Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/kazy.62221.5

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.03.2012, 12:27   #1
izz
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Hallo,

Beim heutigen Suchlauf hat Antivir TR/kazy.62221.5 gefunden.
Anschließend in Quarantäne verschoben.
Ist das damit erledigt oder muss ich sonst noch etwas tun?

Zu dieser Form von Kazy konnte ich nirgends Infos finden

Ich nutze Windows Vista
Firefox

weitere Infos:

Vorgestern hatte ich einen als Antivirenprogramm getarnten Trojaner
" My Security Shield".
Habe ich nach Anweisung hier bereinigt und anschließend eine Systemwiederherstellung gemacht. Besteht evtl. ein Zusammenhang?

Meine PC Kenntnisse sind eher niedrig.

Bei der Datensicherung bin ich leider immer etwas nachlässig. Letzte Sicherung auf externer Festplatte ist vom 31.12.2011 und würde ich nur ungern einspielen wegen des damit verbundenen Datenverlustes.

Alt 26.03.2012, 19:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Zitat:
Beim heutigen Suchlauf hat Antivir TR/kazy.62221.5 gefunden.
Anschließend in Quarantäne verschoben.
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.
__________________

__________________

Alt 26.03.2012, 22:12   #3
izz
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



reicht das so?


Beginne mit der Suche in 'C:\' <System>
C:\$Recycle.Bin\S-1-5-21-479931980-3792547719-1618000154-1000\$RCVUJH9.part
--> Object
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4b7142fe-26623af4
[FUND] Ist das Trojanische Pferd TR/Kazy.62221.5

Beginne mit der Desinfektion:
C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4b7142fe-26623af4
[FUND] Ist das Trojanische Pferd TR/Kazy.62221.5
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a6f5b4e.qua' verschoben!


Ende des Suchlaufs: Sonntag, 25. März 2012 12:50
Benötigte Zeit: 1:02:31 Stunde(n)
__________________

Alt 27.03.2012, 11:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.03.2012, 22:37   #5
izz
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



okay - hier erstmal alwarebytes

von heute:
Code:
ATTFilter
 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [Administrator]

29.03.2012 20:04:24
mbam-log-2012-03-29 (20-04-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 369625
Laufzeit: 1 Stunde(n), 41 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

und vom 26.03.

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.21.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [Administrator]

26.03.2012 00:28:54
mbam-log-2012-03-26 (00-28-54).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 8445
Laufzeit: 6 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Alt 30.03.2012, 10:06   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



ESET kommt heute noch oder am WE?

Lass mich bitte auch noch wissen: Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> TR/kazy.62221.5

Alt 31.03.2012, 00:28   #7
izz
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Hallo,

hier nun das Ergebnis von ESET.
Das Programm hat offensichtlich 2 Dinge gefunden.

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a3e76a64e3952645a15a9451922955fc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-30 11:18:49
# local_time=2012-03-31 01:18:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 47516585 47516585 0 0
# compatibility_mode=1792 16777215 100 0 13391670 13391670 0 0
# compatibility_mode=5892 16776573 100 100 12291 170675740 0 0
# compatibility_mode=8192 67108863 100 0 188 188 0 0
# scanned=164483
# found=2
# cleaned=0
# scan_time=6491
C:\$Recycle.Bin\S-1-5-21-479931980-3792547719-1618000154-1000\$RTE9UM4.tmp	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Peter\Downloads\slow-pcfighter_Web.exe	a variant of Win32/SlowPCfighter application (unable to clean)	00000000000000000000000000000000	I
         
Besonderheiten im Startmenü sind mir nicht aufgefallen. Das nutzte ich aber auch selten.

Alt 02.04.2012, 09:09   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.04.2012, 11:50   #9
izz
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Hallo Arne,

hier das Ergebnis von OTL:
1. OTL.txt
2. Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.04.2012 12:28:08 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Peter\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,37 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 76,00% Memory free
6,98 Gb Paging File | 5,89 Gb Available in Paging File | 84,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,04 Gb Total Space | 98,62 Gb Free Space | 67,07% Space Free | Partition Type: NTFS
 
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.02 12:24:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Downloads\OTL.exe
PRC - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010.01.26 15:23:00 | 000,139,776 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.10.27 10:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.12.06 21:29:33 | 000,806,912 | ---- | M] () -- C:\Program Files\Office Mouse\moffice.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.03.27 15:58:06 | 001,744,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2007.03.23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006.11.20 14:12:12 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.12.06 21:29:33 | 000,806,912 | ---- | M] () -- C:\Program Files\Office Mouse\moffice.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.31 10:05:23 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\oxser.sys -- (oxser)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.02.15 23:39:53 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.12.29 09:37:40 | 000,276,968 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.12.30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.26 23:38:00 | 007,629,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.01.24 10:28:00 | 000,080,128 | ---- | M] (OEM) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\oxpar.sys -- (oxpar)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\SearchScopes,DefaultScope = {6DD474FE-CB32-4647-AF8B-D3A71E1B7A95}
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\SearchScopes\{00512B99-D9A0-40D0-A7B7-C7F57A32A3D1}: "URL" = hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\SearchScopes\{38FEA184-ED80-47C9-92A7-00BB9C3A8FC0}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\SearchScopes\{47E87486-21D9-489B-A008-55DE92E81B28}: "URL" = hxxp://suche.freenet.de/suche?query={searchTerms}
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\SearchScopes\{6DD474FE-CB32-4647-AF8B-D3A71E1B7A95}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\SearchScopes\{78655310-3BCF-4B07-87B4-97BF83F735C3}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\SearchScopes\{BC449B15-261E-4BFA-AD45-32F96E1F25EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 00:24:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:54:01 | 000,000,000 | ---D | M]
 
[2009.11.16 23:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions
[2012.01.06 19:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\guerngdh.default\extensions
[2010.05.02 16:45:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\guerngdh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.12 13:29:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\guerngdh.default\extensions\personas@christopher.beard
[2012.01.22 13:02:16 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\guerngdh.default\extensions\toolbar@ask.com
[2012.01.08 13:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUERNGDH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.19 13:29:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.08 13:18:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.08 13:18:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.08 13:18:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 13:18:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.08 13:18:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 13:18:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-479931980-3792547719-1618000154-1000..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - Startup: C:\Users\Alina.Peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu Siemens Computers\LaunchCenter\LaunchCenter.exe (SSA SoftSolutions GmbH)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu Siemens Computers\LaunchCenter\LaunchCenter.exe (SSA SoftSolutions GmbH)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu Siemens Computers\LaunchCenter\LaunchCenter.exe (SSA SoftSolutions GmbH)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09E76841-50A0-4837-994F-748E4B645817}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7B241A4-4E1C-4878-96E6-E1777AD5B0D6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 23:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.22 00:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.22 00:34:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.21 23:51:41 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2012.03.21 23:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.21 23:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.05 01:17:41 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\Nokia
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.02 12:05:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.02 11:51:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 11:51:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 11:39:51 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Peter-Startup.job
[2012.04.02 11:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.02 09:58:36 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.02 09:58:36 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.02 09:58:36 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.02 09:58:36 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.02 09:51:25 | 3623,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.25 13:26:02 | 000,268,762 | ---- | M] () -- C:\Users\Peter\Documents\120325_Kazy.pdf
[2012.03.22 00:34:27 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 23:46:42 | 000,002,032 | ---- | M] () -- C:\Users\Peter\AppData\Local\d3d9caps.dat
[2012.03.14 21:30:23 | 000,374,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.12 23:13:47 | 000,009,216 | ---- | M] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.06 00:51:16 | 000,240,595 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\NMM-MetaData.db
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.31 10:02:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.25 13:26:01 | 000,268,762 | ---- | C] () -- C:\Users\Peter\Documents\120325_Kazy.pdf
[2012.03.22 00:34:27 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.02.11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.09.23 07:46:34 | 000,081,936 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.07.23 22:28:12 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
 
========== LOP Check ==========
 
[2009.07.25 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\Alina.Peter-PC\AppData\Roaming\PC Suite
[2011.10.31 19:44:20 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon
[2009.05.16 12:41:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Datalayer
[2009.06.10 18:53:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Nokia
[2011.02.06 19:51:16 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Nokia Multimedia Player
[2009.06.28 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Opera
[2010.03.27 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PC Suite
[2008.12.07 01:32:26 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ScanSoft
[2009.11.02 19:59:57 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\T-Online
[2012.04.02 01:53:33 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.02 11:39:51 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-Peter-Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.10 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Adobe
[2011.08.18 23:50:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Apple Computer
[2009.03.15 18:59:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ArcSoft
[2011.10.27 23:43:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Avira
[2011.10.31 19:44:20 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon
[2009.05.16 12:41:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Datalayer
[2010.03.27 18:40:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\dvdcss
[2008.12.06 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Identities
[2008.12.07 01:34:57 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Macromedia
[2012.03.21 23:51:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2012.02.27 19:49:23 | 000,000,000 | --SD | M] -- C:\Users\Peter\AppData\Roaming\Microsoft
[2009.11.16 23:52:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mozilla
[2009.06.10 18:53:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Nokia
[2011.02.06 19:51:16 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Nokia Multimedia Player
[2009.06.28 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Opera
[2010.03.27 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PC Suite
[2008.12.07 01:32:26 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ScanSoft
[2009.11.02 19:59:57 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\T-Online
[2011.05.15 23:19:42 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.01.22 13:02:25 | 003,904,680 | ---- | M] (Ask) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\guerngdh.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.10.13 21:25:38 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\drivers\AGP440.sys
[2008.10.13 21:25:38 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.10.13 21:25:38 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.10.13 21:25:39 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.10.13 21:25:39 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007.12.19 23:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Fujitsu Siemens Computers\Driver Pool\16\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2006.12.29 01:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\Fujitsu Siemens Computers\Driver Pool\16\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Fujitsu Siemens Computers\Driver Pool\4\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_649e6da2\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---
[/code]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.04.2012 12:28:08 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Peter\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,37 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 76,00% Memory free
6,98 Gb Paging File | 5,89 Gb Available in Paging File | 84,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,04 Gb Total Space | 98,62 Gb Free Space | 67,07% Space Free | Partition Type: NTFS
 
