeamDog
[2012.12.02 01:09:14 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.12.02 01:09:14 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.12.02 01:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.12.02 01:09:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baldur's Gate Enhanced Edition
[2012.12.02 00:59:55 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.12.02 00:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox
[2012.12.01 19:08:54 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.tokentool
[2012.12.01 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012.12.01 18:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Paint.NET
[2012.12.01 15:06:13 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\.maptool
[2012.12.01 15:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\MapTools
[2012.11.30 22:39:11 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\Documents\Hero Lab
[2012.11.30 22:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab
[2012.11.30 22:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab
[2012.11.30 22:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab
[2012.11.25 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Ubisoft Game Launcher
[2012.11.25 20:56:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Ubisoft
[2012.11.25 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.11.25 20:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.11.22 21:49:35 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\SCE
[2012.11.22 21:49:35 | 000,000,000 | ---D | C] -- C:\Crash
[2012.11.22 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Hugo Bosnickel\AppData\Local\Sony Online Entertainment
[2012.10.28 20:27:48 | 000,036,069 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files\uninstall.exe
[2012.08.30 14:47:32 | 002,369,720 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps.exe
[2012.08.30 14:47:32 | 000,068,792 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat
[2012.08.30 14:46:06 | 000,139,776 | ---- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll
[2012.08.30 14:20:14 | 000,234,168 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps32.dll
[2012.08.30 14:20:14 | 000,186,552 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.21 18:21:39 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 18:21:39 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 18:17:14 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.21 18:17:14 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.21 18:17:14 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.21 18:17:14 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 18:17:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.21 18:11:55 | 000,001,020 | ---- | M] () -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.21 18:10:17 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.21 18:10:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.21 18:10:14 | 4265,168,894 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 22:25:27 | 000,000,000 | ---- | M] () -- C:\Users\Hugo Bosnickel\defogger_reenable
[2012.12.20 21:58:40 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.20 21:55:15 | 000,185,720 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll
[2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.02 01:09:14 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.12.02 01:09:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.20 22:25:27 | 000,000,000 | ---- | C] () -- C:\Users\Hugo Bosnickel\defogger_reenable
[2012.12.20 21:55:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.02 01:00:00 | 000,001,020 | ---- | C] () -- C:\Users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.01 18:48:16 | 000,001,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.11.17 19:07:42 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.17 19:07:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.11.17 19:07:41 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.27 18:36:12 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.27 01:17:48 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.10.27 01:06:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.08.30 14:09:28 | 000,001,892 | ---- | C] () -- C:\Program Files\README.HTM
[2011.12.08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.21 18:11:58 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Dropbox
[2012.10.30 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Fatshark
[2012.12.19 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\LolClient
[2012.12.16 16:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Play withSIX
[2012.12.21 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Spotify
[2012.11.20 19:36:01 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\SumatraPDF
[2012.12.16 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\TS3Client
[2012.11.25 20:56:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo Bosnickel\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >

markusg 21.12.2012 19:19
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2012.12.17 19:18:06 | 000,185,720 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll
[2012.12.20 21:58:40 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
 :Files
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Kapott 21.12.2012 19:27
Anbei das gewünschte OTL Log:

Code:
All processes killed
========== OTL ==========
C:\Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Hugo Bosnickel
->Flash cache emptied: 13944 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hugo Bosnickel
->Temp folder emptied: 568037553 bytes
->Temporary Internet Files folder emptied: 215442181 bytes
->Java cache emptied: 411682 bytes
->FireFox cache emptied: 72921534 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 167403481 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36095868 bytes
RecycleBin emptied: 60552 bytes
 
Total Files Cleaned = 1.011,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12212012_192254

Files\Folders moved on Reboot...
C:\Users\Hugo Bosnickel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg 21.12.2012 19:35
Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Kapott 21.12.2012 19:46
Anbei das tdss Log:

Code:
19:43:53.0223 1128  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:43:53.0223 1128  UEFI system
19:43:53.0317 1128  ============================================================
19:43:53.0317 1128  Current date / time: 2012/12/21 19:43:53.0317
19:43:53.0317 1128  SystemInfo:
19:43:53.0317 1128 
19:43:53.0317 1128  OS Version: 6.1.7601 ServicePack: 1.0
19:43:53.0317 1128  Product type: Workstation
19:43:53.0317 1128  ComputerName: MEINER
19:43:53.0317 1128  UserName: Hugo Bosnickel
19:43:53.0317 1128  Windows directory: C:\Windows
19:43:53.0317 1128  System windows directory: C:\Windows
19:43:53.0317 1128  Running under WOW64
19:43:53.0317 1128  Processor architecture: Intel x64
19:43:53.0317 1128  Number of processors: 8
19:43:53.0317 1128  Page size: 0x1000
19:43:53.0317 1128  Boot type: Normal boot
19:43:53.0317 1128  ============================================================
19:43:53.0629 1128  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:53.0629 1128  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:53.0645 1128  ============================================================
19:43:53.0645 1128  \Device\Harddisk0\DR0:
19:43:53.0645 1128  GPT partitions:
19:43:53.0645 1128  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1518E4B3-987F-459F-801E-21E550688448}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
19:43:53.0645 1128  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {64D80C01-6A75-497F-9DB9-F589B709B0ED}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
19:43:53.0645 1128  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E5CFBEDD-CEDE-49EF-9F69-7F2F71FF943C}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xEE09800
19:43:53.0645 1128  MBR partitions:
19:43:53.0645 1128  \Device\Harddisk1\DR1:
19:43:53.0645 1128  GPT partitions:
19:43:53.0645 1128  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EA5DF022-E966-4D2D-8D4C-5F4C9518FFCE}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
19:43:53.0645 1128  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {88B6DD48-8A7E-430A-B720-94C00D64A7AF}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
19:43:53.0645 1128  MBR partitions:
19:43:53.0645 1128  ============================================================
19:43:53.0645 1128  C: <-> \Device\Harddisk0\DR0\Partition3
19:43:53.0660 1128  D: <-> \Device\Harddisk1\DR1\Partition2
19:43:53.0660 1128  ============================================================
19:43:53.0660 1128  Initialize success
19:43:53.0660 1128  ============================================================
19:44:00.0244 5032  ============================================================
19:44:00.0244 5032  Scan started
19:44:00.0244 5032  Mode: Manual; SigCheck; TDLFS;
19:44:00.0244 5032  ============================================================
19:44:00.0275 5032  ================ Scan system memory ========================
