Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.03.2012, 18:37   #1
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



Hallo, hab mir heute den "System-Check" Virus eingefangen, hab hier schon gestöbert und MAM schon durchgeführt. Hier der LOG:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schölldorf :: EUGEN [Administrator]

Schutz: Aktiviert

19.03.2012 17:11:45
mbam-log-2012-03-19 (17-11-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326771
Laufzeit: 32 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\ldmtqETJLYi.exe (Rogue.FakeHDD) -> 4964 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ldmtqETJLYi.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\ldmtqETJLYi.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\ldmtqETJLYi.exe (Rogue.FakeHDD) -> Löschen bei Neustart.
C:\Users\Schölldorf\AppData\Local\Temp\a9DjoBvG9bcQ7E.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



System: Windows 7 professional 64 bit

Könnte mir jemand helfen, wies weitergeht..

Danke Euch

Gruesse Eugenius

Alt 20.03.2012, 16:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 20.03.2012, 16:29   #3
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



Hallo,

zunächst mal danke.

Nein, hab in der Vergangenheit - also vor dem Befall - Malwarebytes nie benutzt.

Allerdings hab ichs nach dem ersten mal noch ein oder zwei mal scannen lassen. Brauchst Du die auch noch?

Eugenius
__________________

Alt 20.03.2012, 16:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



Ja alles posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2012, 17:39   #5
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



ok, ich versuchs mal:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schölldorf :: EUGEN [Administrator]

Schutz: Aktiviert

19.03.2012 17:11:45
mbam-log-2012-03-19 (17-11-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326771
Laufzeit: 32 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\ldmtqETJLYi.exe (Rogue.FakeHDD) -> 4964 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ldmtqETJLYi.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\ldmtqETJLYi.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\ldmtqETJLYi.exe (Rogue.FakeHDD) -> Löschen bei Neustart.
C:\Users\Schölldorf\AppData\Local\Temp\a9DjoBvG9bcQ7E.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
der nächste:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schölldorf :: EUGEN [Administrator]

Schutz: Aktiviert

19.03.2012 17:54:21
mbam-log-2012-03-19 (17-54-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 37401
Laufzeit: 1 Minute(n), 52 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und nochmal einer:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schölldorf :: EUGEN [Administrator]

Schutz: Aktiviert

19.03.2012 18:00:11
mbam-log-2012-03-19 (18-00-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326693
Laufzeit: 32 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ein weiterer:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schölldorf :: EUGEN [Administrator]

Schutz: Aktiviert

20.03.2012 11:21:08
mbam-log-2012-03-20 (11-21-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 329898
Laufzeit: 34 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
das ist auch ein log aber irgendwie anders:

Code:
ATTFilter
2012/03/19 17:06:02 +0100	EUGEN	Schölldorf	MESSAGE	Starting protection
2012/03/19 17:06:07 +0100	EUGEN	Schölldorf	MESSAGE	Protection started successfully
2012/03/19 17:06:10 +0100	EUGEN	Schölldorf	MESSAGE	Starting IP protection
2012/03/19 17:06:10 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection started successfully
2012/03/19 17:10:37 +0100	EUGEN	Schölldorf	MESSAGE	Starting protection
2012/03/19 17:10:38 +0100	EUGEN	Schölldorf	MESSAGE	Protection started successfully
2012/03/19 17:10:41 +0100	EUGEN	Schölldorf	MESSAGE	Starting IP protection
2012/03/19 17:10:43 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection started successfully
2012/03/19 17:11:02 +0100	EUGEN	Schölldorf	MESSAGE	Starting database refresh
2012/03/19 17:11:02 +0100	EUGEN	Schölldorf	MESSAGE	Stopping IP protection
2012/03/19 17:11:32 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection stopped
2012/03/19 17:11:33 +0100	EUGEN	Schölldorf	MESSAGE	Database refreshed successfully
2012/03/19 17:11:33 +0100	EUGEN	Schölldorf	MESSAGE	Starting IP protection
2012/03/19 17:11:34 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection started successfully
2012/03/19 17:55:19 +0100	EUGEN	Schölldorf	MESSAGE	Starting protection
2012/03/19 17:55:21 +0100	EUGEN	Schölldorf	MESSAGE	Protection started successfully
2012/03/19 17:55:24 +0100	EUGEN	Schölldorf	MESSAGE	Starting IP protection
2012/03/19 17:55:24 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection started successfully
2012/03/19 22:08:05 +0100	EUGEN	Schölldorf	MESSAGE	Starting protection
2012/03/19 22:08:08 +0100	EUGEN	Schölldorf	MESSAGE	Protection started successfully
2012/03/19 22:08:11 +0100	EUGEN	Schölldorf	MESSAGE	Starting IP protection
2012/03/19 22:08:11 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection started successfully
         
und noch einer dieser art, das war dann alles:

Code:
ATTFilter
2012/03/20 11:16:12 +0100	EUGEN	Schölldorf	MESSAGE	Starting protection
2012/03/20 11:16:14 +0100	EUGEN	Schölldorf	MESSAGE	Protection started successfully
2012/03/20 11:16:17 +0100	EUGEN	Schölldorf	MESSAGE	Starting IP protection
2012/03/20 11:16:18 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection started successfully
2012/03/20 11:57:28 +0100	EUGEN	Schölldorf	MESSAGE	Starting database refresh
2012/03/20 11:57:28 +0100	EUGEN	Schölldorf	MESSAGE	Stopping IP protection
2012/03/20 11:58:04 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection stopped
2012/03/20 11:58:10 +0100	EUGEN	Schölldorf	MESSAGE	Database refreshed successfully
2012/03/20 11:58:10 +0100	EUGEN	Schölldorf	MESSAGE	Starting IP protection
2012/03/20 11:58:10 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection started successfully
2012/03/20 12:08:04 +0100	EUGEN	Schölldorf	DETECTION	C:\ProgramData\DxBXP49UsUP4Bi.exe	Trojan.FakeAlert	QUARANTINE
2012/03/20 18:26:39 +0100	EUGEN	Schölldorf	MESSAGE	Starting protection
2012/03/20 18:26:40 +0100	EUGEN	Schölldorf	MESSAGE	Protection started successfully
2012/03/20 18:26:43 +0100	EUGEN	Schölldorf	MESSAGE	Starting IP protection
2012/03/20 18:26:44 +0100	EUGEN	Schölldorf	MESSAGE	IP Protection started successfully
         


Alt 20.03.2012, 17:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?

Alt 20.03.2012, 18:45   #7
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



hallo arne, mit dem eset online scanner komm ich nicht klar

bei schritt 2 von 4 (initialisierung) kommt immer : updates funktionieren nicht. Ist ein proxy eingerichtet?

soviel ich weiss ist kein proxy eingrichtet...

ah mit dem opera browser scheints zu gehn....

ok, bis dann

gruesse eugenius

Geändert von eugenius (20.03.2012 um 19:22 Uhr)

Alt 20.03.2012, 19:46   #8
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



hallo arne,

hier der log

Code:
ATTFilter
esets_apiW_a.dll - delete file error:Zugriff verweigert

OnlineCmdLineScanner.exe - delete file error:Zugriff verweigert

OnlineScanner.ocx - delete file error:Zugriff verweigert

OnlineScannerApp.exe - delete file error:Zugriff verweigert

esets_apiW_a.dll - copy file error :Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

OnlineCmdLineScanner.exe - copy file error :Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

OnlineScanner.ocx - copy file error :Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

OnlineScannerApp.exe - copy file error :Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=05bf18ae1d2d35449bb7f787216a5b2c
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-20 06:57:46
# local_time=2012-03-20 07:57:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 7986192 7986192 0 0
# compatibility_mode=5893 16776573 100 94 3872 83899676 0 0
# compatibility_mode=8192 67108863 100 0 6142 6142 0 0
# scanned=4992
# found=0
# cleaned=0
# scan_time=40
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=05bf18ae1d2d35449bb7f787216a5b2c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-20 07:39:44
# local_time=2012-03-20 08:39:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 7986393 7986393 0 0
# compatibility_mode=5893 16776574 100 94 3680 83899877 0 0
# compatibility_mode=8192 67108863 100 0 6343 6343 0 0
# scanned=130289
# found=0
# cleaned=0
# scan_time=2357
         

für heute mach ich mal vom acker. danke nochmals für die hilfe.

gruesse vom eugenius

Alt 21.03.2012, 13:36   #9
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



hallo nochmal, was ich vergessen hatte:

ich hab natürlich auch die üblichen ausfallerscheinungen. startmenue leer, dateien nicht mehr auffindbar usw.