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-479931980-3792547719-1618000154-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3651585C-D4B3-4B06-B7CF-6973F02B1D5E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{371EA62A-AED0-495C-B486-DC2643A7993A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{499268AD-AC8E-49A3-A0DE-428E08E3F4B2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{709859F0-834C-44F4-AE31-EF1077D73739}" = lport=445 | protocol=6 | dir=in | app=system | 
"{72909F16-FB25-4E0E-986C-36CD5E6665D7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{87DEC6B3-C77D-45E8-8227-7BCF0D45ABA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E9AD80F-9E2F-46F3-A07D-2D896EF1A54E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B9FA3C43-FF6F-47F6-B764-0B14C90724F6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BA788BF7-1988-4817-A997-AD6614B0CFAC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CFFFF3B0-C089-4873-AD9D-017C226DA71F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D1A2909A-3286-4ACD-919A-3B508E27DB70}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A03830D-4C69-40AD-B390-9DB1A9DFCDEE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15D490D5-DD68-47B1-B5B1-5ABB0A1B1A32}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe | 
"{17E6C51D-04AA-4202-ADC4-CADA5CD52C12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{18C54111-32F5-41D6-98A7-2C04E7843A01}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{19BC14DF-93DA-4F9A-88D4-761DE58F00E0}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{44F87130-1275-4DCF-918B-B8CE84337951}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{531C0BFB-5899-466F-A219-96119216D4D0}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{5931CB4C-DE5A-48E9-A0B8-2AE96B897397}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe | 
"{5A7C9C81-DB1F-408B-9DD7-F66C8CD477BD}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{6EAEDBCC-0467-4C7A-85B9-63FF214B942A}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe | 
"{700AECFB-2503-40B3-BE50-D10E55E0D2FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{84616CA9-4AA1-4AC3-8908-95A7544EDC8E}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe | 
"{A19ABDB7-063A-4B2C-AC4A-FBB4473B96B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{ABE9277C-D732-4ADF-B243-27454BF51301}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BA57D621-AE3E-44DD-86BA-D3074A2F6A48}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C5F9068D-14A5-4D74-8FBA-E305D308DD1D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CB395EC6-C7BF-4CA6-8936-E5261CD004E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EB2384F6-97F5-4380-87E5-F36C9036035C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{1F14EF94-2B8C-4E0B-BC45-DA5FB13BA736}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{E2C85268-7928-4FE4-973F-796CC577CB63}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{F20349AC-8298-4FFF-BE39-7F7005267EFC}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{F33734BB-29D5-4B32-9FA4-EDF10322A5A5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1824C6BF-53AE-4FAB-ADD7-AE5859FAF1A0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{75BCB22F-19DC-42EF-84A3-BF1381F63A5C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8EDC9B51-7202-4EFF-BDF3-F924E1E15616}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{A3878434-67E9-4A03-A39B-87325232F9FA}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{253A5909-90F1-4EA6-82DB-1B2786573F22}" = StarMoney 7.0 S-Edition
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 27
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5FAA2C14-A45D-45C7-B432-29BB17662FEE}" = StarMoney 8.0 S-Edition
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office Mouse" = Office Mouse
"PROHYBRIDR" = 2007 Microsoft Office system
"VLC media player" = VLC media player 1.0.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2012 17:46:59 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.04.2012 17:46:59 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4337
 
Error - 01.04.2012 17:46:59 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4337
 
Error - 01.04.2012 17:47:00 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.04.2012 17:47:00 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5351
 
Error - 01.04.2012 17:47:00 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5351
 
Error - 01.04.2012 17:47:01 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.04.2012 17:47:01 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6365
 
Error - 01.04.2012 17:47:01 | Computer Name = Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6365
 
Error - 02.04.2012 03:53:15 | Computer Name = Peter-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 10.12.2010 14:42:24 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4369
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 14.12.2010 14:36:08 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3356
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2010 19:36:16 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18828
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 28.01.2011 20:35:08 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19111
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 29.01.2011 14:33:01 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10323
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
Error - 30.01.2011 17:48:17 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 98106
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 14.02.2011 18:38:01 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11715
 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error - 13.03.2011 12:09:52 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 103191
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error - 22.04.2011 06:56:52 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12906
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 26.05.2011 16:37:31 | Computer Name = Peter-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 8946
 seconds with 720 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.03.2012 13:55:19 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 29.03.2012 14:02:47 | Computer Name = Peter-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.03.2012 13:44:52 | Computer Name = Peter-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.03.2012 13:45:17 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.03.2012 03:53:02 | Computer Name = Peter-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 31.03.2012 03:53:25 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.04.2012 02:40:16 | Computer Name = Peter-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 01.04.2012 02:40:41 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.04.2012 03:52:49 | Computer Name = Peter-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.04.2012 03:53:15 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---
[/code]

Grüße Peter

Alt 02.04.2012, 12:04   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-479931980-3792547719-1618000154-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.04.2012, 12:27   #11
izz
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Code:
ATTFilter
 All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-479931980-3792547719-1618000154-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alina
->Temp folder emptied: 32284 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: Alina.Peter-PC
->Temp folder emptied: 13449019 bytes
->Temporary Internet Files folder emptied: 5118686 bytes
->Java cache emptied: 31536695 bytes
->Flash cache emptied: 4414 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Peter
->Temp folder emptied: 12837387 bytes
->Temporary Internet Files folder emptied: 220650900 bytes
->Java cache emptied: 11258328 bytes
->FireFox cache emptied: 54155197 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 197142 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32149061 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 211738 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes
RecycleBin emptied: 812968851 bytes
 
Total Files Cleaned = 1.139,00 mb
 
 
[EMPTYFLASH]
 
User: Alina
 
User: Alina.Peter-PC
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Peter
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04022012_131845

Files\Folders moved on Reboot...
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\TCJ58ODI\&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=303612727[1] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\TCJ58ODI\4&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=51577014[1] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\TCJ58ODI\4&nugi=ni_food_4&nugi=ni_mdia_4&nugi=ni_sprt_4&nugi=ni_cars_43&nugi=ni_educ_4&nugi=ni_rest_4&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=200303235[1] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4ZW0KHJM\&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=303612727[1] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4ZW0KHJM\4&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=51577014[1] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4ZW0KHJM\4&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=51577014[2] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2YB6S4ID\&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=303612727[1] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2YB6S4ID\4&nugi=ni_food_4&nugi=ni_mdia_4&nugi=ni_sprt_4&nugi=ni_cars_43&nugi=ni_educ_4&nugi=ni_rest_4&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=200303235[1] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\201WUZ0O\&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=303612727[1] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\201WUZ0O\&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=303612727[2] not found!
File\Folder C:\Users\Alina.Peter-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\201WUZ0O\4&nugi=ni_arts_4&nugi=ni_mdia_4&nugi=ni_cars_4&nugi=ni_educ_4&nugi=ni_rest_4&nuga=na_user_432&nugr=nr_bula_7&nugr=nr_area_0&nugr=nr_nielsen_2&TransactionID=51577014[1] not found!

Registry entries deleted on Reboot...
         

Alt 02.04.2012, 12:36   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.04.2012, 13:17   #13
izz
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Hallo Arne,

hier das Ergebnis.
Sollte ich noch etwas anderes tun, wenn das hier fertig ist, z. B. Passwörter ändern oder ähnliches?
Kann ich schon ruhigen Gewissens meine Banking-Software starten?