19:44:00.0275 5032  System memory - ok
19:44:00.0275 5032  ================ Scan services =============================
19:44:00.0290 5032  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:44:00.0322 5032  1394ohci - ok
19:44:00.0337 5032  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:44:00.0337 5032  ACPI - ok
19:44:00.0337 5032  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:44:00.0353 5032  AcpiPmi - ok
19:44:00.0368 5032  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
19:44:00.0384 5032  adp94xx - ok
19:44:00.0384 5032  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
19:44:00.0384 5032  adpahci - ok
19:44:00.0400 5032  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
19:44:00.0400 5032  adpu320 - ok
19:44:00.0400 5032  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:44:00.0446 5032  AeLookupSvc - ok
19:44:00.0446 5032  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
19:44:00.0462 5032  AFD - ok
19:44:00.0462 5032  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:44:00.0478 5032  agp440 - ok
19:44:00.0478 5032  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
19:44:00.0493 5032  ALG - ok
19:44:00.0493 5032  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:44:00.0493 5032  aliide - ok
19:44:00.0493 5032  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:44:00.0509 5032  amdide - ok
19:44:00.0509 5032  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
19:44:00.0509 5032  AmdK8 - ok
19:44:00.0509 5032  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:44:00.0524 5032  AmdPPM - ok
19:44:00.0524 5032  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
19:44:00.0540 5032  amdsata - ok
19:44:00.0540 5032  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:44:00.0540 5032  amdsbs - ok
19:44:00.0540 5032  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
19:44:00.0556 5032  amdxata - ok
19:44:00.0556 5032  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
19:44:00.0571 5032  AppID - ok
19:44:00.0571 5032  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:44:00.0602 5032  AppIDSvc - ok
19:44:00.0602 5032  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
19:44:00.0618 5032  Appinfo - ok
19:44:00.0618 5032  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
19:44:00.0634 5032  AppleCharger - ok
19:44:00.0634 5032  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
19:44:00.0665 5032  AppleChargerSrv - ok
19:44:00.0665 5032  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
19:44:00.0680 5032  arc - ok
19:44:00.0680 5032  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:44:00.0696 5032  arcsas - ok
19:44:00.0696 5032  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:44:00.0712 5032  aspnet_state - ok
19:44:00.0712 5032  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:00.0727 5032  AsyncMac - ok
19:44:00.0743 5032  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
19:44:00.0743 5032  atapi - ok
19:44:00.0743 5032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:00.0774 5032  AudioEndpointBuilder - ok
19:44:00.0774 5032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:44:00.0805 5032  AudioSrv - ok
19:44:00.0805 5032  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:44:00.0821 5032  AxInstSV - ok
19:44:00.0836 5032  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
19:44:00.0836 5032  b06bdrv - ok
19:44:00.0852 5032  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:00.0852 5032  b57nd60a - ok
19:44:00.0852 5032  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:44:00.0868 5032  BDESVC - ok
19:44:00.0868 5032  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:44:00.0883 5032  Beep - ok
19:44:00.0899 5032  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
19:44:00.0914 5032  BFE - ok
19:44:00.0930 5032  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:44:00.0961 5032  BITS - ok
19:44:00.0961 5032  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:44:00.0961 5032  blbdrive - ok
19:44:00.0977 5032  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:44:00.0977 5032  bowser - ok
19:44:00.0977 5032  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:44:00.0992 5032  BrFiltLo - ok
19:44:00.0992 5032  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:44:00.0992 5032  BrFiltUp - ok
19:44:01.0008 5032  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
19:44:01.0008 5032  Browser - ok
19:44:01.0008 5032  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:44:01.0024 5032  Brserid - ok
19:44:01.0024 5032  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:01.0039 5032  BrSerWdm - ok
19:44:01.0039 5032  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:01.0055 5032  BrUsbMdm - ok
19:44:01.0055 5032  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:01.0055 5032  BrUsbSer - ok
19:44:01.0055 5032  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:44:01.0070 5032  BTHMODEM - ok
19:44:01.0070 5032  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
19:44:01.0086 5032  bthserv - ok
19:44:01.0102 5032  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:44:01.0117 5032  cdfs - ok
19:44:01.0117 5032  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:44:01.0133 5032  cdrom - ok
19:44:01.0133 5032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:44:01.0148 5032  CertPropSvc - ok
19:44:01.0148 5032  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:44:01.0164 5032  circlass - ok
19:44:01.0164 5032  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:44:01.0180 5032  CLFS - ok
19:44:01.0180 5032  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:01.0180 5032  clr_optimization_v2.0.50727_32 - ok
19:44:01.0195 5032  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:01.0195 5032  clr_optimization_v2.0.50727_64 - ok
19:44:01.0211 5032  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:01.0211 5032  clr_optimization_v4.0.30319_32 - ok
19:44:01.0211 5032  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:01.0226 5032  clr_optimization_v4.0.30319_64 - ok
19:44:01.0226 5032  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:44:01.0242 5032  CmBatt - ok
19:44:01.0242 5032  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:44:01.0242 5032  cmdide - ok
19:44:01.0258 5032  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG            C:\Windows\system32\Drivers\cng.sys
19:44:01.0258 5032  CNG - ok
19:44:01.0273 5032  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:44:01.0273 5032  Compbatt - ok
19:44:01.0273 5032  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:44:01.0289 5032  CompositeBus - ok
19:44:01.0289 5032  COMSysApp - ok
19:44:01.0289 5032  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
19:44:01.0289 5032  crcdisk - ok
19:44:01.0304 5032  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:44:01.0304 5032  CryptSvc - ok
19:44:01.0320 5032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:44:01.0336 5032  DcomLaunch - ok
19:44:01.0336 5032  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
19:44:01.0367 5032  defragsvc - ok
19:44:01.0367 5032  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:44:01.0382 5032  DfsC - ok
19:44:01.0398 5032  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:44:01.0398 5032  Dhcp - ok
19:44:01.0414 5032  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:44:01.0429 5032  discache - ok
19:44:01.0429 5032  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:44:01.0429 5032  Disk - ok
19:44:01.0445 5032  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:44:01.0445 5032  Dnscache - ok
19:44:01.0460 5032  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:44:01.0476 5032  dot3svc - ok
19:44:01.0476 5032  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
19:44:01.0507 5032  DPS - ok
19:44:01.0507 5032  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:44:01.0507 5032  drmkaud - ok
19:44:01.0523 5032  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:44:01.0538 5032  DXGKrnl - ok
19:44:01.0538 5032  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
19:44:01.0554 5032  EapHost - ok
19:44:01.0585 5032  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
19:44:01.0616 5032  ebdrv - ok
19:44:01.0616 5032  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
19:44:01.0632 5032  EFS - ok
19:44:01.0632 5032  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:44:01.0648 5032  ehRecvr - ok
19:44:01.0648 5032  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
19:44:01.0663 5032  ehSched - ok
19:44:01.0663 5032  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
19:44:01.0679 5032  elxstor - ok
19:44:01.0679 5032  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:44:01.0694 5032  ErrDev - ok
19:44:01.0694 5032  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
19:44:01.0726 5032  EventSystem - ok
19:44:01.0726 5032  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
19:44:01.0741 5032  exfat - ok
19:44:01.0757 5032  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:44:01.0772 5032  fastfat - ok
19:44:01.0772 5032  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
19:44:01.0788 5032  Fax - ok