ich bin heute nicht mehr da und morgen wieder erst ab dem späten nachmittag

würde mich freuen wenn ihr mir weiter helfen könnt, bis das system wieder läuft.

danke nochmals

gruesse vom eugenius

Alt 21.03.2012, 15:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2012, 08:42   #11
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



hier der Inhalt von OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.03.2012 09:30:01 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Schölldorf\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 4,34 Gb Available Physical Memory | 73,41% Memory free
11,81 Gb Paging File | 9,81 Gb Available in Paging File | 83,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,32 Gb Total Space | 860,16 Gb Free Space | 93,67% Space Free | Partition Type: NTFS
Drive D: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: EUGEN | User Name: Schölldorf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.23 09:24:15 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Schölldorf\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.19 10:32:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.19 10:31:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.12.19 10:30:59 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.12.19 10:30:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.19 10:30:52 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011.06.02 20:27:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
PRC - [2011.06.02 18:11:20 | 000,725,504 | ---- | M] (DELL COMPUTER INC.) -- C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
PRC - [2011.05.27 23:33:46 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
PRC - [2011.05.10 20:34:36 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.13 16:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011.04.01 23:08:30 | 000,660,480 | ---- | M] (DELL) -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
PRC - [2011.02.16 11:22:42 | 000,135,168 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
PRC - [2011.01.13 01:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
PRC - [2010.12.20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.06 21:37:54 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
PRC - [2010.12.01 21:07:46 | 000,176,128 | ---- | M] (Chicony) -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
PRC - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.11.02 04:40:30 | 002,006,664 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010.11.02 04:40:30 | 000,093,832 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010.11.02 04:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008.07.07 15:21:56 | 001,212,416 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Windows\SysWOW64\CodeMeter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.16 03:33:58 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012.02.16 03:26:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012.02.16 03:26:38 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012.02.16 03:26:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.16 03:26:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.16 03:26:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 03:26:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.16 03:26:19 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012.02.16 03:26:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.16 03:26:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.12.03 03:24:38 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
MOD - [2011.12.03 03:24:38 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011.12.03 03:24:10 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.12.03 03:24:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011.09.04 15:47:48 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
MOD - [2011.06.02 20:27:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
MOD - [2011.01.13 01:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
MOD - [2010.12.06 21:37:54 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
MOD - [2010.11.25 04:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.21 07:49:35 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010.11.21 07:49:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.11.02 04:40:34 | 000,087,176 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010.11.02 04:40:30 | 000,057,480 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010.11.02 04:40:24 | 000,248,968 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.19 10:32:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.19 10:31:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.12.19 10:30:59 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.12.19 10:30:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011.05.27 23:33:46 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe -- (Dell WMI Service)
SRV - [2011.05.10 20:34:36 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.31 20:08:18 | 000,077,984 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.31 15:59:16 | 000,100,352 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe -- (DCDhcpService)
SRV - [2011.02.16 11:22:42 | 000,135,168 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.12.20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.12.01 21:07:46 | 000,176,128 | ---- | M] (Chicony) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe -- (OSDSvc)
SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.02 04:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.07 15:21:56 | 001,212,416 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Windows\SysWOW64\CodeMeter.exe -- (CodeMeter.exe)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 09:14:28 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.19 10:32:29 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.19 10:32:27 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.24 09:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.10.07 09:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.09.04 15:47:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.04 15:47:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.08.09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2011.05.21 22:21:58 | 012,229,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.03 20:45:40 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.31 23:08:30 | 000,281,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.31 20:08:30 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.31 20:08:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.31 20:08:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.31 20:08:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.31 20:08:30 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.31 20:08:30 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.16 03:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.02.24 14:56:44 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.02.09 09:36:00 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2011.01.20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010.12.29 06:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.27 02:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009.06.10 21:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.25 02:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-2743954835-806480541-63646744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-2743954835-806480541-63646744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-2743954835-806480541-63646744-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-2743954835-806480541-63646744-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.09.04 14:08:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.09.04 14:08:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011.09.04 14:19:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.09.04 14:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.09.04 14:26:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.09.04 14:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.02 14:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.30 17:53:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Schölldorf\AppData\Roaming\mozilla\Extensions
[2012.03.19 19:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.19 19:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.02 14:53:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.09 06:46:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.09 06:46:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.09 06:46:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.09 06:46:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.09 06:46:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.09 06:46:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sch\u00F6lldorf\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Schölldorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Schölldorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Mail = C:\Users\Schölldorf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [DCHostUI] C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe (Atheros Communication)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Chicony_OSD] C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FAStartup]  File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2743954835-806480541-63646744-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2743954835-806480541-63646744-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85840D65-F06D-4E52-BD9D-900C15F18273}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.11 23:01:49 | 000,000,071 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{fdb66dc8-d6b9-11e0-b033-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fdb66dc8-d6b9-11e0-b033-806e6f6e6963}\Shell\AutoRun\command - "" = D:\win\Reader\AcroRD32.exe start.pdf
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.23 09:24:15 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Schölldorf\Desktop\OTL.exe
[2012.03.23 08:57:55 | 000,000,000 | R--D | C] -- C:\Users\Schölldorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.03.20 19:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.19 19:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.19 18:57:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Schölldorf\Desktop\dds(1).com
[2012.03.19 17:03:24 | 000,000,000 | -H-D | C] -- C:\Users\Schölldorf\AppData\Roaming\Malwarebytes
[2012.03.19 17:03:17 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.19 17:03:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012.03.19 17:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 17:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 14:28:21 | 000,000,000 | -H-D | C] -- C:\Users\Schölldorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.10 03:00:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.10 03:00:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.02.29 03:40:36 | 000,000,000 | -H-D | C] -- C:\SoftThinks
[2012.02.28 18:56:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.23 09:24:15 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Schölldorf\Desktop\OTL.exe
[2012.03.23 09:04:51 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 09:04:51 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 08:57:41 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.23 08:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.23 08:57:18 | 462,233,599 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.21 15:08:48 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.21 10:48:31 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.03.19 18:55:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Schölldorf\Desktop\dds(1).com
[2012.03.19 18:47:28 | 000,000,000 | ---- | M] () -- C:\Users\Schölldorf\defogger_reenable
[2012.03.19 17:09:16 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.19 14:30:03 | 000,000,464 | -H-- | M] () -- C:\ProgramData\DxBXP49UsUP4Bi
[2012.03.19 14:28:24 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~DxBXP49UsUP4Bi
[2012.03.19 14:28:24 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~DxBXP49UsUP4Bir
[2012.03.19 14:28:22 | 000,000,655 | -H-- | M] () -- C:\Users\Schölldorf\Desktop\System Check.lnk
[2012.03.19 12:22:41 | 000,000,432 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2012.03.16 09:13:10 | 000,131,072 | -H-- | M] () -- C:\Users\Schölldorf\Documents\TA2IMAGE 2012_03_16.BIN
[2012.03.14 22:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.03.14 07:53:40 | 000,461,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.03 18:16:50 | 000,131,072 | -H-- | M] () -- C:\Users\Schölldorf\Documents\TA2IMAGE 2012_03_03.BIN
[2012.03.01 11:26:00 | 000,131,072 | -H-- | M] () -- C:\Users\Schölldorf\Documents\TA2IMAGE 2012_03_01.BIN
[2012.03.01 02:02:08 | 000,366,284 | -H-- | M] () -- C:\Users\Schölldorf\Desktop\DGOUT00.DATtest
[2012.03.01 02:02:08 | 000,366,284 | -H-- | M] () -- C:\Users\Schölldorf\Desktop\DGOUT00.DAT
 
========== Files Created - No Company Name ==========
 
[2012.03.19 18:47:28 | 000,000,000 | ---- | C] () -- C:\Users\Schölldorf\defogger_reenable
[2012.03.19 17:09:16 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.19 14:28:24 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~DxBXP49UsUP4Bi
[2012.03.19 14:28:24 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~DxBXP49UsUP4Bir
[2012.03.19 14:28:22 | 000,000,655 | -H-- | C] () -- C:\Users\Schölldorf\Desktop\System Check.lnk
[2012.03.19 14:28:17 | 000,000,464 | -H-- | C] () -- C:\ProgramData\DxBXP49UsUP4Bi
[2012.03.16 09:13:10 | 000,131,072 | -H-- | C] () -- C:\Users\Schölldorf\Documents\TA2IMAGE 2012_03_16.BIN
[2012.03.03 18:16:50 | 000,131,072 | -H-- | C] () -- C:\Users\Schölldorf\Documents\TA2IMAGE 2012_03_03.BIN
[2012.03.01 02:24:31 | 000,131,072 | -H-- | C] () -- C:\Users\Schölldorf\Documents\TA2IMAGE 2012_03_01.BIN
[2012.03.01 02:04:35 | 000,366,284 | -H-- | C] () -- C:\Users\Schölldorf\Desktop\DGOUT00.DAT
[2012.03.01 02:03:04 | 000,366,284 | -H-- | C] () -- C:\Users\Schölldorf\Desktop\DGOUT00.DATtest
[2011.11.30 17:10:23 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.11.30 17:10:23 | 000,000,342 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.30 16:00:02 | 000,000,432 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011.11.30 16:00:02 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT
[2011.09.04 15:28:17 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.09.04 15:28:16 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.09.04 15:28:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.09.04 15:28:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.09.04 15:28:12 | 013,787,648 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.02.11 18:45:27 | 000,006,208 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.02 04:40:34 | 000,087,176 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010.11.02 04:40:30 | 000,057,480 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010.11.02 04:40:24 | 000,248,968 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
 