Grüße
Peter

Code:
ATTFilter
 13:59:55.0477 3440	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:59:55.0928 3440	============================================================
13:59:55.0928 3440	Current date / time: 2012/04/02 13:59:55.0928
13:59:55.0928 3440	SystemInfo:
13:59:55.0928 3440	
13:59:55.0928 3440	OS Version: 6.0.6002 ServicePack: 2.0
13:59:55.0928 3440	Product type: Workstation
13:59:55.0928 3440	ComputerName: PETER-PC
13:59:55.0929 3440	UserName: Peter
13:59:55.0929 3440	Windows directory: C:\Windows
13:59:55.0929 3440	System windows directory: C:\Windows
13:59:55.0929 3440	Processor architecture: Intel x86
13:59:55.0929 3440	Number of processors: 2
13:59:55.0929 3440	Page size: 0x1000
13:59:55.0929 3440	Boot type: Normal boot
13:59:55.0929 3440	============================================================
13:59:58.0265 3440	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:59:58.0266 3440	\Device\Harddisk0\DR0:
13:59:58.0266 3440	MBR used
13:59:58.0266 3440	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x406093, BlocksNum 0x1261361D
13:59:58.0296 3440	Initialize success
13:59:58.0296 3440	============================================================
14:02:00.0507 4592	============================================================
14:02:00.0507 4592	Scan started
14:02:00.0507 4592	Mode: Manual; SigCheck; TDLFS; 
14:02:00.0507 4592	============================================================
14:02:01.0942 4592	AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:02:02.0083 4592	AAV UpdateService - ok
14:02:02.0410 4592	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:02:02.0457 4592	ACPI - ok
14:02:02.0691 4592	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:02:02.0707 4592	AdobeARMservice - ok
14:02:03.0003 4592	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:02:03.0034 4592	AdobeFlashPlayerUpdateSvc - ok
14:02:03.0315 4592	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:02:03.0440 4592	adp94xx - ok
14:02:03.0752 4592	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:02:03.0783 4592	adpahci - ok
14:02:03.0814 4592	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:02:03.0845 4592	adpu160m - ok
14:02:03.0939 4592	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:02:03.0986 4592	adpu320 - ok
14:02:04.0017 4592	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:02:04.0142 4592	AeLookupSvc - ok
14:02:04.0360 4592	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:02:04.0438 4592	AFD - ok
14:02:04.0516 4592	agp440          (2d77788d0b7fe269044f58c86ae099ce) C:\Windows\system32\drivers\agp440.sys
14:02:04.0532 4592	agp440 - ok
14:02:04.0594 4592	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:02:04.0610 4592	aic78xx - ok
14:02:04.0672 4592	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:02:04.0859 4592	ALG - ok
14:02:04.0969 4592	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:02:04.0984 4592	aliide - ok
14:02:05.0015 4592	amdagp          (e91dc02d26dc729833deb59a094ca341) C:\Windows\system32\drivers\amdagp.sys
14:02:05.0047 4592	amdagp - ok
14:02:05.0078 4592	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:02:05.0109 4592	amdide - ok
14:02:05.0359 4592	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:02:05.0452 4592	AmdK7 - ok
14:02:05.0671 4592	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:02:05.0811 4592	AmdK8 - ok
14:02:05.0983 4592	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:02:05.0998 4592	AntiVirSchedulerService - ok
14:02:06.0029 4592	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:02:06.0045 4592	AntiVirService - ok
14:02:06.0092 4592	AntiVirWebService (cc62fdc25725267a702f48c90c5cdf31) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:02:06.0154 4592	AntiVirWebService - ok
14:02:06.0419 4592	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:02:06.0482 4592	Appinfo - ok
14:02:06.0653 4592	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:02:06.0669 4592	Apple Mobile Device - ok
14:02:06.0809 4592	AppMgmt         (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
14:02:06.0872 4592	AppMgmt - ok
14:02:07.0012 4592	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:02:07.0028 4592	arc - ok
14:02:07.0090 4592	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:02:07.0106 4592	arcsas - ok
14:02:07.0153 4592	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:02:07.0199 4592	AsyncMac - ok
14:02:07.0215 4592	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:02:07.0231 4592	atapi - ok
14:02:07.0324 4592	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:02:07.0371 4592	AudioEndpointBuilder - ok
14:02:07.0387 4592	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:02:07.0418 4592	Audiosrv - ok
14:02:07.0605 4592	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
14:02:07.0652 4592	avgntflt - ok
14:02:07.0730 4592	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
14:02:07.0745 4592	avipbb - ok
14:02:07.0761 4592	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
14:02:07.0777 4592	avkmgr - ok
14:02:07.0917 4592	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:02:07.0964 4592	b57nd60x - ok
14:02:08.0089 4592	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:02:08.0151 4592	Beep - ok
14:02:08.0401 4592	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:02:08.0510 4592	BFE - ok
14:02:08.0697 4592	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:02:08.0791 4592	BITS - ok
14:02:08.0900 4592	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:02:08.0962 4592	blbdrive - ok
14:02:09.0056 4592	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:02:09.0087 4592	Bonjour Service - ok
14:02:09.0337 4592	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:02:09.0383 4592	bowser - ok
14:02:09.0446 4592	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:02:09.0508 4592	BrFiltLo - ok
14:02:09.0555 4592	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:02:09.0633 4592	BrFiltUp - ok
14:02:09.0680 4592	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:02:09.0805 4592	Browser - ok
14:02:09.0914 4592	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:02:10.0179 4592	Brserid - ok
14:02:10.0241 4592	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:02:10.0413 4592	BrSerWdm - ok
14:02:10.0444 4592	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:02:10.0522 4592	BrUsbMdm - ok
14:02:10.0569 4592	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:02:10.0663 4592	BrUsbSer - ok
14:02:10.0850 4592	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:02:10.0990 4592	BTHMODEM - ok
14:02:11.0037 4592	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:02:11.0115 4592	cdfs - ok
14:02:11.0240 4592	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:02:11.0302 4592	cdrom - ok
14:02:11.0365 4592	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:02:11.0458 4592	CertPropSvc - ok
14:02:11.0567 4592	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:02:11.0708 4592	circlass - ok
14:02:11.0770 4592	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:02:11.0817 4592	CLFS - ok
14:02:11.0895 4592	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:02:11.0926 4592	clr_optimization_v2.0.50727_32 - ok
14:02:12.0004 4592	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:02:12.0020 4592	clr_optimization_v4.0.30319_32 - ok
14:02:12.0191 4592	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:02:12.0254 4592	cmdide - ok
14:02:12.0285 4592	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:02:12.0316 4592	Compbatt - ok
14:02:12.0363 4592	COMSysApp - ok
14:02:12.0519 4592	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:02:12.0535 4592	crcdisk - ok
14:02:12.0597 4592	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:02:12.0722 4592	Crusoe - ok
14:02:12.0769 4592	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:02:12.0815 4592	CryptSvc - ok
14:02:13.0096 4592	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
14:02:13.0252 4592	CSC - ok
14:02:13.0377 4592	CscService      (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
14:02:13.0424 4592	CscService - ok
14:02:13.0642 4592	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:02:13.0736 4592	DcomLaunch - ok
14:02:13.0970 4592	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:02:14.0032 4592	DfsC - ok
14:02:14.0344 4592	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:02:14.0609 4592	DFSR - ok
14:02:14.0719 4592	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:02:14.0765 4592	Dhcp - ok
14:02:14.0843 4592	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:02:14.0875 4592	disk - ok
14:02:14.0937 4592	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:02:14.0984 4592	Dnscache - ok
14:02:15.0031 4592	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:02:15.0124 4592	dot3svc - ok
14:02:15.0218 4592	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:02:15.0280 4592	DPS - ok
14:02:15.0405 4592	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:02:15.0514 4592	drmkaud - ok
14:02:15.0670 4592	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:02:15.0764 4592	DXGKrnl - ok
14:02:16.0091 4592	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:02:16.0201 4592	E1G60 - ok
14:02:16.0497 4592	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:02:16.0559 4592	EapHost - ok
14:02:16.0778 4592	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:02:16.0825 4592	Ecache - ok
14:02:17.0137 4592	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:02:17.0246 4592	elxstor - ok
14:02:17.0558 4592	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:02:17.0651 4592	EMDMgmt - ok
14:02:17.0823 4592	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:02:17.0901 4592	ErrDev - ok
14:02:18.0041 4592	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:02:18.0119 4592	EventSystem - ok
14:02:18.0197 4592	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:02:18.0244 4592	exfat - ok
14:02:18.0431 4592	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:02:18.0494 4592	fastfat - ok
14:02:18.0837 4592	Fax             (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
14:02:18.0962 4592	Fax - ok
14:02:19.0352 4592	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:02:19.0399 4592	fdc - ok
14:02:19.0555 4592	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:02:19.0601 4592	fdPHost - ok
14:02:19.0664 4592	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:02:19.0726 4592	FDResPub - ok
14:02:19.0851 4592	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:02:19.0913 4592	FileInfo - ok
14:02:20.0241 4592	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:02:20.0288 4592	Filetrace - ok
14:02:20.0459 4592	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:02:20.0522 4592	flpydisk - ok
14:02:20.0569 4592	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:02:20.0615 4592	FltMgr - ok
14:02:20.0756 4592	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:02:20.0834 4592	FontCache - ok
14:02:20.0943 4592	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:02:20.0974 4592	FontCache3.0.0.0 - ok
14:02:21.0115 4592	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:02:21.0239 4592	Fs_Rec - ok
14:02:21.0395 4592	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:02:21.0427 4592	gagp30kx - ok
14:02:21.0489 4592	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:02:21.0551 4592	GEARAspiWDM - ok
14:02:21.0614 4592	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:02:21.0692 4592	gpsvc - ok
14:02:21.0770 4592	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:02:21.0848 4592	HdAudAddService - ok
14:02:21.0941 4592	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:02:22.0004 4592	HDAudBus - ok
14:02:22.0113 4592	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:02:22.0207 4592	HidBth - ok
14:02:22.0269 4592	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:02:22.0363 4592	HidIr - ok
14:02:22.0425 4592	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:02:22.0456 4592	hidserv - ok
14:02:22.0503 4592	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:02:22.0550 4592	HidUsb - ok
14:02:22.0643 4592	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:02:22.0737 4592	hkmsvc - ok
14:02:22.0784 4592	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:02:22.0846 4592	HpCISSs - ok
14:02:23.0221 4592	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:02:23.0330 4592	HTTP - ok
14:02:23.0579 4592	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:02:23.0626 4592	i2omp - ok
14:02:23.0735 4592	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:02:23.0782 4592	i8042prt - ok