19:44:01.0788 5032  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
19:44:01.0804 5032  fdc - ok
19:44:01.0804 5032  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
19:44:01.0819 5032  fdPHost - ok
19:44:01.0819 5032  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:44:01.0850 5032  FDResPub - ok
19:44:01.0850 5032  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:44:01.0850 5032  FileInfo - ok
19:44:01.0866 5032  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:44:01.0882 5032  Filetrace - ok
19:44:01.0882 5032  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:44:01.0882 5032  flpydisk - ok
19:44:01.0897 5032  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:44:01.0897 5032  FltMgr - ok
19:44:01.0913 5032  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
19:44:01.0928 5032  FontCache - ok
19:44:01.0928 5032  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:01.0928 5032  FontCache3.0.0.0 - ok
19:44:01.0944 5032  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:44:01.0944 5032  FsDepends - ok
19:44:01.0944 5032  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:44:01.0960 5032  Fs_Rec - ok
19:44:01.0960 5032  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:44:01.0960 5032  fvevol - ok
19:44:01.0975 5032  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:44:01.0975 5032  gagp30kx - ok
19:44:01.0975 5032  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
19:44:01.0991 5032  gdrv - ok
19:44:01.0991 5032  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
19:44:02.0022 5032  gpsvc - ok
19:44:02.0022 5032  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:44:02.0038 5032  hcw85cir - ok
19:44:02.0038 5032  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:02.0053 5032  HdAudAddService - ok
19:44:02.0053 5032  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:02.0069 5032  HDAudBus - ok
19:44:02.0069 5032  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
19:44:02.0069 5032  HidBatt - ok
19:44:02.0069 5032  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:44:02.0084 5032  HidBth - ok
19:44:02.0084 5032  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
19:44:02.0100 5032  HidIr - ok
19:44:02.0100 5032  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
19:44:02.0116 5032  hidserv - ok
19:44:02.0116 5032  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:44:02.0131 5032  HidUsb - ok
19:44:02.0131 5032  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:44:02.0162 5032  hkmsvc - ok
19:44:02.0162 5032  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:44:02.0178 5032  HomeGroupListener - ok
19:44:02.0178 5032  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:44:02.0178 5032  HomeGroupProvider - ok
19:44:02.0194 5032  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:44:02.0194 5032  HpSAMD - ok
19:44:02.0209 5032  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:44:02.0225 5032  HTTP - ok
19:44:02.0225 5032  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:44:02.0240 5032  hwpolicy - ok
19:44:02.0240 5032  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:44:02.0240 5032  i8042prt - ok
19:44:02.0256 5032  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:44:02.0256 5032  iaStor - ok
19:44:02.0272 5032  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:44:02.0272 5032  IAStorDataMgrSvc - ok
19:44:02.0272 5032  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:44:02.0287 5032  iaStorV - ok
19:44:02.0287 5032  [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
19:44:02.0318 5032  ICCS ( UnsignedFile.Multi.Generic ) - warning
19:44:02.0318 5032  ICCS - detected UnsignedFile.Multi.Generic (1)
19:44:02.0318 5032  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:44:02.0318 5032  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:44:02.0318 5032  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:44:02.0334 5032  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:02.0350 5032  idsvc - ok
19:44:02.0350 5032  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
19:44:02.0350 5032  iirsp - ok
19:44:02.0365 5032  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:44:02.0396 5032  IKEEXT - ok
19:44:02.0396 5032  [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:44:02.0412 5032  Intel(R) Capability Licensing Service Interface - ok
19:44:02.0412 5032  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:44:02.0428 5032  intelide - ok
19:44:02.0428 5032  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:44:02.0428 5032  intelppm - ok
19:44:02.0428 5032  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:44:02.0459 5032  IPBusEnum - ok
19:44:02.0459 5032  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:02.0474 5032  IpFilterDriver - ok
19:44:02.0490 5032  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:44:02.0490 5032  iphlpsvc - ok
19:44:02.0490 5032  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:44:02.0506 5032  IPMIDRV - ok
19:44:02.0506 5032  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:44:02.0521 5032  IPNAT - ok
19:44:02.0537 5032  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:44:02.0537 5032  IRENUM - ok
19:44:02.0537 5032  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:44:02.0552 5032  isapnp - ok
19:44:02.0552 5032  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:44:02.0568 5032  iScsiPrt - ok
19:44:02.0568 5032  [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:44:02.0568 5032  iusb3hcs - ok
19:44:02.0568 5032  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:44:02.0584 5032  iusb3hub - ok
19:44:02.0584 5032  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:44:02.0599 5032  iusb3xhc - ok
19:44:02.0599 5032  jfihxccc - ok
19:44:02.0599 5032  [ 166FC0B36842135BC2D3C32DF70ED0D6 ] jhi_service    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:44:02.0615 5032  jhi_service - ok
19:44:02.0615 5032  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:02.0615 5032  kbdclass - ok
19:44:02.0615 5032  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:02.0630 5032  kbdhid - ok
19:44:02.0646 5032  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:44:02.0646 5032  KeyIso - ok
19:44:02.0646 5032  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:44:02.0662 5032  KSecDD - ok
19:44:02.0662 5032  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:44:02.0662 5032  KSecPkg - ok
19:44:02.0662 5032  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:44:02.0693 5032  ksthunk - ok
19:44:02.0693 5032  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:44:02.0708 5032  KtmRm - ok
19:44:02.0724 5032  [ B8040D3B97B16B89701E31A17353856C ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
19:44:02.0724 5032  L1C - ok
19:44:02.0724 5032  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:44:02.0755 5032  LanmanServer - ok
19:44:02.0755 5032  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:02.0771 5032  LanmanWorkstation - ok
19:44:02.0771 5032  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:44:02.0802 5032  lltdio - ok
19:44:02.0802 5032  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:44:02.0833 5032  lltdsvc - ok
19:44:02.0833 5032  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:44:02.0849 5032  lmhosts - ok
19:44:02.0849 5032  [ C56E64BA70DC822B84D100A6F8D690D3 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:44:02.0864 5032  LMS - ok
19:44:02.0864 5032  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:44:02.0880 5032  LSI_FC - ok
19:44:02.0880 5032  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
19:44:02.0880 5032  LSI_SAS - ok
19:44:02.0880 5032  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:44:02.0896 5032  LSI_SAS2 - ok
19:44:02.0896 5032  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:44:02.0896 5032  LSI_SCSI - ok
19:44:02.0911 5032  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:44:02.0927 5032  luafv - ok
19:44:02.0927 5032  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:44:02.0942 5032  Mcx2Svc - ok
19:44:02.0942 5032  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
19:44:02.0942 5032  megasas - ok
19:44:02.0942 5032  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:44:02.0958 5032  MegaSR - ok
19:44:02.0958 5032  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:44:02.0958 5032  MEIx64 - ok
19:44:02.0974 5032  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
19:44:02.0989 5032  MMCSS - ok
19:44:02.0989 5032  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
19:44:03.0005 5032  Modem - ok
19:44:03.0005 5032  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:44:03.0020 5032  monitor - ok
19:44:03.0020 5032  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:44:03.0036 5032  mouclass - ok
19:44:03.0036 5032  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:44:03.0036 5032  mouhid - ok
19:44:03.0036 5032  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:44:03.0052 5032  mountmgr - ok
19:44:03.0052 5032  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:44:03.0052 5032  MozillaMaintenance - ok
19:44:03.0067 5032  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:44:03.0067 5032  MpFilter - ok