========== LOP Check ==========
 
[2011.11.30 13:59:06 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Leadertech
[2011.11.30 17:49:35 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Opera
[2012.03.14 22:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.03.19 17:10:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.21 10:48:31 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.13 15:21:53 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Adobe
[2011.11.30 14:58:27 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Atheros Communication
[2011.12.19 10:34:44 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Avira
[2011.11.30 17:46:51 | 000,000,000 | RH-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Brother
[2011.11.30 13:59:06 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Creative
[2011.11.30 13:58:25 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Identities
[2011.11.30 13:59:06 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Leadertech
[2011.11.30 14:05:53 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Macromedia
[2012.03.19 17:03:24 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Malwarebytes
[2010.11.21 08:00:36 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Media Center Programs
[2012.01.10 10:25:19 | 000,000,000 | --SD | M] -- C:\Users\Schölldorf\AppData\Roaming\Microsoft
[2011.11.30 17:53:03 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Mozilla
[2011.11.30 17:49:35 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Opera
[2011.11.30 13:59:11 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Roxio
[2011.11.30 17:24:55 | 000,000,000 | -H-D | M] -- C:\Users\Schölldorf\AppData\Roaming\Roxio Burn
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.06 03:45:48 | 000,438,808 | -H-- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Drivers\storage\R305783\iaStor.sys
[2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
[2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_05602dde0a28e7f4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.09.04 15:47:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.09.04 15:47:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.09.04 15:47:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.09.04 15:47:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.09.04 15:47:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.09.04 15:47:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.09.04 15:47:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.09.04 15:47:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\Schölldorf\Desktop\Frommeld Bestätigung.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
         
--- --- ---

[/code]

Alt 23.03.2012, 20:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKU\S-1-5-21-2743954835-806480541-63646744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-2743954835-806480541-63646744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-2743954835-806480541-63646744-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [FAStartup]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2743954835-806480541-63646744-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.11 23:01:49 | 000,000,071 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{fdb66dc8-d6b9-11e0-b033-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fdb66dc8-d6b9-11e0-b033-806e6f6e6963}\Shell\AutoRun\command - "" = D:\win\Reader\AcroRD32.exe start.pdf
[2012.03.19 14:28:21 | 000,000,000 | -H-D | C] -- C:\Users\Schölldorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.19 14:30:03 | 000,000,464 | -H-- | M] () -- C:\ProgramData\DxBXP49UsUP4Bi
[2012.03.19 14:28:24 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~DxBXP49UsUP4Bi
[2012.03.19 14:28:24 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~DxBXP49UsUP4Bir
@Alternate Data Stream - 168 bytes -> C:\Users\Schölldorf\Desktop\Frommeld Bestätigung.jpeg:3or4kl4x13tuuug3Byamue2s4b

:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2012, 07:12   #13
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



hallo arne,

hier das logfile nach dem fixen:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
HKU\S-1-5-21-2743954835-806480541-63646744-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2743954835-806480541-63646744-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2743954835-806480541-63646744-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2743954835-806480541-63646744-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdb66dc8-d6b9-11e0-b033-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdb66dc8-d6b9-11e0-b033-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdb66dc8-d6b9-11e0-b033-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdb66dc8-d6b9-11e0-b033-806e6f6e6963}\ not found.
File D:\win\Reader\AcroRD32.exe start.pdf not found.
C:\Users\Schölldorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\DxBXP49UsUP4Bi moved successfully.
C:\ProgramData\~DxBXP49UsUP4Bi moved successfully.
C:\ProgramData\~DxBXP49UsUP4Bir moved successfully.
ADS C:\Users\Schölldorf\Desktop\Frommeld Bestätigung.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Schölldorf
->Temp folder emptied: 105615355 bytes
->Temporary Internet Files folder emptied: 294197725 bytes
->Java cache emptied: 2097798 bytes
->FireFox cache emptied: 171206500 bytes
->Google Chrome cache emptied: 383952891 bytes
->Opera cache emptied: 775179 bytes
->Flash cache emptied: 2199 bytes
 
User: Sch÷lldorf
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 179080912 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 7322353839 bytes
 
Total Files Cleaned = 8.067,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03242012_075854

Files\Folders moved on Reboot...
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
C:\Users\Schölldorf\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
bis später dann...
gruesse vom eugenius

Alt 24.03.2012, 17:28   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2012, 18:34   #15
eugenius
 
"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Standard

"System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?