14:02:24.0500 4592	ialm            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:02:24.0999 4592	ialm - ok
14:02:25.0249 4592	iaStor          (707c1692214b1c290271067197f075f6) C:\Windows\system32\drivers\iastor.sys
14:02:25.0280 4592	iaStor - ok
14:02:25.0327 4592	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:02:25.0389 4592	iaStorV - ok
14:02:25.0654 4592	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:02:25.0779 4592	idsvc - ok
14:02:26.0809 4592	igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:02:27.0074 4592	igfx - ok
14:02:27.0433 4592	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:02:27.0448 4592	iirsp - ok
14:02:27.0682 4592	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:02:27.0745 4592	IKEEXT - ok
14:02:28.0291 4592	IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
14:02:28.0447 4592	IntcAzAudAddService - ok
14:02:28.0603 4592	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
14:02:28.0634 4592	intelide - ok
14:02:28.0681 4592	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:02:28.0727 4592	intelppm - ok
14:02:28.0946 4592	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:02:29.0008 4592	IPBusEnum - ok
14:02:29.0273 4592	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:02:29.0336 4592	IpFilterDriver - ok
14:02:29.0445 4592	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:02:29.0507 4592	iphlpsvc - ok
14:02:29.0554 4592	IpInIp - ok
14:02:29.0632 4592	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:02:29.0710 4592	IPMIDRV - ok
14:02:29.0960 4592	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:02:30.0053 4592	IPNAT - ok
14:02:30.0194 4592	iPod Service    (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
14:02:30.0256 4592	iPod Service - ok
14:02:30.0568 4592	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:02:30.0615 4592	IRENUM - ok
14:02:30.0896 4592	isapnp          (30bd88a7dde75bca8f2a736d5d62a69d) C:\Windows\system32\drivers\isapnp.sys
14:02:30.0911 4592	isapnp - ok
14:02:31.0130 4592	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:02:31.0161 4592	iScsiPrt - ok
14:02:31.0270 4592	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:02:31.0286 4592	iteatapi - ok
14:02:31.0317 4592	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:02:31.0364 4592	iteraid - ok
14:02:31.0520 4592	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:02:31.0551 4592	kbdclass - ok
14:02:31.0738 4592	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:02:31.0785 4592	kbdhid - ok
14:02:31.0988 4592	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:02:32.0035 4592	KeyIso - ok
14:02:32.0237 4592	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:02:32.0300 4592	KSecDD - ok
14:02:32.0518 4592	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:02:32.0627 4592	KtmRm - ok
14:02:32.0815 4592	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:02:32.0861 4592	LanmanServer - ok
14:02:32.0924 4592	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:02:33.0002 4592	LanmanWorkstation - ok
14:02:33.0220 4592	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:02:33.0314 4592	lltdio - ok
14:02:33.0423 4592	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:02:33.0454 4592	lltdsvc - ok
14:02:33.0501 4592	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:02:33.0563 4592	lmhosts - ok
14:02:33.0657 4592	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:02:33.0673 4592	LSI_FC - ok
14:02:33.0719 4592	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:02:33.0735 4592	LSI_SAS - ok
14:02:33.0813 4592	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:02:33.0829 4592	LSI_SCSI - ok
14:02:33.0860 4592	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:02:33.0891 4592	luafv - ok
14:02:34.0000 4592	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:02:34.0016 4592	megasas - ok
14:02:34.0078 4592	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:02:34.0109 4592	MegaSR - ok
14:02:34.0219 4592	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:02:34.0265 4592	MMCSS - ok
14:02:34.0328 4592	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:02:34.0375 4592	Modem - ok
14:02:34.0437 4592	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:02:34.0484 4592	monitor - ok
14:02:34.0499 4592	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:02:34.0531 4592	mouclass - ok
14:02:34.0577 4592	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:02:34.0624 4592	mouhid - ok
14:02:34.0624 4592	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:02:34.0655 4592	MountMgr - ok
14:02:34.0702 4592	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:02:34.0733 4592	mpio - ok
14:02:34.0796 4592	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:02:34.0827 4592	mpsdrv - ok
14:02:34.0874 4592	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:02:34.0921 4592	MpsSvc - ok
14:02:35.0045 4592	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:02:35.0061 4592	Mraid35x - ok
14:02:35.0108 4592	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:02:35.0170 4592	MRxDAV - ok
14:02:35.0279 4592	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:02:35.0357 4592	mrxsmb - ok
14:02:35.0420 4592	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:02:35.0467 4592	mrxsmb10 - ok
14:02:35.0529 4592	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:02:35.0576 4592	mrxsmb20 - ok
14:02:35.0638 4592	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:02:35.0654 4592	msahci - ok
14:02:35.0685 4592	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:02:35.0716 4592	msdsm - ok
14:02:35.0810 4592	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:02:35.0872 4592	MSDTC - ok
14:02:35.0950 4592	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:02:35.0997 4592	Msfs - ok
14:02:36.0091 4592	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:02:36.0122 4592	msisadrv - ok
14:02:36.0153 4592	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:02:36.0215 4592	MSiSCSI - ok
14:02:36.0325 4592	msiserver - ok
14:02:36.0465 4592	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:02:36.0543 4592	MSKSSRV - ok
14:02:36.0730 4592	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:02:36.0808 4592	MSPCLOCK - ok
14:02:37.0167 4592	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:02:37.0230 4592	MSPQM - ok
14:02:37.0293 4592	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:02:37.0324 4592	MsRPC - ok
14:02:37.0464 4592	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:02:37.0480 4592	mssmbios - ok
14:02:37.0667 4592	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:02:37.0745 4592	MSTEE - ok
14:02:37.0792 4592	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:02:37.0808 4592	Mup - ok
14:02:37.0854 4592	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:02:37.0932 4592	napagent - ok
14:02:38.0088 4592	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:02:38.0135 4592	NativeWifiP - ok
14:02:38.0260 4592	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:02:38.0322 4592	NDIS - ok
14:02:38.0400 4592	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:02:38.0463 4592	NdisTapi - ok
14:02:38.0494 4592	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:02:38.0572 4592	Ndisuio - ok
14:02:38.0775 4592	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:38.0822 4592	NdisWan - ok
14:02:38.0900 4592	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:02:38.0962 4592	NDProxy - ok
14:02:39.0087 4592	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:02:39.0134 4592	NetBIOS - ok
14:02:39.0352 4592	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:02:39.0446 4592	netbt - ok
14:02:39.0648 4592	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:02:39.0680 4592	Netlogon - ok
14:02:39.0836 4592	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:02:39.0898 4592	Netman - ok
14:02:40.0085 4592	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:02:40.0148 4592	netprofm - ok
14:02:40.0350 4592	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:02:40.0382 4592	NetTcpPortSharing - ok
14:02:40.0647 4592	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:02:40.0678 4592	nfrd960 - ok
14:02:40.0928 4592	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:02:40.0974 4592	NlaSvc - ok
14:02:41.0084 4592	nmwcd           (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys
14:02:41.0162 4592	nmwcd - ok
14:02:41.0349 4592	nmwcdc          (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys
14:02:41.0411 4592	nmwcdc - ok
14:02:41.0692 4592	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:02:41.0739 4592	Npfs - ok
14:02:42.0035 4592	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:02:42.0082 4592	nsi - ok
14:02:42.0394 4592	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:02:42.0472 4592	nsiproxy - ok
14:02:42.0566 4592	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:02:42.0690 4592	Ntfs - ok
14:02:42.0893 4592	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:02:42.0971 4592	ntrigdigi - ok
14:02:43.0252 4592	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:02:43.0314 4592	Null - ok
14:02:43.0814 4592	NVENETFD        (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:02:43.0938 4592	NVENETFD - ok
14:02:46.0715 4592	nvlddmkm        (8cc1ba89fcacfd0ff221346dcf8506a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:02:47.0183 4592	nvlddmkm - ok
14:02:47.0495 4592	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:02:47.0542 4592	nvraid - ok
14:02:47.0901 4592	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:02:47.0932 4592	nvstor - ok
14:02:48.0197 4592	nv_agp          (c9df9d48721ae616281496391ebb0b5c) C:\Windows\system32\drivers\nv_agp.sys
14:02:48.0228 4592	nv_agp - ok
14:02:48.0416 4592	NwlnkFlt - ok
14:02:48.0696 4592	NwlnkFwd - ok
14:02:48.0993 4592	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:02:49.0055 4592	odserv - ok
14:02:49.0383 4592	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:02:49.0508 4592	ohci1394 - ok
14:02:49.0632 4592	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:02:49.0679 4592	ose - ok
14:02:49.0773 4592	Oxmfuf - ok
14:02:49.0929 4592	oxpar           (0b2f22e758a459b87a06689a8fedf63e) C:\Windows\system32\drivers\oxpar.sys
14:02:49.0991 4592	oxpar - ok
14:02:50.0069 4592	oxser - ok
14:02:50.0319 4592	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:02:50.0444 4592	p2pimsvc - ok
14:02:50.0506 4592	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:02:50.0553 4592	p2psvc - ok
14:02:50.0880 4592	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
14:02:50.0974 4592	Parport - ok
14:02:51.0177 4592	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:02:51.0224 4592	partmgr - ok
14:02:51.0270 4592	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
14:02:51.0333 4592	Parvdm - ok
14:02:51.0442 4592	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:02:51.0489 4592	PcaSvc - ok
14:02:51.0614 4592	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
14:02:51.0660 4592	pccsmcfd - ok
14:02:51.0754 4592	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:02:51.0785 4592	pci - ok
14:02:51.0879 4592	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:02:51.0910 4592	pciide - ok
14:02:52.0097 4592	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:02:52.0128 4592	pcmcia - ok
14:02:52.0253 4592	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:02:52.0425 4592	PEAUTH - ok
14:02:52.0830 4592	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:02:53.0064 4592	pla - ok
14:02:53.0345 4592	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:02:53.0376 4592	PlugPlay - ok
14:02:53.0548 4592	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:02:53.0595 4592	PNRPAutoReg - ok
14:02:53.0642 4592	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:02:53.0704 4592	PNRPsvc - ok
14:02:53.0829 4592	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:02:53.0876 4592	PolicyAgent - ok
14:02:54.0000 4592	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:02:54.0094 4592	PptpMiniport - ok
14:02:54.0390 4592	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:02:54.0437 4592	Processor - ok
14:02:54.0515 4592	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:02:54.0562 4592	ProfSvc - ok
14:02:54.0609 4592	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:02:54.0624 4592	ProtectedStorage - ok
14:02:54.0734 4592	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:02:54.0780 4592	PSched - ok
14:02:54.0874 4592	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:02:54.0983 4592	ql2300 - ok
14:02:55.0124 4592	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:02:55.0155 4592	ql40xx - ok