19:44:03.0067 5032  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:44:03.0083 5032  mpio - ok
19:44:03.0083 5032  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:44:03.0098 5032  mpsdrv - ok
19:44:03.0114 5032  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:44:03.0145 5032  MpsSvc - ok
19:44:03.0145 5032  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:44:03.0161 5032  MRxDAV - ok
19:44:03.0161 5032  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:03.0161 5032  mrxsmb - ok
19:44:03.0176 5032  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:03.0176 5032  mrxsmb10 - ok
19:44:03.0176 5032  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:03.0192 5032  mrxsmb20 - ok
19:44:03.0192 5032  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:44:03.0192 5032  msahci - ok
19:44:03.0192 5032  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:44:03.0208 5032  msdsm - ok
19:44:03.0208 5032  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
19:44:03.0223 5032  MSDTC - ok
19:44:03.0223 5032  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:44:03.0239 5032  Msfs - ok
19:44:03.0239 5032  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:44:03.0270 5032  mshidkmdf - ok
19:44:03.0270 5032  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:44:03.0270 5032  msisadrv - ok
19:44:03.0270 5032  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:44:03.0301 5032  MSiSCSI - ok
19:44:03.0301 5032  msiserver - ok
19:44:03.0301 5032  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:44:03.0332 5032  MSKSSRV - ok
19:44:03.0332 5032  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:44:03.0332 5032  MsMpSvc - ok
19:44:03.0332 5032  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:03.0348 5032  MSPCLOCK - ok
19:44:03.0364 5032  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:44:03.0379 5032  MSPQM - ok
19:44:03.0379 5032  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:44:03.0395 5032  MsRPC - ok
19:44:03.0395 5032  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:03.0395 5032  mssmbios - ok
19:44:03.0410 5032  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:44:03.0426 5032  MSTEE - ok
19:44:03.0426 5032  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:44:03.0442 5032  MTConfig - ok
19:44:03.0442 5032  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:44:03.0442 5032  Mup - ok
19:44:03.0442 5032  [ 97CCA67FCDABB8441149F04B34ABF510 ] mvs91xx        C:\Windows\system32\DRIVERS\mvs91xx.sys
19:44:03.0457 5032  mvs91xx - ok
19:44:03.0457 5032  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:44:03.0488 5032  napagent - ok
19:44:03.0488 5032  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:44:03.0504 5032  NativeWifiP - ok
19:44:03.0520 5032  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:44:03.0535 5032  NDIS - ok
19:44:03.0535 5032  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:03.0551 5032  NdisCap - ok
19:44:03.0551 5032  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:03.0582 5032  NdisTapi - ok
19:44:03.0582 5032  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:03.0598 5032  Ndisuio - ok
19:44:03.0598 5032  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:03.0629 5032  NdisWan - ok
19:44:03.0629 5032  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:44:03.0644 5032  NDProxy - ok
19:44:03.0644 5032  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:44:03.0660 5032  NetBIOS - ok
19:44:03.0676 5032  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:44:03.0691 5032  NetBT - ok
19:44:03.0691 5032  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:44:03.0707 5032  Netlogon - ok
19:44:03.0707 5032  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:44:03.0722 5032  Netman - ok
19:44:03.0738 5032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:03.0738 5032  NetMsmqActivator - ok
19:44:03.0738 5032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:03.0754 5032  NetPipeActivator - ok
19:44:03.0754 5032  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:44:03.0785 5032  netprofm - ok
19:44:03.0785 5032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:03.0785 5032  NetTcpActivator - ok
19:44:03.0785 5032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:03.0800 5032  NetTcpPortSharing - ok
19:44:03.0800 5032  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
19:44:03.0800 5032  nfrd960 - ok
19:44:03.0800 5032  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:44:03.0816 5032  NisDrv - ok
19:44:03.0816 5032  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:44:03.0832 5032  NisSrv - ok
19:44:03.0832 5032  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:44:03.0847 5032  NlaSvc - ok
19:44:03.0847 5032  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:44:03.0863 5032  Npfs - ok
19:44:03.0863 5032  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
19:44:03.0878 5032  nsi - ok
19:44:03.0894 5032  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:44:03.0910 5032  nsiproxy - ok
19:44:03.0925 5032  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:44:03.0941 5032  Ntfs - ok
19:44:03.0956 5032  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:44:03.0972 5032  Null - ok
19:44:03.0972 5032  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
19:44:03.0988 5032  NVHDA - ok
19:44:04.0050 5032  [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:04.0159 5032  nvlddmkm - ok
19:44:04.0159 5032  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:44:04.0175 5032  nvraid - ok
19:44:04.0175 5032  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:44:04.0175 5032  nvstor - ok
19:44:04.0190 5032  [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc          C:\Windows\system32\nvvsvc.exe
19:44:04.0206 5032  nvsvc - ok
19:44:04.0222 5032  [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:44:04.0237 5032  nvUpdatusService - ok
19:44:04.0237 5032  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:44:04.0253 5032  nv_agp - ok
19:44:04.0253 5032  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:44:04.0253 5032  ohci1394 - ok
19:44:04.0268 5032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:44:04.0268 5032  p2pimsvc - ok
19:44:04.0284 5032  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:44:04.0284 5032  p2psvc - ok
19:44:04.0300 5032  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
19:44:04.0300 5032  Parport - ok
19:44:04.0300 5032  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:44:04.0315 5032  partmgr - ok
19:44:04.0315 5032  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:44:04.0331 5032  PcaSvc - ok
19:44:04.0331 5032  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
19:44:04.0331 5032  pci - ok
19:44:04.0331 5032  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:44:04.0346 5032  pciide - ok
19:44:04.0346 5032  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:44:04.0362 5032  pcmcia - ok
19:44:04.0362 5032  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
19:44:04.0362 5032  pcw - ok
19:44:04.0378 5032  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:44:04.0393 5032  PEAUTH - ok
19:44:04.0409 5032  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:44:04.0409 5032  PerfHost - ok
19:44:04.0424 5032  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
19:44:04.0456 5032  pla - ok
19:44:04.0471 5032  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:44:04.0487 5032  PlugPlay - ok
19:44:04.0487 5032  PnkBstrA - ok
19:44:04.0487 5032  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:44:04.0487 5032  PNRPAutoReg - ok
19:44:04.0502 5032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:44:04.0502 5032  PNRPsvc - ok
19:44:04.0502 5032  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:44:04.0534 5032  PolicyAgent - ok
19:44:04.0534 5032  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
19:44:04.0565 5032  Power - ok
19:44:04.0565 5032  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:44:04.0580 5032  PptpMiniport - ok
19:44:04.0580 5032  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
19:44:04.0596 5032  Processor - ok
19:44:04.0596 5032  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
19:44:04.0612 5032  ProfSvc - ok
19:44:04.0612 5032  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:44:04.0612 5032  ProtectedStorage - ok
19:44:04.0612 5032  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:44:04.0643 5032  Psched - ok
19:44:04.0658 5032  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:44:04.0674 5032  ql2300 - ok
19:44:04.0674 5032  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:44:04.0690 5032  ql40xx - ok
19:44:04.0690 5032  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
19:44:04.0705 5032  QWAVE - ok
19:44:04.0705 5032  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:44:04.0705 5032  QWAVEdrv - ok
19:44:04.0705 5032  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:44:04.0736 5032  RasAcd - ok
19:44:04.0736 5032  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:44:04.0752 5032  RasAgileVpn - ok