Hallo Arne, das hier müsste das log des tdsskillers sein

Code:
ATTFilter
18:43:45.0862 7108	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
18:43:46.0018 7108	============================================================
18:43:46.0018 7108	Current date / time: 2012/03/24 18:43:46.0018
18:43:46.0018 7108	SystemInfo:
18:43:46.0018 7108	
18:43:46.0018 7108	OS Version: 6.1.7601 ServicePack: 1.0
18:43:46.0018 7108	Product type: Workstation
18:43:46.0018 7108	ComputerName: EUGEN
18:43:46.0018 7108	UserName: Schölldorf
18:43:46.0018 7108	Windows directory: C:\Windows
18:43:46.0018 7108	System windows directory: C:\Windows
18:43:46.0018 7108	Running under WOW64
18:43:46.0018 7108	Processor architecture: Intel x64
18:43:46.0018 7108	Number of processors: 4
18:43:46.0018 7108	Page size: 0x1000
18:43:46.0018 7108	Boot type: Normal boot
18:43:46.0018 7108	============================================================
18:43:46.0361 7108	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:43:46.0361 7108	\Device\Harddisk0\DR0:
18:43:46.0361 7108	MBR used
18:43:46.0361 7108	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A4D000
18:43:46.0361 7108	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A61000, BlocksNum 0x72CA5000
18:43:46.0392 7108	Initialize success
18:43:46.0392 7108	============================================================
19:26:19.0966 11412	============================================================
19:26:19.0966 11412	Scan started
19:26:19.0966 11412	Mode: Manual; SigCheck; TDLFS; 
19:26:19.0966 11412	============================================================
19:26:20.0434 11412	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:26:20.0512 11412	1394ohci - ok
19:26:20.0543 11412	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:26:20.0543 11412	ACPI - ok
19:26:20.0574 11412	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:26:20.0621 11412	AcpiPmi - ok
19:26:20.0714 11412	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:26:20.0714 11412	AdobeARMservice - ok
19:26:20.0746 11412	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:26:20.0761 11412	adp94xx - ok
19:26:20.0792 11412	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:26:20.0792 11412	adpahci - ok
19:26:20.0808 11412	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:26:20.0824 11412	adpu320 - ok
19:26:20.0855 11412	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:26:20.0933 11412	AeLookupSvc - ok
19:26:21.0042 11412	AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:26:21.0042 11412	AERTFilters - ok
19:26:21.0104 11412	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:26:21.0151 11412	AFD - ok
19:26:21.0167 11412	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:26:21.0182 11412	agp440 - ok
19:26:21.0229 11412	aksdf           (44f360b65c37a42eb5b71c2e5179fdd5) C:\Windows\system32\drivers\aksdf.sys
19:26:21.0260 11412	aksdf - ok
19:26:21.0292 11412	akshasp         (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
19:26:21.0323 11412	akshasp - ok
19:26:21.0370 11412	aksusb          (27f2e2c89a1855b063fcac21eb7d6a73) C:\Windows\system32\DRIVERS\aksusb.sys
19:26:21.0385 11412	aksusb - ok
19:26:21.0432 11412	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:26:21.0463 11412	ALG - ok
19:26:21.0479 11412	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:26:21.0494 11412	aliide - ok
19:26:21.0510 11412	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:26:21.0526 11412	amdide - ok
19:26:21.0541 11412	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:26:21.0557 11412	AmdK8 - ok
19:26:21.0588 11412	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:26:21.0604 11412	AmdPPM - ok
19:26:21.0635 11412	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:26:21.0650 11412	amdsata - ok
19:26:21.0682 11412	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:26:21.0682 11412	amdsbs - ok
19:26:21.0697 11412	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:26:21.0713 11412	amdxata - ok
19:26:21.0775 11412	AntiVirMailService (f83fd8f520881b96f5344e99ef2c020b) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
19:26:21.0791 11412	AntiVirMailService - ok
19:26:21.0822 11412	AntiVirSchedulerService (237086b6f9d8f76e704828f7dc7edf4f) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:26:21.0822 11412	AntiVirSchedulerService - ok
19:26:21.0853 11412	AntiVirService  (a8842eeff2766b65e663180b80fb443f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:26:21.0869 11412	AntiVirService - ok
19:26:21.0884 11412	AntiVirWebService (fbd59710700762c619cd3124412b4d30) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:26:21.0900 11412	AntiVirWebService - ok
19:26:21.0916 11412	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:26:22.0056 11412	AppID - ok
19:26:22.0087 11412	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:26:22.0118 11412	AppIDSvc - ok
19:26:22.0165 11412	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:26:22.0196 11412	Appinfo - ok
19:26:22.0274 11412	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:26:22.0321 11412	AppMgmt - ok
19:26:22.0352 11412	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:26:22.0368 11412	arc - ok
19:26:22.0384 11412	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:26:22.0399 11412	arcsas - ok
19:26:22.0462 11412	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:26:22.0462 11412	aspnet_state - ok
19:26:22.0508 11412	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:22.0540 11412	AsyncMac - ok
19:26:22.0586 11412	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:26:22.0586 11412	atapi - ok
19:26:22.0618 11412	AthBTPort       (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
19:26:22.0618 11412	AthBTPort - ok
19:26:22.0664 11412	Atheros Bt&Wlan Coex Agent (833095b04ec9fb2a9e6f7c1f8d45058d) C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
19:26:22.0664 11412	Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
19:26:22.0664 11412	Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
19:26:22.0696 11412	AtherosSvc      (6dadbacc5d46339f5f58656f2451d3bf) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
19:26:22.0711 11412	AtherosSvc - ok
19:26:22.0774 11412	athr            (80d6820ddb5427363a9d3f2137441c83) C:\Windows\system32\DRIVERS\athrx.sys
19:26:22.0852 11412	athr - ok
19:26:22.0898 11412	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:26:22.0945 11412	AudioEndpointBuilder - ok
19:26:22.0945 11412	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:26:22.0976 11412	AudioSrv - ok
19:26:23.0039 11412	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:26:23.0054 11412	avgntflt - ok
19:26:23.0164 11412	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
19:26:23.0164 11412	avipbb - ok
19:26:23.0195 11412	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:26:23.0195 11412	avkmgr - ok
19:26:23.0226 11412	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:26:23.0242 11412	AxInstSV - ok
19:26:23.0288 11412	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:26:23.0335 11412	b06bdrv - ok
19:26:23.0351 11412	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:26:23.0382 11412	b57nd60a - ok
19:26:23.0429 11412	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:26:23.0460 11412	BDESVC - ok
19:26:23.0507 11412	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:26:23.0554 11412	Beep - ok
19:26:23.0600 11412	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:26:23.0647 11412	BFE - ok
19:26:23.0678 11412	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:26:23.0725 11412	BITS - ok
19:26:23.0756 11412	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:26:23.0772 11412	blbdrive - ok
19:26:23.0834 11412	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:26:23.0866 11412	bowser - ok
19:26:23.0881 11412	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:26:23.0897 11412	BrFiltLo - ok
19:26:23.0912 11412	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:26:23.0928 11412	BrFiltUp - ok
19:26:23.0944 11412	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:26:23.0990 11412	Browser - ok
19:26:24.0022 11412	BrSerIb         (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
19:26:24.0053 11412	BrSerIb - ok
19:26:24.0068 11412	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:26:24.0100 11412	Brserid - ok
19:26:24.0115 11412	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:26:24.0146 11412	BrSerWdm - ok
19:26:24.0178 11412	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:26:24.0193 11412	BrUsbMdm - ok
19:26:24.0209 11412	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:26:24.0224 11412	BrUsbSer - ok
19:26:24.0240 11412	BrUsbSIb        (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
19:26:24.0256 11412	BrUsbSIb - ok
19:26:24.0302 11412	BTATH_A2DP      (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
19:26:24.0318 11412	BTATH_A2DP - ok
19:26:24.0349 11412	BTATH_BUS       (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
19:26:24.0349 11412	BTATH_BUS - ok
19:26:24.0396 11412	BTATH_HCRP      (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:26:24.0396 11412	BTATH_HCRP - ok
19:26:24.0427 11412	BTATH_LWFLT     (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:26:24.0443 11412	BTATH_LWFLT - ok
19:26:24.0474 11412	BTATH_RCP       (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
19:26:24.0490 11412	BTATH_RCP - ok
19:26:24.0521 11412	BtFilter        (6a3f70dc8789278baf1165e3da4d2c8e) C:\Windows\system32\DRIVERS\btfilter.sys
19:26:24.0536 11412	BtFilter - ok
19:26:24.0583 11412	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:26:24.0614 11412	BthEnum - ok
19:26:24.0646 11412	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:26:24.0661 11412	BTHMODEM - ok
19:26:24.0677 11412	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:26:24.0692 11412	BthPan - ok
19:26:24.0708 11412	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:26:24.0739 11412	BTHPORT - ok
19:26:24.0786 11412	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:26:24.0817 11412	bthserv - ok
19:26:24.0848 11412	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:26:24.0864 11412	BTHUSB - ok
19:26:24.0895 11412	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:26:24.0942 11412	cdfs - ok
19:26:24.0973 11412	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:26:24.0973 11412	cdrom - ok
19:26:25.0020 11412	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:26:25.0051 11412	CertPropSvc - ok
19:26:25.0114 11412	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:26:25.0129 11412	circlass - ok
19:26:25.0176 11412	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:26:25.0176 11412	CLFS - ok
19:26:25.0223 11412	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:26:25.0223 11412	clr_optimization_v2.0.50727_32 - ok
19:26:25.0254 11412	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:26:25.0254 11412	clr_optimization_v2.0.50727_64 - ok
19:26:25.0301 11412	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:26:25.0301 11412	clr_optimization_v4.0.30319_32 - ok
19:26:25.0348 11412	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:26:25.0348 11412	clr_optimization_v4.0.30319_64 - ok
19:26:25.0379 11412	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:26:25.0394 11412	CmBatt - ok
19:26:25.0410 11412	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:26:25.0410 11412	cmdide - ok
19:26:25.0472 11412	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:26:25.0488 11412	CNG - ok
19:26:25.0566 11412	CodeMeter.exe   (6ec194aade430d774968953e27255d15) C:\Windows\SysWOW64\CodeMeter.exe
19:26:25.0582 11412	CodeMeter.exe ( UnsignedFile.Multi.Generic ) - warning
19:26:25.0582 11412	CodeMeter.exe - detected UnsignedFile.Multi.Generic (1)
19:26:25.0597 11412	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:26:25.0613 11412	Compbatt - ok
19:26:25.0644 11412	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:26:25.0660 11412	CompositeBus - ok
19:26:25.0675 11412	COMSysApp - ok
19:26:25.0691 11412	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:26:25.0706 11412	crcdisk - ok
19:26:25.0738 11412	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:26:25.0769 11412	CryptSvc - ok
19:26:25.0831 11412	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:26:25.0862 11412	CSC - ok
19:26:25.0878 11412	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:26:25.0909 11412	CscService - ok
19:26:25.0972 11412	CtClsFlt        (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:26:26.0003 11412	CtClsFlt - ok
19:26:26.0034 11412	DCDhcpService   (059f2db10fe630a9e6e52bcb2b43374c) C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe
19:26:26.0050 11412	DCDhcpService ( UnsignedFile.Multi.Generic ) - warning
19:26:26.0050 11412	DCDhcpService - detected UnsignedFile.Multi.Generic (1)
19:26:26.0081 11412	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:26:26.0128 11412	DcomLaunch - ok
19:26:26.0143 11412	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:26:26.0174 11412	defragsvc - ok
19:26:26.0206 11412	Dell WMI Service (bc37cf3b9154afa6a269ca6fb1931c0f) C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