14:02:55.0202 4592	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:02:55.0248 4592	QWAVE - ok
14:02:55.0311 4592	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:02:55.0342 4592	QWAVEdrv - ok
14:02:55.0404 4592	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:02:55.0451 4592	RasAcd - ok
14:02:55.0514 4592	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:02:55.0560 4592	RasAuto - ok
14:02:55.0607 4592	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:02:55.0685 4592	Rasl2tp - ok
14:02:55.0763 4592	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:02:55.0826 4592	RasMan - ok
14:02:55.0888 4592	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:02:55.0935 4592	RasPppoe - ok
14:02:56.0013 4592	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:02:56.0044 4592	RasSstp - ok
14:02:56.0106 4592	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:02:56.0169 4592	rdbss - ok
14:02:56.0216 4592	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:02:56.0278 4592	RDPCDD - ok
14:02:56.0372 4592	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
14:02:56.0434 4592	rdpdr - ok
14:02:56.0512 4592	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:02:56.0574 4592	RDPENCDD - ok
14:02:56.0621 4592	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:02:56.0668 4592	RDPWD - ok
14:02:56.0715 4592	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:02:56.0777 4592	RemoteAccess - ok
14:02:56.0871 4592	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:02:56.0918 4592	RemoteRegistry - ok
14:02:56.0964 4592	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:02:57.0011 4592	RpcLocator - ok
14:02:57.0214 4592	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:02:57.0276 4592	RpcSs - ok
14:02:57.0448 4592	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:02:57.0510 4592	rspndr - ok
14:02:57.0620 4592	RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:02:57.0713 4592	RTL8169 - ok
14:02:57.0838 4592	RTLE8023xp      (bc34024636b0b47f6bbf96da525e307a) C:\Windows\system32\DRIVERS\Rtenicxp.sys
14:02:57.0869 4592	RTLE8023xp - ok
14:02:57.0916 4592	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:02:57.0947 4592	SamSs - ok
14:02:58.0134 4592	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:02:58.0197 4592	sbp2port - ok
14:02:58.0415 4592	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:02:58.0462 4592	SCardSvr - ok
14:02:58.0758 4592	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:02:58.0883 4592	Schedule - ok
14:02:59.0070 4592	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:02:59.0102 4592	SCPolicySvc - ok
14:02:59.0320 4592	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:02:59.0398 4592	SDRSVC - ok
14:02:59.0523 4592	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:02:59.0616 4592	secdrv - ok
14:02:59.0882 4592	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:02:59.0944 4592	seclogon - ok
14:03:00.0287 4592	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:03:00.0350 4592	SENS - ok
14:03:00.0818 4592	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:03:00.0880 4592	Serenum - ok
14:03:01.0301 4592	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:03:01.0379 4592	Serial - ok
14:03:01.0722 4592	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:03:01.0769 4592	sermouse - ok
14:03:02.0034 4592	ServiceLayer    (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:03:02.0050 4592	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
14:03:02.0050 4592	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
14:03:02.0518 4592	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:03:02.0596 4592	SessionEnv - ok
14:03:02.0877 4592	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:03:02.0924 4592	sffdisk - ok
14:03:03.0033 4592	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:03:03.0126 4592	sffp_mmc - ok
14:03:03.0282 4592	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:03:03.0329 4592	sffp_sd - ok
14:03:03.0563 4592	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:03:03.0657 4592	sfloppy - ok
14:03:03.0860 4592	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:03:03.0953 4592	SharedAccess - ok
14:03:04.0094 4592	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:03:04.0172 4592	ShellHWDetection - ok
14:03:04.0328 4592	sisagp          (ff0385da6ad8aa85f45571c55e813c43) C:\Windows\system32\drivers\sisagp.sys
14:03:04.0359 4592	sisagp - ok
14:03:04.0437 4592	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:03:04.0468 4592	SiSRaid2 - ok
14:03:04.0499 4592	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:03:04.0515 4592	SiSRaid4 - ok
14:03:05.0139 4592	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:03:05.0388 4592	slsvc - ok
14:03:05.0888 4592	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:03:05.0950 4592	SLUINotify - ok
14:03:06.0231 4592	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:03:06.0309 4592	Smb - ok
14:03:06.0777 4592	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:03:06.0839 4592	SNMPTRAP - ok
14:03:07.0151 4592	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:03:07.0167 4592	spldr - ok
14:03:07.0463 4592	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:03:07.0541 4592	Spooler - ok
14:03:07.0682 4592	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:03:07.0791 4592	srv - ok
14:03:08.0118 4592	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:03:08.0181 4592	srv2 - ok
14:03:08.0306 4592	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:03:08.0352 4592	srvnet - ok
14:03:08.0462 4592	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:03:08.0524 4592	SSDPSRV - ok
14:03:08.0649 4592	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:03:08.0664 4592	ssmdrv - ok
14:03:08.0930 4592	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:03:08.0961 4592	SstpSvc - ok
14:03:09.0054 4592	StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
14:03:09.0086 4592	StarMoney 7.0 OnlineUpdate - ok
14:03:09.0288 4592	StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
14:03:09.0320 4592	StarMoney 8.0 OnlineUpdate - ok
14:03:09.0600 4592	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:03:09.0663 4592	stisvc - ok
14:03:09.0741 4592	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:03:09.0772 4592	swenum - ok
14:03:09.0834 4592	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:03:09.0897 4592	swprv - ok
14:03:09.0959 4592	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:03:09.0975 4592	Symc8xx - ok
14:03:10.0022 4592	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:03:10.0068 4592	Sym_hi - ok
14:03:10.0162 4592	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:03:10.0178 4592	Sym_u3 - ok
14:03:10.0318 4592	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:03:10.0380 4592	SysMain - ok
14:03:10.0490 4592	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:03:10.0521 4592	TabletInputService - ok
14:03:10.0568 4592	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:03:10.0614 4592	TapiSrv - ok
14:03:10.0708 4592	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:03:10.0755 4592	TBS - ok
14:03:10.0864 4592	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:03:10.0989 4592	Tcpip - ok
14:03:11.0098 4592	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:03:11.0145 4592	Tcpip6 - ok
14:03:11.0192 4592	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:03:11.0270 4592	tcpipreg - ok
14:03:11.0441 4592	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:03:11.0504 4592	TDPIPE - ok
14:03:11.0566 4592	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:03:11.0628 4592	TDTCP - ok
14:03:11.0769 4592	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:03:11.0831 4592	tdx - ok
14:03:11.0909 4592	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:03:11.0972 4592	TermDD - ok
14:03:12.0112 4592	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:03:12.0190 4592	TermService - ok
14:03:12.0268 4592	TestHandler     (76468df7a7a92413a57c998de5c39290) C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
14:03:12.0284 4592	TestHandler - ok
14:03:12.0627 4592	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:03:12.0658 4592	Themes - ok
14:03:12.0986 4592	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:03:13.0017 4592	THREADORDER - ok
14:03:13.0204 4592	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:03:13.0251 4592	TrkWks - ok
14:03:13.0313 4592	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:03:13.0360 4592	TrustedInstaller - ok
14:03:13.0516 4592	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:03:13.0578 4592	tssecsrv - ok
14:03:13.0859 4592	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:03:13.0890 4592	tunmp - ok
14:03:14.0015 4592	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:03:14.0062 4592	tunnel - ok
14:03:14.0124 4592	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:03:14.0171 4592	uagp35 - ok
14:03:14.0234 4592	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:03:14.0327 4592	udfs - ok
14:03:14.0358 4592	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:03:14.0436 4592	UI0Detect - ok
14:03:14.0702 4592	uliagpkx        (6ff5ebc382441e8c8555750c17e17152) C:\Windows\system32\drivers\uliagpkx.sys
14:03:14.0733 4592	uliagpkx - ok
14:03:14.0795 4592	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:03:14.0826 4592	uliahci - ok
14:03:15.0107 4592	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:03:15.0138 4592	UlSata - ok
14:03:15.0279 4592	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:03:15.0326 4592	ulsata2 - ok
14:03:15.0435 4592	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:03:15.0482 4592	umbus - ok
14:03:15.0528 4592	UmRdpService    (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
14:03:15.0606 4592	UmRdpService - ok
14:03:15.0684 4592	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:03:15.0747 4592	upnphost - ok
14:03:15.0887 4592	upperdev        (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
14:03:15.0934 4592	upperdev - ok
14:03:15.0965 4592	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:03:16.0074 4592	usbccgp - ok
14:03:16.0215 4592	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:03:16.0340 4592	usbcir - ok
14:03:16.0480 4592	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:03:16.0527 4592	usbehci - ok
14:03:16.0558 4592	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:03:16.0620 4592	usbhub - ok
14:03:16.0932 4592	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:03:16.0979 4592	usbohci - ok
14:03:17.0042 4592	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:03:17.0104 4592	usbprint - ok
14:03:17.0244 4592	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:03:17.0291 4592	usbscan - ok
14:03:17.0400 4592	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
14:03:17.0478 4592	usbser - ok
14:03:17.0806 4592	UsbserFilt      (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
14:03:17.0837 4592	UsbserFilt - ok
14:03:17.0915 4592	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:03:17.0962 4592	USBSTOR - ok
14:03:17.0993 4592	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:03:18.0040 4592	usbuhci - ok
14:03:18.0134 4592	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:03:18.0180 4592	UxSms - ok
14:03:18.0243 4592	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:03:18.0305 4592	vds - ok
14:03:18.0383 4592	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:03:18.0446 4592	vga - ok
14:03:18.0492 4592	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:03:18.0586 4592	VgaSave - ok
14:03:18.0695 4592	viaagp          (d3314d5db878f62c6b51595f5ad902d9) C:\Windows\system32\drivers\viaagp.sys
14:03:18.0726 4592	viaagp - ok
14:03:18.0773 4592	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:03:18.0820 4592	ViaC7 - ok
14:03:18.0836 4592	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:03:18.0867 4592	viaide - ok
14:03:18.0898 4592	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:03:18.0929 4592	volmgr - ok
14:03:19.0023 4592	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:03:19.0070 4592	volmgrx - ok
14:03:19.0132 4592	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:03:19.0179 4592	volsnap - ok
14:03:19.0226 4592	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:03:19.0257 4592	vsmraid - ok
14:03:19.0335 4592	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:03:19.0428 4592	VSS - ok
14:03:19.0475 4592	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:03:19.0538 4592	W32Time - ok
14:03:19.0647 4592	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:03:19.0725 4592	WacomPen - ok