19:44:04.0752 5032  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
19:44:04.0783 5032  RasAuto - ok
19:44:04.0783 5032  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:04.0799 5032  Rasl2tp - ok
19:44:04.0814 5032  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:44:04.0830 5032  RasMan - ok
19:44:04.0830 5032  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:04.0861 5032  RasPppoe - ok
19:44:04.0861 5032  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:44:04.0877 5032  RasSstp - ok
19:44:04.0892 5032  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:44:04.0908 5032  rdbss - ok
19:44:04.0908 5032  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:44:04.0924 5032  rdpbus - ok
19:44:04.0924 5032  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:04.0939 5032  RDPCDD - ok
19:44:04.0939 5032  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:44:04.0970 5032  RDPENCDD - ok
19:44:04.0970 5032  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:44:04.0986 5032  RDPREFMP - ok
19:44:04.0986 5032  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:44:05.0002 5032  RdpVideoMiniport - ok
19:44:05.0002 5032  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:44:05.0017 5032  RDPWD - ok
19:44:05.0017 5032  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:44:05.0017 5032  rdyboost - ok
19:44:05.0017 5032  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:44:05.0048 5032  RemoteAccess - ok
19:44:05.0048 5032  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:44:05.0064 5032  RemoteRegistry - ok
19:44:05.0080 5032  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:44:05.0095 5032  RpcEptMapper - ok
19:44:05.0095 5032  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:44:05.0111 5032  RpcLocator - ok
19:44:05.0111 5032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
19:44:05.0126 5032  RpcSs - ok
19:44:05.0126 5032  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:44:05.0158 5032  rspndr - ok
19:44:05.0158 5032  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
19:44:05.0158 5032  SamSs - ok
19:44:05.0158 5032  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:44:05.0173 5032  sbp2port - ok
19:44:05.0173 5032  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:44:05.0204 5032  SCardSvr - ok
19:44:05.0204 5032  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:44:05.0220 5032  scfilter - ok
19:44:05.0236 5032  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:44:05.0267 5032  Schedule - ok
19:44:05.0267 5032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:44:05.0282 5032  SCPolicySvc - ok
19:44:05.0282 5032  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:44:05.0298 5032  SDRSVC - ok
19:44:05.0298 5032  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:44:05.0314 5032  secdrv - ok
19:44:05.0329 5032  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:44:05.0345 5032  seclogon - ok
19:44:05.0345 5032  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:44:05.0360 5032  SENS - ok
19:44:05.0376 5032  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:44:05.0376 5032  SensrSvc - ok
19:44:05.0376 5032  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:44:05.0392 5032  Serenum - ok
19:44:05.0392 5032  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:44:05.0392 5032  Serial - ok
19:44:05.0407 5032  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:44:05.0407 5032  sermouse - ok
19:44:05.0407 5032  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:44:05.0438 5032  SessionEnv - ok
19:44:05.0438 5032  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:44:05.0438 5032  sffdisk - ok
19:44:05.0454 5032  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:44:05.0454 5032  sffp_mmc - ok
19:44:05.0454 5032  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:44:05.0470 5032  sffp_sd - ok
19:44:05.0470 5032  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
19:44:05.0470 5032  sfloppy - ok
19:44:05.0485 5032  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:44:05.0501 5032  SharedAccess - ok
19:44:05.0501 5032  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:44:05.0532 5032  ShellHWDetection - ok
19:44:05.0532 5032  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:44:05.0532 5032  SiSRaid2 - ok
19:44:05.0548 5032  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:44:05.0548 5032  SiSRaid4 - ok
19:44:05.0548 5032  [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
19:44:05.0563 5032  SkypeUpdate - ok
19:44:05.0563 5032  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:44:05.0579 5032  Smb - ok
19:44:05.0579 5032  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:44:05.0594 5032  SNMPTRAP - ok
19:44:05.0594 5032  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:44:05.0594 5032  spldr - ok
19:44:05.0610 5032  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
19:44:05.0626 5032  Spooler - ok
19:44:05.0641 5032  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:44:05.0688 5032  sppsvc - ok
19:44:05.0704 5032  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:44:05.0719 5032  sppuinotify - ok
19:44:05.0719 5032  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:44:05.0735 5032  srv - ok
19:44:05.0735 5032  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:44:05.0750 5032  srv2 - ok
19:44:05.0750 5032  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:44:05.0766 5032  srvnet - ok
19:44:05.0766 5032  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:44:05.0782 5032  SSDPSRV - ok
19:44:05.0797 5032  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:44:05.0813 5032  SstpSvc - ok
19:44:05.0813 5032  Steam Client Service - ok
19:44:05.0828 5032  [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:44:05.0828 5032  Stereo Service - ok
19:44:05.0828 5032  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:44:05.0844 5032  stexstor - ok
19:44:05.0844 5032  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:44:05.0860 5032  stisvc - ok
19:44:05.0860 5032  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:44:05.0860 5032  swenum - ok
19:44:05.0875 5032  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
19:44:05.0891 5032  swprv - ok
19:44:05.0906 5032  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
19:44:05.0938 5032  SysMain - ok
19:44:05.0938 5032  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:05.0953 5032  TabletInputService - ok
19:44:05.0953 5032  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:44:05.0984 5032  TapiSrv - ok
19:44:05.0984 5032  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
19:44:06.0000 5032  TBS - ok
19:44:06.0016 5032  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:44:06.0047 5032  Tcpip - ok
19:44:06.0062 5032  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:44:06.0078 5032  TCPIP6 - ok
19:44:06.0078 5032  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:44:06.0094 5032  tcpipreg - ok
19:44:06.0094 5032  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:44:06.0094 5032  TDPIPE - ok
19:44:06.0109 5032  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:44:06.0109 5032  TDTCP - ok
19:44:06.0109 5032  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:44:06.0125 5032  tdx - ok
19:44:06.0140 5032  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:44:06.0140 5032  TermDD - ok
19:44:06.0156 5032  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
19:44:06.0172 5032  TermService - ok
19:44:06.0172 5032  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:44:06.0187 5032  Themes - ok
19:44:06.0187 5032  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
19:44:06.0218 5032  THREADORDER - ok
19:44:06.0218 5032  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:44:06.0234 5032  TrkWks - ok
19:44:06.0234 5032  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:44:06.0265 5032  TrustedInstaller - ok
19:44:06.0265 5032  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:06.0281 5032  tssecsrv - ok
19:44:06.0281 5032  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:44:06.0296 5032  TsUsbFlt - ok
19:44:06.0296 5032  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
19:44:06.0296 5032  TsUsbGD - ok
19:44:06.0312 5032  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:44:06.0328 5032  tunnel - ok
19:44:06.0328 5032  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:44:06.0343 5032  uagp35 - ok
19:44:06.0343 5032  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:44:06.0359 5032  udfs - ok
19:44:06.0374 5032  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:44:06.0374 5032  UI0Detect - ok
19:44:06.0374 5032  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:44:06.0390 5032  uliagpkx - ok
19:44:06.0390 5032  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
19:44:06.0390 5032  umbus - ok
19:44:06.0390 5032  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:44:06.0406 5032  UmPass - ok
19:44:06.0406 5032  [ 0F9E1BC7E2BEA1A4108EC9736CF0C2D9 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:44:06.0421 5032  UNS - ok
19:44:06.0421 5032  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:44:06.0452 5032  upnphost - ok