19:26:26.0206 11412	Dell WMI Service ( UnsignedFile.Multi.Generic ) - warning
19:26:26.0206 11412	Dell WMI Service - detected UnsignedFile.Multi.Generic (1)
19:26:26.0252 11412	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:26:26.0284 11412	DfsC - ok
19:26:26.0330 11412	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:26:26.0362 11412	Dhcp - ok
19:26:26.0377 11412	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:26:26.0408 11412	discache - ok
19:26:26.0471 11412	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:26:26.0471 11412	Disk - ok
19:26:26.0502 11412	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
19:26:26.0518 11412	dmvsc - ok
19:26:26.0549 11412	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:26:26.0564 11412	Dnscache - ok
19:26:26.0580 11412	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:26:26.0627 11412	dot3svc - ok
19:26:26.0642 11412	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:26:26.0674 11412	DPS - ok
19:26:26.0720 11412	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:26:26.0736 11412	drmkaud - ok
19:26:26.0767 11412	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:26:26.0783 11412	DXGKrnl - ok
19:26:26.0814 11412	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:26:26.0861 11412	EapHost - ok
19:26:26.0939 11412	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:26:27.0001 11412	ebdrv - ok
19:26:27.0032 11412	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:26:27.0064 11412	EFS - ok
19:26:27.0126 11412	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:26:27.0142 11412	ehRecvr - ok
19:26:27.0157 11412	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:26:27.0173 11412	ehSched - ok
19:26:27.0251 11412	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:26:27.0282 11412	elxstor - ok
19:26:27.0298 11412	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:26:27.0313 11412	ErrDev - ok
19:26:27.0344 11412	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:26:27.0376 11412	EventSystem - ok
19:26:27.0422 11412	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:26:27.0454 11412	exfat - ok
19:26:27.0500 11412	FACAP           (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
19:26:27.0500 11412	FACAP - ok
19:26:27.0578 11412	FAService       (69ce05be48cd9fb80b108be872be3a74) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
19:26:27.0610 11412	FAService ( UnsignedFile.Multi.Generic ) - warning
19:26:27.0610 11412	FAService - detected UnsignedFile.Multi.Generic (1)
19:26:27.0641 11412	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:26:27.0672 11412	fastfat - ok
19:26:27.0719 11412	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:26:27.0750 11412	Fax - ok
19:26:27.0781 11412	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:26:27.0797 11412	fdc - ok
19:26:27.0828 11412	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:26:27.0844 11412	fdPHost - ok
19:26:27.0859 11412	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:26:27.0890 11412	FDResPub - ok
19:26:27.0906 11412	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:26:27.0906 11412	FileInfo - ok
19:26:27.0922 11412	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:26:27.0953 11412	Filetrace - ok
19:26:27.0968 11412	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:26:27.0968 11412	flpydisk - ok
19:26:28.0000 11412	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:26:28.0000 11412	FltMgr - ok
19:26:28.0031 11412	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:26:28.0078 11412	FontCache - ok
19:26:28.0109 11412	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:26:28.0124 11412	FontCache3.0.0.0 - ok
19:26:28.0140 11412	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:26:28.0140 11412	FsDepends - ok
19:26:28.0156 11412	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:26:28.0171 11412	Fs_Rec - ok
19:26:28.0202 11412	FTDIBUS         (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
19:26:28.0202 11412	FTDIBUS - ok
19:26:28.0234 11412	FTSER2K         (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
19:26:28.0234 11412	FTSER2K - ok
19:26:28.0249 11412	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:26:28.0265 11412	fvevol - ok
19:26:28.0280 11412	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:26:28.0296 11412	gagp30kx - ok
19:26:28.0312 11412	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:26:28.0343 11412	gpsvc - ok
19:26:28.0421 11412	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:26:28.0421 11412	gupdate - ok
19:26:28.0421 11412	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:26:28.0436 11412	gupdatem - ok
19:26:28.0468 11412	hardlock        (d619ba1712b83d14149850e758b835ad) C:\Windows\system32\drivers\hardlock.sys
19:26:28.0483 11412	hardlock - ok
19:26:28.0499 11412	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:26:28.0530 11412	hcw85cir - ok
19:26:28.0546 11412	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:26:28.0561 11412	HDAudBus - ok
19:26:28.0577 11412	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:26:28.0592 11412	HidBatt - ok
19:26:28.0608 11412	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:26:28.0608 11412	HidBth - ok
19:26:28.0624 11412	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:26:28.0639 11412	HidIr - ok
19:26:28.0655 11412	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:26:28.0686 11412	hidserv - ok
19:26:28.0717 11412	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:26:28.0733 11412	HidUsb - ok
19:26:28.0748 11412	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:26:28.0780 11412	hkmsvc - ok
19:26:28.0795 11412	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:26:28.0826 11412	HomeGroupListener - ok
19:26:28.0842 11412	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:26:28.0873 11412	HomeGroupProvider - ok
19:26:28.0889 11412	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:26:28.0889 11412	HpSAMD - ok
19:26:28.0904 11412	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:26:28.0951 11412	HTTP - ok
19:26:29.0002 11412	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:26:29.0007 11412	hwpolicy - ok
19:26:29.0024 11412	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:26:29.0037 11412	i8042prt - ok
19:26:29.0082 11412	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
19:26:29.0094 11412	iaStor - ok
19:26:29.0119 11412	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:26:29.0129 11412	iaStorV - ok
19:26:29.0177 11412	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:26:29.0192 11412	idsvc - ok
19:26:29.0380 11412	igfx            (58e04d9412f8668863a391232035cbe8) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:26:29.0614 11412	igfx - ok
19:26:29.0645 11412	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:26:29.0645 11412	iirsp - ok
19:26:29.0692 11412	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:26:29.0738 11412	IKEEXT - ok
19:26:29.0770 11412	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
19:26:29.0785 11412	Impcd - ok
19:26:29.0848 11412	IntcAzAudAddService (230836eefce6d6de9947384fc5b3fac0) C:\Windows\system32\drivers\RTKVHD64.sys
19:26:29.0910 11412	IntcAzAudAddService - ok
19:26:29.0941 11412	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:26:29.0941 11412	intelide - ok
19:26:29.0972 11412	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:26:29.0988 11412	intelppm - ok
19:26:30.0019 11412	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:26:30.0050 11412	IPBusEnum - ok
19:26:30.0082 11412	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:30.0097 11412	IpFilterDriver - ok
19:26:30.0128 11412	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:26:30.0160 11412	iphlpsvc - ok
19:26:30.0191 11412	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:26:30.0206 11412	IPMIDRV - ok
19:26:30.0222 11412	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:26:30.0269 11412	IPNAT - ok
19:26:30.0284 11412	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:26:30.0316 11412	IRENUM - ok
19:26:30.0347 11412	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:26:30.0347 11412	isapnp - ok
19:26:30.0378 11412	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:26:30.0378 11412	iScsiPrt - ok
19:26:30.0409 11412	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:26:30.0409 11412	kbdclass - ok
19:26:30.0425 11412	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:26:30.0456 11412	kbdhid - ok
19:26:30.0472 11412	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:26:30.0487 11412	KeyIso - ok
19:26:30.0503 11412	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:26:30.0518 11412	KSecDD - ok
19:26:30.0550 11412	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:26:30.0565 11412	KSecPkg - ok
19:26:30.0581 11412	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:26:30.0612 11412	ksthunk - ok
19:26:30.0628 11412	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:26:30.0659 11412	KtmRm - ok
19:26:30.0690 11412	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:26:30.0737 11412	LanmanServer - ok
19:26:30.0752 11412	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:26:30.0799 11412	LanmanWorkstation - ok
19:26:30.0846 11412	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:26:30.0877 11412	lltdio - ok
19:26:30.0908 11412	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:26:30.0940 11412	lltdsvc - ok
19:26:30.0955 11412	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:26:30.0986 11412	lmhosts - ok
19:26:31.0033 11412	LMS             (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:26:31.0033 11412	LMS - ok
19:26:31.0064 11412	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:26:31.0080 11412	LSI_FC - ok
19:26:31.0096 11412	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:26:31.0096 11412	LSI_SAS - ok
19:26:31.0111 11412	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:26:31.0127 11412	LSI_SAS2 - ok
19:26:31.0142 11412	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:26:31.0158 11412	LSI_SCSI - ok
19:26:31.0174 11412	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:26:31.0220 11412	luafv - ok
19:26:31.0298 11412	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:26:31.0298 11412	MBAMProtector - ok
19:26:31.0330 11412	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:26:31.0345 11412	MBAMService - ok
19:26:31.0376 11412	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:26:31.0392 11412	Mcx2Svc - ok
19:26:31.0408 11412	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:26:31.0408 11412	megasas - ok
19:26:31.0439 11412	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:26:31.0454 11412	MegaSR - ok
19:26:31.0470 11412	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:26:31.0470 11412	MEIx64 - ok
19:26:31.0501 11412	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:26:31.0532 11412	MMCSS - ok
19:26:31.0548 11412	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:26:31.0579 11412	Modem - ok
19:26:31.0610 11412	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:26:31.0626 11412	monitor - ok
19:26:31.0657 11412	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:26:31.0657 11412	mouclass - ok
19:26:31.0688 11412	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:26:31.0704 11412	mouhid - ok
19:26:31.0720 11412	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:26:31.0735 11412	mountmgr - ok
19:26:31.0751 11412	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:26:31.0766 11412	mpio - ok
19:26:31.0782 11412	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:26:31.0813 11412	mpsdrv - ok
19:26:31.0829 11412	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:26:31.0860 11412	MpsSvc - ok
19:26:31.0876 11412	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:26:31.0907 11412	MRxDAV - ok
19:26:31.0938 11412	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:31.0954 11412	mrxsmb - ok
19:26:31.0985 11412	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:32.0000 11412	mrxsmb10 - ok
19:26:32.0047 11412	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:32.0047 11412	mrxsmb20 - ok
19:26:32.0063 11412	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:26:32.0078 11412	msahci - ok
19:26:32.0094 11412	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:26:32.0110 11412	msdsm - ok
19:26:32.0125 11412	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:26:32.0156 11412	MSDTC - ok
19:26:32.0172 11412	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:26:32.0203 11412	Msfs - ok
19:26:32.0234 11412	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:26:32.0266 11412	mshidkmdf - ok
19:26:32.0281 11412	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:26:32.0297 11412	msisadrv - ok
19:26:32.0312 11412	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:26:32.0344 11412	MSiSCSI - ok
19:26:32.0344 11412	msiserver - ok
19:26:32.0375 11412	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:26:32.0406 11412	MSKSSRV - ok
19:26:32.0437 11412	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:32.0468 11412	MSPCLOCK - ok
19:26:32.0484 11412	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:26:32.0515 11412	MSPQM - ok