14:03:19.0772 4592	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:03:19.0818 4592	Wanarp - ok
14:03:19.0834 4592	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:03:19.0865 4592	Wanarpv6 - ok
14:03:19.0974 4592	wbengine        (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
14:03:20.0115 4592	wbengine - ok
14:03:20.0193 4592	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:03:20.0271 4592	wcncsvc - ok
14:03:20.0333 4592	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:03:20.0411 4592	WcsPlugInService - ok
14:03:20.0630 4592	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:03:20.0661 4592	Wd - ok
14:03:20.0957 4592	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:03:21.0020 4592	Wdf01000 - ok
14:03:21.0222 4592	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:03:21.0269 4592	WdiServiceHost - ok
14:03:21.0269 4592	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:03:21.0316 4592	WdiSystemHost - ok
14:03:21.0519 4592	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:03:21.0566 4592	WebClient - ok
14:03:21.0644 4592	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:03:21.0722 4592	Wecsvc - ok
14:03:21.0831 4592	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:03:21.0878 4592	wercplsupport - ok
14:03:21.0956 4592	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:03:22.0049 4592	WerSvc - ok
14:03:22.0174 4592	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:03:22.0190 4592	WinDefend - ok
14:03:22.0205 4592	WinHttpAutoProxySvc - ok
14:03:22.0455 4592	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:03:22.0486 4592	Winmgmt - ok
14:03:22.0673 4592	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:03:22.0767 4592	WinRM - ok
14:03:23.0001 4592	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:03:23.0141 4592	Wlansvc - ok
14:03:23.0328 4592	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:03:23.0391 4592	WmiAcpi - ok
14:03:23.0516 4592	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:03:23.0547 4592	wmiApSrv - ok
14:03:23.0656 4592	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:03:23.0812 4592	WMPNetworkSvc - ok
14:03:23.0890 4592	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:03:24.0030 4592	WPDBusEnum - ok
14:03:24.0576 4592	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:03:24.0701 4592	WPFFontCache_v0400 - ok
14:03:24.0873 4592	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:03:24.0935 4592	ws2ifsl - ok
14:03:25.0154 4592	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:03:25.0185 4592	wscsvc - ok
14:03:25.0216 4592	WSearch - ok
14:03:25.0388 4592	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:03:25.0497 4592	wuauserv - ok
14:03:25.0746 4592	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:03:25.0824 4592	WUDFRd - ok
14:03:25.0996 4592	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:03:26.0043 4592	wudfsvc - ok
14:03:26.0090 4592	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:03:26.0495 4592	\Device\Harddisk0\DR0 - ok
14:03:26.0511 4592	Boot (0x1200)   (bdc45d8d005a8a711f3b73a40a3ae8d2) \Device\Harddisk0\DR0\Partition0
14:03:26.0511 4592	\Device\Harddisk0\DR0\Partition0 - ok
14:03:26.0511 4592	============================================================
14:03:26.0511 4592	Scan finished
14:03:26.0511 4592	============================================================
14:03:26.0542 4552	Detected object count: 1
14:03:26.0542 4552	Actual detected object count: 1
14:03:50.0394 4552	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:50.0394 4552	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:04:39.0069 5936	============================================================
14:04:39.0069 5936	Scan started
14:04:39.0069 5936	Mode: Manual; SigCheck; TDLFS; 
14:04:39.0069 5936	============================================================
14:04:40.0567 5936	AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:04:40.0598 5936	AAV UpdateService - ok
14:04:41.0175 5936	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:04:41.0207 5936	ACPI - ok
14:04:41.0409 5936	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:04:41.0409 5936	AdobeARMservice - ok
14:04:42.0143 5936	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:04:42.0158 5936	AdobeFlashPlayerUpdateSvc - ok
14:04:42.0642 5936	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:04:42.0720 5936	adp94xx - ok
14:04:43.0313 5936	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:04:43.0344 5936	adpahci - ok
14:04:43.0734 5936	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:04:43.0749 5936	adpu160m - ok
14:04:44.0545 5936	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:04:44.0576 5936	adpu320 - ok
14:04:44.0904 5936	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:04:44.0935 5936	AeLookupSvc - ok
14:04:45.0559 5936	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:04:45.0590 5936	AFD - ok
14:04:46.0167 5936	agp440          (2d77788d0b7fe269044f58c86ae099ce) C:\Windows\system32\drivers\agp440.sys
14:04:46.0183 5936	agp440 - ok
14:04:46.0526 5936	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:04:46.0542 5936	aic78xx - ok
14:04:47.0509 5936	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:04:47.0540 5936	ALG - ok
14:04:48.0570 5936	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:04:48.0585 5936	aliide - ok
14:04:49.0553 5936	amdagp          (e91dc02d26dc729833deb59a094ca341) C:\Windows\system32\drivers\amdagp.sys
14:04:49.0568 5936	amdagp - ok
14:04:50.0582 5936	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:04:50.0598 5936	amdide - ok
14:04:51.0175 5936	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:04:51.0222 5936	AmdK7 - ok
14:04:51.0378 5936	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:04:51.0425 5936	AmdK8 - ok
14:04:51.0612 5936	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:04:51.0627 5936	AntiVirSchedulerService - ok
14:04:51.0939 5936	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:04:51.0955 5936	AntiVirService - ok
14:04:52.0610 5936	AntiVirWebService (cc62fdc25725267a702f48c90c5cdf31) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:04:52.0626 5936	AntiVirWebService - ok
14:04:52.0985 5936	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:04:53.0016 5936	Appinfo - ok
14:04:53.0187 5936	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:04:53.0203 5936	Apple Mobile Device - ok
14:04:53.0453 5936	AppMgmt         (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
14:04:53.0468 5936	AppMgmt - ok
14:04:53.0624 5936	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:04:53.0640 5936	arc - ok
14:04:53.0827 5936	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:04:53.0858 5936	arcsas - ok
14:04:54.0498 5936	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:04:54.0545 5936	AsyncMac - ok
14:04:54.0716 5936	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:04:54.0732 5936	atapi - ok
14:04:55.0559 5936	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:04:55.0590 5936	AudioEndpointBuilder - ok
14:04:55.0637 5936	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:04:55.0683 5936	Audiosrv - ok
14:04:56.0495 5936	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
14:04:56.0510 5936	avgntflt - ok
14:04:56.0713 5936	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
14:04:56.0729 5936	avipbb - ok
14:04:57.0493 5936	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
14:04:57.0509 5936	avkmgr - ok
14:04:57.0758 5936	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:04:57.0789 5936	b57nd60x - ok
14:04:58.0523 5936	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:04:58.0569 5936	Beep - ok
14:04:59.0053 5936	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:04:59.0115 5936	BFE - ok
14:04:59.0708 5936	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:04:59.0755 5936	BITS - ok
14:05:00.0285 5936	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:05:00.0332 5936	blbdrive - ok
14:05:00.0738 5936	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:05:00.0753 5936	Bonjour Service - ok
14:05:01.0268 5936	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:05:01.0284 5936	bowser - ok
14:05:01.0424 5936	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:05:01.0455 5936	BrFiltLo - ok
14:05:01.0627 5936	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:05:01.0658 5936	BrFiltUp - ok
14:05:01.0892 5936	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:05:01.0970 5936	Browser - ok
14:05:02.0360 5936	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:05:02.0423 5936	Brserid - ok
14:05:02.0937 5936	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:05:03.0000 5936	BrSerWdm - ok
14:05:03.0639 5936	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:05:03.0717 5936	BrUsbMdm - ok
14:05:04.0388 5936	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:05:04.0451 5936	BrUsbSer - ok
14:05:04.0809 5936	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:05:04.0872 5936	BTHMODEM - ok
14:05:05.0730 5936	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:05:05.0761 5936	cdfs - ok
14:05:06.0354 5936	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:05:06.0401 5936	cdrom - ok
14:05:06.0681 5936	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:05:06.0713 5936	CertPropSvc - ok
14:05:06.0978 5936	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:05:07.0025 5936	circlass - ok
14:05:07.0477 5936	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:05:07.0508 5936	CLFS - ok
14:05:07.0789 5936	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:05:07.0805 5936	clr_optimization_v2.0.50727_32 - ok
14:05:08.0163 5936	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:05:08.0195 5936	clr_optimization_v4.0.30319_32 - ok
14:05:08.0725 5936	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:05:08.0741 5936	cmdide - ok
14:05:09.0411 5936	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:05:09.0427 5936	Compbatt - ok
14:05:09.0864 5936	COMSysApp - ok
14:05:10.0067 5936	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:05:10.0082 5936	crcdisk - ok
14:05:10.0862 5936	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:05:10.0909 5936	Crusoe - ok
14:05:11.0517 5936	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:05:11.0549 5936	CryptSvc - ok
14:05:12.0095 5936	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
14:05:12.0141 5936	CSC - ok
14:05:12.0719 5936	CscService      (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
14:05:12.0781 5936	CscService - ok
14:05:13.0093 5936	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:05:13.0155 5936	DcomLaunch - ok
14:05:13.0389 5936	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:05:13.0405 5936	DfsC - ok
14:05:13.0982 5936	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:05:14.0045 5936	DFSR - ok
14:05:14.0762 5936	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:05:14.0793 5936	Dhcp - ok
14:05:15.0121 5936	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:05:15.0137 5936	disk - ok
14:05:15.0761 5936	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:05:15.0792 5936	Dnscache - ok
14:05:16.0010 5936	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:05:16.0041 5936	dot3svc - ok
14:05:16.0260 5936	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:05:16.0307 5936	DPS - ok
14:05:16.0962 5936	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:05:16.0993 5936	drmkaud - ok
14:05:17.0773 5936	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:05:17.0851 5936	DXGKrnl - ok
14:05:18.0350 5936	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:05:18.0381 5936	E1G60 - ok
14:05:18.0912 5936	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:05:18.0943 5936	EapHost - ok
14:05:19.0395 5936	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:05:19.0411 5936	Ecache - ok
14:05:20.0113 5936	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:05:20.0144 5936	elxstor - ok
14:05:20.0831 5936	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:05:20.0862 5936	EMDMgmt - ok
14:05:21.0080 5936	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:05:21.0111 5936	ErrDev - ok
14:05:21.0798 5936	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:05:21.0829 5936	EventSystem - ok
14:05:22.0110 5936	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:05:22.0125 5936	exfat - ok
14:05:22.0874 5936	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:05:22.0921 5936	fastfat - ok
14:05:23.0233 5936	Fax             (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
14:05:23.0311 5936	Fax - ok
14:05:23.0405 5936	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:05:23.0451 5936	fdc - ok