19:44:06.0452 5032  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:44:06.0468 5032  usbccgp - ok
19:44:06.0468 5032  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:44:06.0468 5032  usbcir - ok
19:44:06.0484 5032  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
19:44:06.0484 5032  usbehci - ok
19:44:06.0484 5032  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:44:06.0499 5032  usbhub - ok
19:44:06.0499 5032  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
19:44:06.0499 5032  usbohci - ok
19:44:06.0515 5032  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:44:06.0515 5032  usbprint - ok
19:44:06.0515 5032  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:44:06.0530 5032  USBSTOR - ok
19:44:06.0530 5032  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
19:44:06.0530 5032  usbuhci - ok
19:44:06.0546 5032  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
19:44:06.0562 5032  UxSms - ok
19:44:06.0562 5032  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:44:06.0577 5032  VaultSvc - ok
19:44:06.0577 5032  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:44:06.0577 5032  vdrvroot - ok
19:44:06.0593 5032  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
19:44:06.0608 5032  vds - ok
19:44:06.0608 5032  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:06.0624 5032  vga - ok
19:44:06.0624 5032  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:44:06.0640 5032  VgaSave - ok
19:44:06.0655 5032  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:44:06.0655 5032  vhdmp - ok
19:44:06.0671 5032  [ E8AF45C4FE2457D003E1842806F38748 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:44:06.0702 5032  VIAHdAudAddService - ok
19:44:06.0702 5032  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:44:06.0702 5032  viaide - ok
19:44:06.0702 5032  [ 05D6657A9CCFD269D05D41BFFDCE9498 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:44:06.0718 5032  VIAKaraokeService - ok
19:44:06.0718 5032  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:44:06.0718 5032  volmgr - ok
19:44:06.0733 5032  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:44:06.0733 5032  volmgrx - ok
19:44:06.0733 5032  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:44:06.0749 5032  volsnap - ok
19:44:06.0749 5032  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
19:44:06.0764 5032  vsmraid - ok
19:44:06.0780 5032  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
19:44:06.0811 5032  VSS - ok
19:44:06.0811 5032  [ 316A1762BD41C3DB06EB484527838E2D ] VUSB3HUB        C:\Windows\system32\DRIVERS\ViaHub3.sys
19:44:06.0811 5032  VUSB3HUB - ok
19:44:06.0827 5032  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:44:06.0827 5032  vwifibus - ok
19:44:06.0827 5032  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
19:44:06.0858 5032  W32Time - ok
19:44:06.0858 5032  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:44:06.0874 5032  WacomPen - ok
19:44:06.0874 5032  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:44:06.0889 5032  WANARP - ok
19:44:06.0889 5032  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:44:06.0905 5032  Wanarpv6 - ok
19:44:06.0920 5032  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:44:06.0952 5032  wbengine - ok
19:44:06.0952 5032  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:44:06.0967 5032  WbioSrvc - ok
19:44:06.0967 5032  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:44:06.0983 5032  wcncsvc - ok
19:44:06.0983 5032  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:44:06.0983 5032  WcsPlugInService - ok
19:44:06.0998 5032  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:44:06.0998 5032  Wd - ok
19:44:06.0998 5032  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:44:07.0014 5032  Wdf01000 - ok
19:44:07.0030 5032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:44:07.0045 5032  WdiServiceHost - ok
19:44:07.0045 5032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:44:07.0061 5032  WdiSystemHost - ok
19:44:07.0061 5032  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
19:44:07.0076 5032  WebClient - ok
19:44:07.0076 5032  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:44:07.0108 5032  Wecsvc - ok
19:44:07.0108 5032  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:44:07.0123 5032  wercplsupport - ok
19:44:07.0123 5032  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:44:07.0154 5032  WerSvc - ok
19:44:07.0154 5032  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:44:07.0170 5032  WfpLwf - ok
19:44:07.0170 5032  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:44:07.0186 5032  WIMMount - ok
19:44:07.0186 5032  WinDefend - ok
19:44:07.0186 5032  WinHttpAutoProxySvc - ok
19:44:07.0201 5032  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:44:07.0217 5032  Winmgmt - ok
19:44:07.0232 5032  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
19:44:07.0264 5032  WinRM - ok
19:44:07.0279 5032  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:44:07.0295 5032  Wlansvc - ok
19:44:07.0310 5032  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:44:07.0342 5032  wlidsvc - ok
19:44:07.0342 5032  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
19:44:07.0357 5032  WmiAcpi - ok
19:44:07.0357 5032  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:44:07.0373 5032  wmiApSrv - ok
19:44:07.0373 5032  WMPNetworkSvc - ok
19:44:07.0373 5032  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:44:07.0373 5032  WPCSvc - ok
19:44:07.0388 5032  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:44:07.0388 5032  WPDBusEnum - ok
19:44:07.0404 5032  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:44:07.0420 5032  ws2ifsl - ok
19:44:07.0420 5032  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:44:07.0435 5032  wscsvc - ok
19:44:07.0435 5032  WSearch - ok
19:44:07.0451 5032  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:44:07.0482 5032  wuauserv - ok
19:44:07.0482 5032  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:44:07.0498 5032  WudfPf - ok
19:44:07.0498 5032  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:07.0513 5032  WUDFRd - ok
19:44:07.0513 5032  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:44:07.0513 5032  wudfsvc - ok
19:44:07.0529 5032  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:44:07.0529 5032  WwanSvc - ok
19:44:07.0544 5032  [ FFDB0ED9D1D453F7F19DE55FE0706195 ] xhcdrv          C:\Windows\system32\DRIVERS\xhcdrv.sys
19:44:07.0544 5032  xhcdrv - ok
19:44:07.0544 5032  [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
19:44:07.0560 5032  xusb21 - ok
19:44:07.0560 5032  ================ Scan global ===============================
19:44:07.0560 5032  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:44:07.0560 5032  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:44:07.0560 5032  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:44:07.0576 5032  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:44:07.0576 5032  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:44:07.0576 5032  [Global] - ok
19:44:07.0576 5032  ================ Scan MBR ==================================
19:44:07.0576 5032  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:44:07.0591 5032  \Device\Harddisk0\DR0 - ok
19:44:07.0607 5032  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:44:07.0669 5032  \Device\Harddisk1\DR1 - ok
19:44:07.0669 5032  ================ Scan VBR ==================================
19:44:07.0669 5032  [ FAF9E5601B0064ED9BA3D7E64F380BD0 ] \Device\Harddisk0\DR0\Partition1
19:44:07.0669 5032  \Device\Harddisk0\DR0\Partition1 - ok
19:44:07.0669 5032  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
19:44:07.0669 5032  \Device\Harddisk0\DR0\Partition2 - ok
19:44:07.0685 5032  [ E4CA2EBE930A95D085E1D01094F7B8F7 ] \Device\Harddisk0\DR0\Partition3
19:44:07.0685 5032  \Device\Harddisk0\DR0\Partition3 - ok
19:44:07.0685 5032  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
19:44:07.0685 5032  \Device\Harddisk1\DR1\Partition1 - ok
19:44:07.0685 5032  [ D04E8386BC6E14B4D9C4527F777544D9 ] \Device\Harddisk1\DR1\Partition2
19:44:07.0685 5032  \Device\Harddisk1\DR1\Partition2 - ok
19:44:07.0685 5032  ============================================================
19:44:07.0685 5032  Scan finished
19:44:07.0685 5032  ============================================================
19:44:07.0685 1568  Detected object count: 2
19:44:07.0685 1568  Actual detected object count: 2
19:44:14.0424 1568  ICCS ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:14.0424 1568  ICCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:14.0424 1568  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:14.0424 1568  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 21.12.2012 19:49
Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Kapott 21.12.2012 20:25
Anbei das Combifix-Log:

Code:
ComboFix 12-12-20.02 - Hugo Bosnickel 21.12.2012  20:18:08.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.16346.14646 [GMT 1:00]
ausgeführt von:: c:\users\Hugo Bosnickel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-11-21 bis 2012-12-21  ))))))))))))))))))))))))))))))
.