19:26:32.0531 11412	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:26:32.0546 11412	MsRPC - ok
19:26:32.0562 11412	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:26:32.0562 11412	mssmbios - ok
19:26:32.0609 11412	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:26:32.0624 11412	MSTEE - ok
19:26:32.0656 11412	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:26:32.0671 11412	MTConfig - ok
19:26:32.0687 11412	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:26:32.0687 11412	Mup - ok
19:26:32.0718 11412	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:26:32.0734 11412	napagent - ok
19:26:32.0765 11412	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:26:32.0780 11412	NativeWifiP - ok
19:26:32.0858 11412	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
19:26:32.0874 11412	NDIS - ok
19:26:32.0890 11412	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:26:32.0921 11412	NdisCap - ok
19:26:32.0952 11412	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:32.0968 11412	NdisTapi - ok
19:26:32.0983 11412	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:33.0014 11412	Ndisuio - ok
19:26:33.0030 11412	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:33.0061 11412	NdisWan - ok
19:26:33.0092 11412	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:26:33.0108 11412	NDProxy - ok
19:26:33.0124 11412	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:26:33.0155 11412	NetBIOS - ok
19:26:33.0170 11412	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:26:33.0202 11412	NetBT - ok
19:26:33.0233 11412	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:26:33.0233 11412	Netlogon - ok
19:26:33.0280 11412	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:26:33.0311 11412	Netman - ok
19:26:33.0373 11412	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:33.0389 11412	NetMsmqActivator - ok
19:26:33.0389 11412	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:33.0404 11412	NetPipeActivator - ok
19:26:33.0420 11412	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:26:33.0467 11412	netprofm - ok
19:26:33.0482 11412	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:33.0482 11412	NetTcpActivator - ok
19:26:33.0482 11412	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:33.0498 11412	NetTcpPortSharing - ok
19:26:33.0529 11412	netvsc          (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
19:26:33.0529 11412	netvsc - ok
19:26:33.0560 11412	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:26:33.0560 11412	nfrd960 - ok
19:26:33.0576 11412	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:26:33.0623 11412	NlaSvc - ok
19:26:33.0685 11412	NOBU            (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
19:26:33.0732 11412	NOBU - ok
19:26:33.0748 11412	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:26:33.0779 11412	Npfs - ok
19:26:33.0794 11412	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:26:33.0826 11412	nsi - ok
19:26:33.0857 11412	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:26:33.0872 11412	nsiproxy - ok
19:26:33.0935 11412	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:26:33.0966 11412	Ntfs - ok
19:26:33.0982 11412	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:26:34.0013 11412	Null - ok
19:26:34.0231 11412	nvlddmkm        (f86ce7b4db5e28ace4eda70eeb42f833) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:26:34.0481 11412	nvlddmkm - ok
19:26:34.0528 11412	nvpciflt        (0e2f2e6cb74d9e6016fe081b78c3b360) C:\Windows\system32\DRIVERS\nvpciflt.sys
19:26:34.0528 11412	nvpciflt - ok
19:26:34.0559 11412	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:26:34.0559 11412	nvraid - ok
19:26:34.0590 11412	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:26:34.0590 11412	nvstor - ok
19:26:34.0621 11412	NVSvc           (5648200b4032044c416d96f26cdcce12) C:\Windows\system32\nvvsvc.exe
19:26:34.0637 11412	NVSvc - ok
19:26:34.0699 11412	nvUpdatusService (b9e9c464c8d5dfab922e5e8963d64752) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:26:34.0715 11412	nvUpdatusService - ok
19:26:34.0746 11412	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:26:34.0746 11412	nv_agp - ok
19:26:34.0762 11412	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:26:34.0777 11412	ohci1394 - ok
19:26:34.0808 11412	OSDSvc          (fbe1d971eb64abf4ce37b519307c94f1) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
19:26:34.0824 11412	OSDSvc ( UnsignedFile.Multi.Generic ) - warning
19:26:34.0824 11412	OSDSvc - detected UnsignedFile.Multi.Generic (1)
19:26:34.0855 11412	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:26:34.0855 11412	ose - ok
19:26:34.0980 11412	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:26:35.0027 11412	osppsvc - ok
19:26:35.0058 11412	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:26:35.0074 11412	p2pimsvc - ok
19:26:35.0105 11412	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:26:35.0120 11412	p2psvc - ok
19:26:35.0136 11412	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:26:35.0152 11412	Parport - ok
19:26:35.0183 11412	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:26:35.0183 11412	partmgr - ok
19:26:35.0198 11412	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:26:35.0214 11412	PcaSvc - ok
19:26:35.0261 11412	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:26:35.0261 11412	pci - ok
19:26:35.0323 11412	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:26:35.0323 11412	pciide - ok
19:26:35.0354 11412	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:26:35.0370 11412	pcmcia - ok
19:26:35.0386 11412	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:26:35.0401 11412	pcw - ok
19:26:35.0417 11412	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:26:35.0448 11412	PEAUTH - ok
19:26:35.0495 11412	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:26:35.0542 11412	PeerDistSvc - ok
19:26:35.0573 11412	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:26:35.0588 11412	PerfHost - ok
19:26:35.0620 11412	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:26:35.0682 11412	pla - ok
19:26:35.0729 11412	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:26:35.0744 11412	PlugPlay - ok
19:26:35.0760 11412	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:26:35.0776 11412	PNRPAutoReg - ok
19:26:35.0791 11412	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:26:35.0807 11412	PNRPsvc - ok
19:26:35.0822 11412	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:26:35.0869 11412	PolicyAgent - ok
19:26:35.0900 11412	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:26:35.0932 11412	Power - ok
19:26:35.0978 11412	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:26:36.0010 11412	PptpMiniport - ok
19:26:36.0041 11412	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:26:36.0041 11412	Processor - ok
19:26:36.0072 11412	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:26:36.0088 11412	ProfSvc - ok
19:26:36.0119 11412	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:26:36.0119 11412	ProtectedStorage - ok
19:26:36.0150 11412	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:26:36.0181 11412	Psched - ok
19:26:36.0212 11412	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:26:36.0212 11412	PxHlpa64 - ok
19:26:36.0259 11412	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:26:36.0306 11412	ql2300 - ok
19:26:36.0322 11412	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:26:36.0322 11412	ql40xx - ok
19:26:36.0353 11412	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:26:36.0368 11412	QWAVE - ok
19:26:36.0384 11412	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:26:36.0400 11412	QWAVEdrv - ok
19:26:36.0415 11412	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:26:36.0431 11412	RasAcd - ok
19:26:36.0462 11412	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:26:36.0478 11412	RasAgileVpn - ok
19:26:36.0509 11412	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:26:36.0540 11412	RasAuto - ok
19:26:36.0571 11412	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:26:36.0602 11412	Rasl2tp - ok
19:26:36.0634 11412	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:26:36.0649 11412	RasMan - ok
19:26:36.0665 11412	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:36.0712 11412	RasPppoe - ok
19:26:36.0727 11412	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:26:36.0758 11412	RasSstp - ok
19:26:36.0774 11412	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:26:36.0805 11412	rdbss - ok
19:26:36.0821 11412	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:26:36.0821 11412	rdpbus - ok
19:26:36.0836 11412	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:36.0868 11412	RDPCDD - ok
19:26:36.0883 11412	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:26:36.0914 11412	RDPDR - ok
19:26:36.0914 11412	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:26:36.0961 11412	RDPENCDD - ok
19:26:36.0961 11412	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:26:36.0992 11412	RDPREFMP - ok
19:26:37.0008 11412	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:26:37.0039 11412	RDPWD - ok
19:26:37.0055 11412	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:26:37.0055 11412	rdyboost - ok
19:26:37.0070 11412	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:26:37.0102 11412	RemoteAccess - ok
19:26:37.0133 11412	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:26:37.0164 11412	RemoteRegistry - ok
19:26:37.0195 11412	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:26:37.0211 11412	RFCOMM - ok
19:26:37.0304 11412	RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
19:26:37.0320 11412	RoxMediaDB12OEM - ok
19:26:37.0351 11412	RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
19:26:37.0367 11412	RoxWatch12 - ok
19:26:37.0382 11412	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:26:37.0414 11412	RpcEptMapper - ok
19:26:37.0445 11412	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:26:37.0445 11412	RpcLocator - ok
19:26:37.0460 11412	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:26:37.0492 11412	RpcSs - ok
19:26:37.0507 11412	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:26:37.0523 11412	rspndr - ok
19:26:37.0554 11412	RSUSBVSTOR      (ce0a1d8a59410e698140821e4e69da0d) C:\Windows\system32\Drivers\RtsUVStor.sys
19:26:37.0570 11412	RSUSBVSTOR - ok
19:26:37.0601 11412	RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:26:37.0616 11412	RTL8167 - ok
19:26:37.0632 11412	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:26:37.0648 11412	s3cap - ok
19:26:37.0679 11412	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:26:37.0679 11412	SamSs - ok
19:26:37.0694 11412	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:26:37.0710 11412	sbp2port - ok
19:26:37.0726 11412	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:26:37.0757 11412	SCardSvr - ok
19:26:37.0772 11412	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:26:37.0804 11412	scfilter - ok
19:26:37.0819 11412	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:26:37.0866 11412	Schedule - ok
19:26:37.0897 11412	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:26:37.0928 11412	SCPolicySvc - ok
19:26:37.0944 11412	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:26:37.0960 11412	SDRSVC - ok
19:26:38.0006 11412	SeaPort         (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:26:38.0022 11412	SeaPort - ok
19:26:38.0038 11412	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:26:38.0084 11412	secdrv - ok
19:26:38.0116 11412	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:26:38.0147 11412	seclogon - ok
19:26:38.0162 11412	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:26:38.0209 11412	SENS - ok
19:26:38.0240 11412	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:26:38.0272 11412	SensrSvc - ok
19:26:38.0287 11412	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:26:38.0303 11412	Serenum - ok
19:26:38.0334 11412	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:26:38.0350 11412	Serial - ok
19:26:38.0365 11412	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:26:38.0396 11412	sermouse - ok
19:26:38.0412 11412	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:26:38.0459 11412	SessionEnv - ok
19:26:38.0474 11412	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:26:38.0490 11412	sffdisk - ok
19:26:38.0506 11412	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:26:38.0521 11412	sffp_mmc - ok
19:26:38.0537 11412	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:26:38.0552 11412	sffp_sd - ok
19:26:38.0584 11412	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:26:38.0599 11412	sfloppy - ok
19:26:38.0677 11412	SftService      (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:26:38.0708 11412	SftService - ok
19:26:38.0740 11412	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:26:38.0771 11412	SharedAccess - ok
19:26:38.0802 11412	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:26:38.0818 11412	ShellHWDetection - ok
19:26:38.0849 11412	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:26:38.0864 11412	SiSRaid2 - ok
19:26:38.0880 11412	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:26:38.0896 11412	SiSRaid4 - ok