14:05:23.0670 5936	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:05:23.0717 5936	fdPHost - ok
14:05:23.0748 5936	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:05:23.0826 5936	FDResPub - ok
14:05:24.0029 5936	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:05:24.0044 5936	FileInfo - ok
14:05:24.0122 5936	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:05:24.0169 5936	Filetrace - ok
14:05:24.0372 5936	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:05:24.0419 5936	flpydisk - ok
14:05:24.0715 5936	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:05:24.0731 5936	FltMgr - ok
14:05:25.0058 5936	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:05:25.0105 5936	FontCache - ok
14:05:25.0511 5936	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:05:25.0526 5936	FontCache3.0.0.0 - ok
14:05:26.0041 5936	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:05:26.0072 5936	Fs_Rec - ok
14:05:26.0556 5936	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:05:26.0571 5936	gagp30kx - ok
14:05:26.0868 5936	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:05:26.0883 5936	GEARAspiWDM - ok
14:05:27.0133 5936	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:05:27.0211 5936	gpsvc - ok
14:05:27.0960 5936	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:05:27.0975 5936	HdAudAddService - ok
14:05:28.0568 5936	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:05:28.0631 5936	HDAudBus - ok
14:05:29.0177 5936	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:05:29.0239 5936	HidBth - ok
14:05:29.0988 5936	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:05:30.0066 5936	HidIr - ok
14:05:30.0534 5936	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:05:30.0549 5936	hidserv - ok
14:05:31.0220 5936	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:05:31.0251 5936	HidUsb - ok
14:05:31.0969 5936	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:05:32.0016 5936	hkmsvc - ok
14:05:32.0406 5936	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:05:32.0421 5936	HpCISSs - ok
14:05:33.0061 5936	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:05:33.0092 5936	HTTP - ok
14:05:33.0794 5936	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:05:33.0810 5936	i2omp - ok
14:05:34.0169 5936	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:05:34.0215 5936	i8042prt - ok
14:05:35.0292 5936	ialm            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:05:35.0651 5936	ialm - ok
14:05:36.0290 5936	iaStor          (707c1692214b1c290271067197f075f6) C:\Windows\system32\drivers\iastor.sys
14:05:36.0321 5936	iaStor - ok
14:05:37.0055 5936	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:05:37.0070 5936	iaStorV - ok
14:05:37.0663 5936	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:05:37.0710 5936	idsvc - ok
14:05:39.0738 5936	igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:05:40.0034 5936	igfx - ok
14:05:40.0487 5936	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:05:40.0502 5936	iirsp - ok
14:05:41.0126 5936	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:05:41.0173 5936	IKEEXT - ok
14:05:42.0187 5936	IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
14:05:42.0265 5936	IntcAzAudAddService - ok
14:05:43.0076 5936	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
14:05:43.0092 5936	intelide - ok
14:05:43.0295 5936	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:05:43.0341 5936	intelppm - ok
14:05:43.0919 5936	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:05:43.0965 5936	IPBusEnum - ok
14:05:44.0324 5936	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:05:44.0371 5936	IpFilterDriver - ok
14:05:44.0558 5936	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:05:44.0574 5936	iphlpsvc - ok
14:05:44.0886 5936	IpInIp - ok
14:05:45.0213 5936	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:05:45.0260 5936	IPMIDRV - ok
14:05:45.0463 5936	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:05:45.0510 5936	IPNAT - ok
14:05:46.0134 5936	iPod Service    (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
14:05:46.0181 5936	iPod Service - ok
14:05:46.0571 5936	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:05:46.0602 5936	IRENUM - ok
14:05:47.0148 5936	isapnp          (30bd88a7dde75bca8f2a736d5d62a69d) C:\Windows\system32\drivers\isapnp.sys
14:05:47.0163 5936	isapnp - ok
14:05:47.0366 5936	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:05:47.0382 5936	iScsiPrt - ok
14:05:47.0865 5936	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:05:47.0881 5936	iteatapi - ok
14:05:48.0489 5936	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:05:48.0505 5936	iteraid - ok
14:05:49.0098 5936	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:05:49.0113 5936	kbdclass - ok
14:05:49.0379 5936	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:05:49.0410 5936	kbdhid - ok
14:05:49.0925 5936	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:05:49.0940 5936	KeyIso - ok
14:05:50.0439 5936	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:05:50.0486 5936	KSecDD - ok
14:05:51.0110 5936	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:05:51.0188 5936	KtmRm - ok
14:05:51.0344 5936	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:05:51.0375 5936	LanmanServer - ok
14:05:51.0438 5936	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:05:51.0469 5936	LanmanWorkstation - ok
14:05:52.0015 5936	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:05:52.0062 5936	lltdio - ok
14:05:52.0421 5936	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:05:52.0467 5936	lltdsvc - ok
14:05:52.0951 5936	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:05:53.0013 5936	lmhosts - ok
14:05:53.0544 5936	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:05:53.0559 5936	LSI_FC - ok
14:05:54.0168 5936	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:05:54.0183 5936	LSI_SAS - ok
14:05:54.0355 5936	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:05:54.0371 5936	LSI_SCSI - ok
14:05:54.0433 5936	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:05:54.0480 5936	luafv - ok
14:05:54.0698 5936	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:05:54.0714 5936	megasas - ok
14:05:55.0026 5936	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:05:55.0088 5936	MegaSR - ok
14:05:55.0260 5936	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:05:55.0307 5936	MMCSS - ok
14:05:55.0525 5936	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:05:55.0572 5936	Modem - ok
14:05:55.0884 5936	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:05:55.0931 5936	monitor - ok
14:05:56.0321 5936	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:05:56.0336 5936	mouclass - ok
14:05:56.0477 5936	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:05:56.0523 5936	mouhid - ok
14:05:56.0913 5936	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:05:56.0929 5936	MountMgr - ok
14:05:57.0350 5936	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:05:57.0381 5936	mpio - ok
14:05:57.0475 5936	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:05:57.0506 5936	mpsdrv - ok
14:05:58.0068 5936	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:05:58.0115 5936	MpsSvc - ok
14:05:58.0598 5936	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:05:58.0614 5936	Mraid35x - ok
14:05:59.0160 5936	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:05:59.0175 5936	MRxDAV - ok
14:05:59.0425 5936	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:05:59.0441 5936	mrxsmb - ok
14:05:59.0643 5936	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:05:59.0659 5936	mrxsmb10 - ok
14:06:00.0049 5936	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:06:00.0065 5936	mrxsmb20 - ok
14:06:00.0299 5936	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:06:00.0314 5936	msahci - ok
14:06:00.0626 5936	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:06:00.0657 5936	msdsm - ok
14:06:01.0266 5936	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:06:01.0313 5936	MSDTC - ok
14:06:01.0781 5936	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:06:01.0827 5936	Msfs - ok
14:06:02.0529 5936	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:06:02.0545 5936	msisadrv - ok
14:06:03.0153 5936	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:06:03.0185 5936	MSiSCSI - ok
14:06:03.0559 5936	msiserver - ok
14:06:03.0918 5936	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:06:03.0949 5936	MSKSSRV - ok
14:06:04.0620 5936	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:06:04.0667 5936	MSPCLOCK - ok
14:06:05.0337 5936	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:06:05.0384 5936	MSPQM - ok
14:06:05.0821 5936	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:06:05.0837 5936	MsRPC - ok
14:06:06.0507 5936	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:06:06.0523 5936	mssmbios - ok
14:06:06.0819 5936	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:06:06.0866 5936	MSTEE - ok
14:06:07.0631 5936	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:06:07.0646 5936	Mup - ok
14:06:08.0301 5936	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:06:08.0348 5936	napagent - ok
14:06:08.0613 5936	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:06:08.0645 5936	NativeWifiP - ok
14:06:09.0549 5936	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:06:09.0581 5936	NDIS - ok
14:06:10.0158 5936	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:06:10.0189 5936	NdisTapi - ok
14:06:10.0719 5936	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:06:10.0766 5936	Ndisuio - ok
14:06:11.0546 5936	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:06:11.0577 5936	NdisWan - ok
14:06:12.0014 5936	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:06:12.0045 5936	NDProxy - ok
14:06:12.0654 5936	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:06:12.0701 5936	NetBIOS - ok
14:06:13.0153 5936	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:06:13.0184 5936	netbt - ok
14:06:13.0621 5936	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:06:13.0637 5936	Netlogon - ok
14:06:14.0463 5936	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:06:14.0510 5936	Netman - ok
14:06:14.0760 5936	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:06:14.0807 5936	netprofm - ok
14:06:15.0337 5936	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:06:15.0353 5936	NetTcpPortSharing - ok
14:06:15.0727 5936	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:06:15.0743 5936	nfrd960 - ok
14:06:15.0977 5936	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:06:16.0039 5936	NlaSvc - ok
14:06:16.0507 5936	nmwcd           (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys
14:06:16.0554 5936	nmwcd - ok
14:06:16.0866 5936	nmwcdc          (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys
14:06:16.0897 5936	nmwcdc - ok
14:06:17.0630 5936	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:06:17.0661 5936	Npfs - ok
14:06:17.0802 5936	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:06:17.0849 5936	nsi - ok
14:06:18.0207 5936	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:06:18.0254 5936	nsiproxy - ok
14:06:18.0800 5936	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:06:18.0847 5936	Ntfs - ok
14:06:19.0596 5936	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:06:19.0674 5936	ntrigdigi - ok
14:06:19.0970 5936	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:06:20.0017 5936	Null - ok
14:06:20.0813 5936	NVENETFD        (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:06:20.0859 5936	NVENETFD - ok
14:06:21.0905 5936	nvlddmkm        (8cc1ba89fcacfd0ff221346dcf8506a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:06:22.0139 5936	nvlddmkm - ok
14:06:22.0716 5936	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:06:22.0731 5936	nvraid - ok
14:06:23.0293 5936	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:06:23.0309 5936	nvstor - ok
14:06:23.0792 5936	nv_agp          (c9df9d48721ae616281496391ebb0b5c) C:\Windows\system32\drivers\nv_agp.sys
14:06:23.0808 5936	nv_agp - ok
14:06:23.0870 5936	NwlnkFlt - ok
14:06:24.0276 5936	NwlnkFwd - ok
14:06:24.0759 5936	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:06:24.0791 5936	odserv - ok
14:06:25.0337 5936	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:06:25.0399 5936	ohci1394 - ok
14:06:25.0727 5936	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:06:25.0742 5936	ose - ok
14:06:25.0914 5936	Oxmfuf - ok
14:06:26.0148 5936	oxpar           (0b2f22e758a459b87a06689a8fedf63e) C:\Windows\system32\drivers\oxpar.sys
         