.
2012-12-21 19:19 . 2012-12-21 19:19        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-12-21 19:19 . 2012-12-21 19:19        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-12-21 18:22 . 2012-12-21 18:22        --------        d-----w-        C:\_OTL
2012-12-20 21:36 . 2012-12-16 17:11        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-20 21:36 . 2012-12-16 14:45        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-20 21:36 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-20 21:36 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-20 19:24 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8798909-21EB-416D-8AF8-04F73F1FF3EA}\mpengine.dll
2012-12-19 21:44 . 2012-12-19 21:44        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Roaming\LolClient
2012-12-19 20:42 . 2008-07-12 07:18        467984        ----a-w-        c:\windows\SysWow64\d3dx10_39.dll
2012-12-19 20:42 . 2008-07-12 07:18        3851784        ----a-w-        c:\windows\SysWow64\D3DX9_39.dll
2012-12-19 20:42 . 2008-07-12 07:18        1493528        ----a-w-        c:\windows\SysWow64\D3DCompiler_39.dll
2012-12-19 19:02 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-19 18:45 . 2012-12-21 19:19        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Local\PMB Files
2012-12-19 18:45 . 2012-12-19 21:50        --------        d-----w-        c:\programdata\PMB Files
2012-12-19 18:45 . 2012-12-19 18:45        --------        d-----w-        c:\program files (x86)\Pando Networks
2012-12-19 18:45 . 2012-12-19 18:45        --------        d-----w-        c:\users\Hugo Bosnickel\.swt
2012-12-16 15:48 . 2012-12-16 15:51        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Local\Play withSIX
2012-12-16 15:48 . 2012-12-16 15:48        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Roaming\Play withSIX
2012-12-16 15:48 . 2012-12-16 15:48        --------        d-----w-        c:\program files (x86)\SIX Networks
2012-12-12 23:12 . 2012-11-09 05:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-12-04 19:34 . 2012-12-04 19:34        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2012-12-02 14:54 . 2012-12-02 14:54        --------        d-----w-        c:\program files (x86)\PDFCanvas
2012-12-02 00:09 . 2012-12-02 00:09        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Local\BeamDog
2012-12-02 00:09 . 2012-12-02 00:09        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2012-12-02 00:09 . 2012-12-02 00:09        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2012-12-02 00:09 . 2012-12-02 00:09        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2012-12-02 00:09 . 2012-12-02 00:09        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2012-12-02 00:09 . 2012-12-02 00:09        --------        d-----w-        c:\program files (x86)\OpenAL
2012-12-01 23:59 . 2012-12-21 18:24        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox
2012-12-01 18:08 . 2012-12-01 18:08        --------        d-----w-        c:\users\Hugo Bosnickel\.tokentool
2012-12-01 17:48 . 2012-12-01 17:48        --------        d-----w-        c:\program files\Paint.NET
2012-12-01 17:47 . 2012-12-01 17:48        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Local\Paint.NET
2012-12-01 14:06 . 2012-12-01 14:06        --------        d-----w-        c:\users\Hugo Bosnickel\.maptool
2012-12-01 14:05 . 2012-12-01 14:05        --------        d-----w-        c:\program files\MapTools
2012-11-30 21:43 . 2012-11-30 21:43        438632        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2012-11-30 21:39 . 2012-12-21 18:07        --------        d-----w-        c:\programdata\Hero Lab
2012-11-30 21:39 . 2012-11-30 21:39        --------        d-----w-        c:\program files (x86)\Hero Lab
2012-11-28 19:30 . 2012-11-28 19:30        972264        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{423D9E70-795E-4514-9207-A7FD5B7C012A}\gapaengine.dll
2012-11-28 19:30 . 2012-10-28 19:38        972192        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-25 19:58 . 2012-11-25 19:59        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Local\Ubisoft Game Launcher
2012-11-25 19:56 . 2012-11-25 19:56        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Roaming\Ubisoft
2012-11-25 19:56 . 2012-11-25 19:56        --------        d-----w-        c:\programdata\Ubisoft
2012-11-25 19:55 . 2012-11-25 19:55        --------        d-----w-        c:\program files (x86)\Ubisoft
2012-11-22 20:49 . 2012-11-22 20:49        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Local\SCE
2012-11-22 20:49 . 2012-11-22 20:49        --------        d-----w-        C:\Crash
2012-11-22 20:49 . 2012-11-22 20:49        --------        d-----w-        c:\users\Hugo Bosnickel\AppData\Local\Sony Online Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 00:09 . 2012-10-28 19:34        67413224        ----a-w-        c:\windows\system32\MRT.exe
2012-12-03 15:47 . 2012-10-27 00:28        983936        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-12-03 15:47 . 2012-10-27 00:28        2816824        ----a-w-        c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-10-27 00:28        2496976        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-10-27 00:28        1805672        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-10-27 00:28        15122280        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-10-27 00:28        1504104        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-10-27 00:28        15016256        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-10-27 00:28        12603960        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-12-01 05:49 . 2012-10-27 00:29        3663213        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-10-27 00:29        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2012-10-27 00:29        63336        ----a-w-        c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-10-27 00:29        118120        ----a-w-        c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-10-27 00:29        890216        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-10-27 00:29        6223208        ----a-w-        c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-10-27 00:29        3311464        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-11-19 11:14 . 2012-11-17 18:14        298016        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-11-19 11:14 . 2012-11-17 18:07        298016        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-11-18 17:33 . 2012-11-17 18:07        298016        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-11-17 18:14 . 2012-11-17 18:07        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-11-17 17:59 . 2012-11-17 18:07        3130440        ----a-w-        c:\windows\SysWow64\pbsvc_blr.exe
2012-11-12 17:43 . 2012-10-28 19:23        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-12 17:43 . 2012-10-28 19:23        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-11 14:14 . 2012-11-11 14:14        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 14:14 . 2012-11-11 14:14        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-11-11 14:14 . 2012-11-11 14:14        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-10-28 22:28 . 2012-10-27 00:17        25640        ----a-w-        c:\windows\gdrv.sys
2012-10-28 20:15 . 2009-08-18 11:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-10-28 20:15 . 2009-08-18 10:24        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-28 19:27 . 2012-10-28 19:27        36069        ----a-w-        c:\program files\uninstall.exe
2012-10-27 00:17 . 2012-10-27 00:17        30528        ----a-w-        c:\windows\GVTDrv64.sys
2012-10-26 19:46 . 2012-10-26 19:46        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-10-26 19:46 . 2012-10-26 19:46        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-10-26 19:46 . 2012-10-26 19:46        89088        ----a-w-        c:\windows\system32\ie4uinit.exe