19:26:38.0911 11412	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:26:38.0958 11412	Smb - ok
19:26:38.0989 11412	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:26:39.0020 11412	SNMPTRAP - ok
19:26:39.0036 11412	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:26:39.0052 11412	spldr - ok
19:26:39.0067 11412	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:26:39.0116 11412	Spooler - ok
19:26:39.0178 11412	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:26:39.0256 11412	sppsvc - ok
19:26:39.0288 11412	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:26:39.0319 11412	sppuinotify - ok
19:26:39.0350 11412	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:26:39.0381 11412	srv - ok
19:26:39.0412 11412	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:26:39.0444 11412	srv2 - ok
19:26:39.0490 11412	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:26:39.0506 11412	srvnet - ok
19:26:39.0537 11412	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:26:39.0584 11412	SSDPSRV - ok
19:26:39.0584 11412	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:26:39.0615 11412	SstpSvc - ok
19:26:39.0631 11412	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:26:39.0646 11412	stexstor - ok
19:26:39.0662 11412	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:26:39.0709 11412	stisvc - ok
19:26:39.0756 11412	stllssvr        (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:26:39.0756 11412	stllssvr - ok
19:26:39.0802 11412	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:26:39.0818 11412	StorSvc - ok
19:26:39.0849 11412	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:26:39.0849 11412	storvsc - ok
19:26:39.0880 11412	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:26:39.0880 11412	swenum - ok
19:26:39.0912 11412	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:26:39.0974 11412	swprv - ok
19:26:39.0990 11412	SynthVid        (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
19:26:40.0005 11412	SynthVid - ok
19:26:40.0052 11412	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:26:40.0114 11412	SysMain - ok
19:26:40.0146 11412	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:26:40.0161 11412	TabletInputService - ok
19:26:40.0192 11412	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:26:40.0239 11412	TapiSrv - ok
19:26:40.0255 11412	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:26:40.0302 11412	TBS - ok
19:26:40.0333 11412	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:26:40.0395 11412	Tcpip - ok
19:26:40.0442 11412	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:26:40.0458 11412	TCPIP6 - ok
19:26:40.0473 11412	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:26:40.0536 11412	tcpipreg - ok
19:26:40.0551 11412	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:26:40.0567 11412	TDPIPE - ok
19:26:40.0598 11412	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:26:40.0614 11412	TDTCP - ok
19:26:40.0645 11412	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:26:40.0692 11412	tdx - ok
19:26:40.0770 11412	TeamViewer6     (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
19:26:40.0801 11412	TeamViewer6 - ok
19:26:40.0832 11412	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:26:40.0832 11412	TermDD - ok
19:26:40.0848 11412	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:26:40.0894 11412	TermService - ok
19:26:40.0894 11412	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:26:40.0910 11412	Themes - ok
19:26:40.0972 11412	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:26:41.0004 11412	THREADORDER - ok
19:26:41.0019 11412	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:26:41.0050 11412	TrkWks - ok
19:26:41.0097 11412	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:26:41.0144 11412	TrustedInstaller - ok
19:26:41.0160 11412	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:41.0191 11412	tssecsrv - ok
19:26:41.0206 11412	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:26:41.0222 11412	TsUsbFlt - ok
19:26:41.0238 11412	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:26:41.0253 11412	TsUsbGD - ok
19:26:41.0284 11412	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:26:41.0316 11412	tunnel - ok
19:26:41.0347 11412	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:26:41.0347 11412	uagp35 - ok
19:26:41.0362 11412	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:26:41.0394 11412	udfs - ok
19:26:41.0425 11412	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:26:41.0456 11412	UI0Detect - ok
19:26:41.0472 11412	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:26:41.0487 11412	uliagpkx - ok
19:26:41.0503 11412	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:26:41.0518 11412	umbus - ok
19:26:41.0550 11412	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:26:41.0565 11412	UmPass - ok
19:26:41.0596 11412	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:26:41.0612 11412	UmRdpService - ok
19:26:41.0690 11412	UNS             (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:26:41.0737 11412	UNS - ok
19:26:41.0752 11412	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:26:41.0784 11412	upnphost - ok
19:26:41.0830 11412	usbccgp         (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:41.0846 11412	usbccgp - ok
19:26:41.0862 11412	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:26:41.0877 11412	usbcir - ok
19:26:41.0893 11412	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:26:41.0908 11412	usbehci - ok
19:26:41.0940 11412	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:26:41.0955 11412	usbhub - ok
19:26:41.0986 11412	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:26:42.0002 11412	usbohci - ok
19:26:42.0033 11412	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:26:42.0064 11412	usbprint - ok
19:26:42.0111 11412	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:26:42.0127 11412	usbscan - ok
19:26:42.0158 11412	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:42.0205 11412	USBSTOR - ok
19:26:42.0220 11412	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:26:42.0236 11412	usbuhci - ok
19:26:42.0267 11412	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:26:42.0314 11412	usbvideo - ok
19:26:42.0330 11412	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:26:42.0376 11412	UxSms - ok
19:26:42.0423 11412	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:26:42.0433 11412	VaultSvc - ok
19:26:42.0456 11412	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:26:42.0463 11412	vdrvroot - ok
19:26:42.0486 11412	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:26:42.0519 11412	vds - ok
19:26:42.0551 11412	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:42.0566 11412	vga - ok
19:26:42.0597 11412	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:26:42.0629 11412	VgaSave - ok
19:26:42.0660 11412	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:26:42.0675 11412	vhdmp - ok
19:26:42.0691 11412	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:26:42.0691 11412	viaide - ok
19:26:42.0722 11412	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:26:42.0738 11412	VMBusHID - ok
19:26:42.0769 11412	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:26:42.0785 11412	volmgr - ok
19:26:42.0800 11412	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:26:42.0816 11412	volmgrx - ok
19:26:42.0831 11412	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:26:42.0831 11412	volsnap - ok
19:26:42.0878 11412	vpcbus          (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
19:26:42.0909 11412	vpcbus - ok
19:26:42.0941 11412	vpcnfltr        (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:26:42.0956 11412	vpcnfltr - ok
19:26:42.0987 11412	vpcusb          (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
19:26:43.0003 11412	vpcusb - ok
19:26:43.0050 11412	vpcvmm          (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
19:26:43.0065 11412	vpcvmm - ok
19:26:43.0097 11412	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:26:43.0112 11412	vsmraid - ok
19:26:43.0143 11412	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:26:43.0206 11412	VSS - ok
19:26:43.0221 11412	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:26:43.0253 11412	vwifibus - ok
19:26:43.0284 11412	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:26:43.0315 11412	vwififlt - ok
19:26:43.0346 11412	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:26:43.0377 11412	vwifimp - ok
19:26:43.0409 11412	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:26:43.0424 11412	W32Time - ok
19:26:43.0455 11412	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:26:43.0471 11412	WacomPen - ok
19:26:43.0487 11412	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:26:43.0549 11412	WANARP - ok
19:26:43.0549 11412	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:26:43.0565 11412	Wanarpv6 - ok
19:26:43.0643 11412	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:26:43.0689 11412	WatAdminSvc - ok
19:26:43.0721 11412	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:26:43.0799 11412	wbengine - ok
19:26:43.0814 11412	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:26:43.0830 11412	WbioSrvc - ok
19:26:43.0845 11412	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:26:43.0877 11412	wcncsvc - ok
19:26:43.0908 11412	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:26:43.0939 11412	WcsPlugInService - ok
19:26:43.0970 11412	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:26:43.0970 11412	Wd - ok
19:26:43.0986 11412	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:26:44.0017 11412	Wdf01000 - ok
19:26:44.0033 11412	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:26:44.0095 11412	WdiServiceHost - ok
19:26:44.0095 11412	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:26:44.0111 11412	WdiSystemHost - ok
19:26:44.0126 11412	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:26:44.0142 11412	WebClient - ok
19:26:44.0173 11412	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:26:44.0204 11412	Wecsvc - ok
19:26:44.0220 11412	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:26:44.0251 11412	wercplsupport - ok
19:26:44.0282 11412	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:26:44.0313 11412	WerSvc - ok
19:26:44.0329 11412	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:26:44.0345 11412	WfpLwf - ok
19:26:44.0376 11412	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:26:44.0391 11412	WimFltr - ok
19:26:44.0407 11412	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:26:44.0407 11412	WIMMount - ok
19:26:44.0407 11412	WinDefend - ok
19:26:44.0407 11412	WinHttpAutoProxySvc - ok
19:26:44.0438 11412	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:26:44.0469 11412	Winmgmt - ok
19:26:44.0501 11412	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:26:44.0563 11412	WinRM - ok
19:26:44.0594 11412	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:26:44.0625 11412	Wlansvc - ok
19:26:44.0672 11412	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:26:44.0688 11412	wlcrasvc - ok
19:26:44.0750 11412	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:26:44.0766 11412	wlidsvc - ok
19:26:44.0797 11412	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:26:44.0828 11412	WmiAcpi - ok
19:26:44.0859 11412	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:26:44.0891 11412	wmiApSrv - ok
19:26:44.0891 11412	WMPNetworkSvc - ok
19:26:44.0922 11412	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:26:44.0937 11412	WPCSvc - ok
19:26:44.0969 11412	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:26:44.0984 11412	WPDBusEnum - ok
19:26:45.0015 11412	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:26:45.0047 11412	ws2ifsl - ok
19:26:45.0047 11412	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:26:45.0078 11412	wscsvc - ok
19:26:45.0078 11412	WSearch - ok
19:26:45.0125 11412	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:26:45.0218 11412	wuauserv - ok
19:26:45.0234 11412	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:26:45.0281 11412	WudfPf - ok
19:26:45.0312 11412	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:26:45.0359 11412	WUDFRd - ok
19:26:45.0374 11412	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:26:45.0390 11412	wudfsvc - ok
19:26:45.0421 11412	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:26:45.0452 11412	WwanSvc - ok
19:26:45.0483 11412	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:26:45.0608 11412	\Device\Harddisk0\DR0 - ok
19:26:45.0608 11412	Boot (0x1200)   (8c5e097f0d37bea435811393ccece869) \Device\Harddisk0\DR0\Partition0
19:26:45.0608 11412	\Device\Harddisk0\DR0\Partition0 - ok
19:26:45.0639 11412	Boot (0x1200)   (f93d40ee86f13730f4f8bd3e6a57f9e8) \Device\Harddisk0\DR0\Partition1
19:26:45.0655 11412	\Device\Harddisk0\DR0\Partition1 - ok
19:26:45.0655 11412	============================================================
19:26:45.0655 11412	Scan finished
19:26:45.0655 11412	============================================================
19:26:45.0655 11172	Detected object count: 6
19:26:45.0655 11172	Actual detected object count: 6
         

Antwort

Themen zu "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?
administrator, anti-malware, appdata, autostart, dateien, dateisystem, eingefangen, erfolgreich, explorer, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, heute, log, löschen, microsoft, minute, professional, quarantäne, registrierung, service, software, speicher, temp, test, version, virus



Ähnliche Themen: "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?


  1. GVU Trojaner! FRST scan schon durchgeführt, wie gehts weiter?
    Log-Analyse und Auswertung - 16.09.2013 (10)
  2. Bundestrojaner 1.13 entfernen ... OTL und EXTRAS schon vorhanden, wie gehts weiter?
    Log-Analyse und Auswertung - 25.11.2012 (4)
  3. Trojaner "System Check" deinstalliert - System sauber?
    Log-Analyse und Auswertung - 11.04.2012 (23)
  4. "System Check" - Virus, wie werde ich ihn wieder los
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (23)
  5. "System Check" auch hier
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (13)
  6. System Check Virus --> komme nicht weiter!
    Log-Analyse und Auswertung - 30.03.2012 (7)
  7. "System Check" eingefangen und lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (15)
  8. System Check - "Windows - Delayed Write Failed", schwarzer Bildschirm, Datenverlust?
    Log-Analyse und Auswertung - 26.03.2012 (12)
  9. Problem mit "System Check" Critical error
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (9)
  10. Trojaner "System Check" - letzte Schritte?
    Log-Analyse und Auswertung - 12.03.2012 (23)
  11. ComboFix-Logfile nach "System Check"-Malware
    Log-Analyse und Auswertung - 03.03.2012 (5)
  12. Infiziert mit "System Check" - System wieder in Ordnung?
    Log-Analyse und Auswertung - 01.03.2012 (24)
  13. Virus "System-Check" hat mich erwischt
    Log-Analyse und Auswertung - 06.02.2012 (11)
  14. System Check Virus eingefangen und ich komme nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (5)
  15. "System Fix" Virus Windows eingefangen - brauche Hilfe
    Log-Analyse und Auswertung - 26.01.2012 (26)
  16. Verspätetes "Xmas-geschenk": 50€-Virus mit Text "System wird aus sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 02.01.2012 (5)
  17. DR/FakePic.gen - Alles abgarbeitet hier jetzt das "defogger_disable" wie gehts weiter?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2010 (6)

Zum Thema "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? - Hallo, hab mir heute den "System-Check" Virus eingefangen, hab hier schon gestöbert und MAM schon durchgeführt. Hier der LOG: Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.19.04 Windows 7 Service - "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?...
Archiv
Du betrachtest: "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.