2012-10-26 19:46 . 2012-10-26 19:46        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-10-26 19:46 . 2012-10-26 19:46        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-10-26 19:46 . 2012-10-26 19:46        82432        ----a-w-        c:\windows\system32\icardie.dll
2012-10-26 19:46 . 2012-10-26 19:46        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-26 19:46 . 2012-10-26 19:46        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-10-26 19:46 . 2012-10-26 19:46        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-26 19:46 . 2012-10-26 19:46        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-10-26 19:46 . 2012-10-26 19:46        65024        ----a-w-        c:\windows\system32\pngfilt.dll
2012-10-26 19:46 . 2012-10-26 19:46        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-10-26 19:46 . 2012-10-26 19:46        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll
2012-10-26 19:46 . 2012-10-26 19:46        534528        ----a-w-        c:\windows\system32\ieapfltr.dll
2012-10-26 19:46 . 2012-10-26 19:46        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-10-26 19:46 . 2012-10-26 19:46        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-10-26 19:46 . 2012-10-26 19:46        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-10-26 19:46 . 2012-10-26 19:46        452608        ----a-w-        c:\windows\system32\dxtmsft.dll
2012-10-26 19:46 . 2012-10-26 19:46        448512        ----a-w-        c:\windows\system32\html.iec
2012-10-26 19:46 . 2012-10-26 19:46        403248        ----a-w-        c:\windows\system32\iedkcs32.dll
2012-10-26 19:46 . 2012-10-26 19:46        39936        ----a-w-        c:\windows\system32\iernonce.dll
2012-10-26 19:46 . 2012-10-26 19:46        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat
2012-10-26 19:46 . 2012-10-26 19:46        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-10-26 19:46 . 2012-10-26 19:46        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-10-26 19:46 . 2012-10-26 19:46        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-10-26 19:46 . 2012-10-26 19:46        282112        ----a-w-        c:\windows\system32\dxtrans.dll
2012-10-26 19:46 . 2012-10-26 19:46        267776        ----a-w-        c:\windows\system32\ieaksie.dll
2012-10-26 19:46 . 2012-10-26 19:46        249344        ----a-w-        c:\windows\system32\webcheck.dll
2012-10-26 19:46 . 2012-10-26 19:46        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-10-26 19:46 . 2012-10-26 19:46        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-10-26 19:46 . 2012-10-26 19:46        197120        ----a-w-        c:\windows\system32\msrating.dll
2012-10-26 19:46 . 2012-10-26 19:46        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-10-26 19:46 . 2012-10-26 19:46        163840        ----a-w-        c:\windows\system32\ieakui.dll
2012-10-26 19:46 . 2012-10-26 19:46        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-10-26 19:46 . 2012-10-26 19:46        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-10-26 19:46 . 2012-10-26 19:46        160256        ----a-w-        c:\windows\system32\ieakeng.dll
2012-10-26 19:46 . 2012-10-26 19:46        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-10-26 19:46 . 2012-10-26 19:46        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-10-26 19:46 . 2012-10-26 19:46        149504        ----a-w-        c:\windows\system32\occache.dll
2012-10-26 19:46 . 2012-10-26 19:46        145920        ----a-w-        c:\windows\system32\iepeers.dll
2012-10-26 19:46 . 2012-10-26 19:46        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-10-26 19:46 . 2012-10-26 19:46        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-10-26 19:46 . 2012-10-26 19:46        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-10-26 19:46 . 2012-10-26 19:46        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-10-26 19:46 . 2012-10-26 19:46        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-10-26 19:46 . 2012-10-26 19:46        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-10-26 19:46 . 2012-10-26 19:46        10752        ----a-w-        c:\windows\system32\msfeedssync.exe
2012-10-26 19:46 . 2012-10-26 19:46        103936        ----a-w-        c:\windows\system32\inseng.dll
2012-10-26 19:46 . 2012-10-26 19:46        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-10-17 00:31 . 2012-10-27 00:23        9291768        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0205B11-B257-4EC6-A8B0-3A1395E8C0BD}\mpengine.dll
2012-10-16 08:38 . 2012-11-28 19:23        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 19:23        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 19:23        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-10-12 15:35 . 2012-10-12 15:35        50856        ----a-w-        c:\windows\system32\drivers\point64.sys
2012-10-12 15:35 . 2012-10-12 15:35        1795952        ----a-w-        c:\windows\system32\WdfCoInstaller01011.dll
2012-10-09 18:17 . 2012-11-15 05:51        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 05:51        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 05:51        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 05:51        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 23:12        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 05:51        1914248        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 05:51        70656        ----a-w-        c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 05:51        303104        ----a-w-        c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 05:51        246272        ----a-w-        c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 05:51        18944        ----a-w-        c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 05:51        216576        ----a-w-        c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 05:51        569344        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 05:51        18944        ----a-w-        c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 05:51        175104        ----a-w-        c:\windows\SysWow64\netcorehc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Spotify Web Helper"="c:\users\Hugo Bosnickel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Spotify"="c:\users\Hugo Bosnickel\AppData\Roaming\Spotify\spotify.exe" [2012-10-26 7880664]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-19 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Hugo Bosnickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28539728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 jfihxccc;jfihxccc;c:\windows\system32\drivers\jfihxccc.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2012-01-20 205312]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2012-01-20 254464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 32111855
*Deregistered* - 32111855
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Hugo Bosnickel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 212.18.3.5 212.18.0.5
FF - ProfilePath - c:\users\Hugo Bosnickel\AppData\Roaming\Mozilla\Firefox\Profiles\22u5pwby.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Guild Wars 2 - c:\program files (x86)\Guild Wars 2\Gw2.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-21  20:21:14
ComboFix-quarantined-files.txt  2012-12-21 19:21
.
Vor Suchlauf: 7.947.366.400 Bytes frei
Nach Suchlauf: 9.012.748.288 Bytes frei
.
- - End Of File - - 325C89D2C32A1AF1F8E0E78034858FC7

markusg 27.12.2012 16:02
Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Kapott 28.12.2012 22:18
Hallo,

anbei das Log:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.28.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hugo Bosnickel :: MEINER [Administrator]

28.12.2012 21:22:12
mbam-log-2012-12-28 (21-22-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 360569
Laufzeit: 7 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\12212012_192254\C_Users\Hugo Bosnickel\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 02.01.2013 21:35
lade den CCleaner standard:
CCleaner Download - CCleaner 3.26.1888
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27