Alt 02.04.2012, 13:18   #14
izz
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Teil 2:

Code:
ATTFilter
 

14:06:26.0163 5936	oxpar - ok
14:06:26.0366 5936	oxser - ok
14:06:26.0585 5936	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:06:26.0647 5936	p2pimsvc - ok
14:06:26.0678 5936	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:06:26.0725 5936	p2psvc - ok
14:06:26.0975 5936	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
14:06:27.0006 5936	Parport - ok
14:06:27.0458 5936	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:06:27.0474 5936	partmgr - ok
14:06:27.0926 5936	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
14:06:27.0957 5936	Parvdm - ok
14:06:28.0519 5936	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:06:28.0550 5936	PcaSvc - ok
14:06:29.0034 5936	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
14:06:29.0049 5936	pccsmcfd - ok
14:06:29.0549 5936	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:06:29.0580 5936	pci - ok
14:06:29.0845 5936	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:06:29.0861 5936	pciide - ok
14:06:29.0985 5936	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:06:30.0017 5936	pcmcia - ok
14:06:30.0719 5936	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:06:30.0812 5936	PEAUTH - ok
14:06:31.0514 5936	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:06:31.0623 5936	pla - ok
14:06:31.0904 5936	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:06:31.0951 5936	PlugPlay - ok
14:06:32.0294 5936	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:06:32.0341 5936	PNRPAutoReg - ok
14:06:32.0591 5936	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:06:32.0637 5936	PNRPsvc - ok
14:06:33.0027 5936	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:06:33.0074 5936	PolicyAgent - ok
14:06:33.0511 5936	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:06:33.0542 5936	PptpMiniport - ok
14:06:33.0995 5936	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:06:34.0041 5936	Processor - ok
14:06:34.0681 5936	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:06:34.0728 5936	ProfSvc - ok
14:06:35.0024 5936	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:06:35.0040 5936	ProtectedStorage - ok
14:06:35.0711 5936	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:06:35.0742 5936	PSched - ok
14:06:36.0522 5936	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:06:36.0584 5936	ql2300 - ok
14:06:36.0959 5936	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:06:36.0974 5936	ql40xx - ok
14:06:37.0489 5936	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:06:37.0505 5936	QWAVE - ok
14:06:38.0097 5936	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:06:38.0129 5936	QWAVEdrv - ok
14:06:38.0846 5936	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:06:38.0877 5936	RasAcd - ok
14:06:39.0111 5936	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:06:39.0158 5936	RasAuto - ok
14:06:39.0767 5936	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:06:39.0813 5936	Rasl2tp - ok
14:06:40.0094 5936	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:06:40.0141 5936	RasMan - ok
14:06:40.0921 5936	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:06:40.0952 5936	RasPppoe - ok
14:06:41.0202 5936	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:06:41.0217 5936	RasSstp - ok
14:06:41.0873 5936	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:06:41.0919 5936	rdbss - ok
14:06:42.0528 5936	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:06:42.0575 5936	RDPCDD - ok
14:06:43.0011 5936	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
14:06:43.0043 5936	rdpdr - ok
14:06:43.0261 5936	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:06:43.0292 5936	RDPENCDD - ok
14:06:44.0135 5936	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:06:44.0166 5936	RDPWD - ok
14:06:44.0759 5936	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:06:44.0790 5936	RemoteAccess - ok
14:06:45.0039 5936	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:06:45.0071 5936	RemoteRegistry - ok
14:06:45.0164 5936	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:06:45.0180 5936	RpcLocator - ok
14:06:46.0131 5936	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:06:46.0194 5936	RpcSs - ok
14:06:46.0896 5936	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:06:46.0943 5936	rspndr - ok
14:06:47.0270 5936	RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:06:47.0333 5936	RTL8169 - ok
14:06:47.0567 5936	RTLE8023xp      (bc34024636b0b47f6bbf96da525e307a) C:\Windows\system32\DRIVERS\Rtenicxp.sys
14:06:47.0582 5936	RTLE8023xp - ok
14:06:48.0191 5936	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:06:48.0206 5936	SamSs - ok
14:06:48.0815 5936	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:06:48.0830 5936	sbp2port - ok
14:06:49.0080 5936	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:06:49.0127 5936	SCardSvr - ok
14:06:49.0267 5936	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:06:49.0314 5936	Schedule - ok
14:06:49.0454 5936	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:06:49.0485 5936	SCPolicySvc - ok
14:06:50.0094 5936	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:06:50.0109 5936	SDRSVC - ok
14:06:50.0343 5936	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:06:50.0406 5936	secdrv - ok
14:06:51.0061 5936	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:06:51.0108 5936	seclogon - ok
14:06:51.0342 5936	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:06:51.0389 5936	SENS - ok
14:06:51.0935 5936	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:06:51.0981 5936	Serenum - ok
14:06:52.0262 5936	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:06:52.0309 5936	Serial - ok
14:06:52.0933 5936	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:06:52.0980 5936	sermouse - ok
14:06:53.0276 5936	ServiceLayer    (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:06:53.0307 5936	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
14:06:53.0307 5936	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
14:06:53.0931 5936	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:06:53.0978 5936	SessionEnv - ok
14:06:54.0290 5936	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:06:54.0321 5936	sffdisk - ok
14:06:55.0023 5936	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:06:55.0055 5936	sffp_mmc - ok
14:06:55.0367 5936	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:06:55.0413 5936	sffp_sd - ok
14:06:56.0053 5936	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:06:56.0131 5936	sfloppy - ok
14:06:56.0443 5936	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:06:56.0490 5936	SharedAccess - ok
14:06:56.0973 5936	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:06:57.0005 5936	ShellHWDetection - ok
14:06:57.0317 5936	sisagp          (ff0385da6ad8aa85f45571c55e813c43) C:\Windows\system32\drivers\sisagp.sys
14:06:57.0348 5936	sisagp - ok
14:06:57.0675 5936	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:06:57.0691 5936	SiSRaid2 - ok
14:06:57.0987 5936	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:06:58.0003 5936	SiSRaid4 - ok
14:06:59.0235 5936	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:06:59.0376 5936	slsvc - ok
14:06:59.0953 5936	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:07:00.0000 5936	SLUINotify - ok
14:07:00.0312 5936	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:07:00.0327 5936	Smb - ok
14:07:00.0639 5936	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:07:00.0717 5936	SNMPTRAP - ok
14:07:01.0201 5936	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:07:01.0217 5936	spldr - ok
14:07:01.0482 5936	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:07:01.0497 5936	Spooler - ok
14:07:02.0137 5936	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:07:02.0168 5936	srv - ok
14:07:02.0355 5936	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:07:02.0371 5936	srv2 - ok
14:07:02.0433 5936	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:07:02.0449 5936	srvnet - ok
14:07:02.0933 5936	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:07:02.0979 5936	SSDPSRV - ok
14:07:03.0494 5936	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:07:03.0494 5936	ssmdrv - ok
14:07:03.0869 5936	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:07:03.0900 5936	SstpSvc - ok
14:07:04.0430 5936	StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
14:07:04.0461 5936	StarMoney 7.0 OnlineUpdate - ok
14:07:05.0023 5936	StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
14:07:05.0070 5936	StarMoney 8.0 OnlineUpdate - ok
14:07:05.0413 5936	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:07:05.0444 5936	stisvc - ok
14:07:05.0943 5936	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:07:05.0959 5936	swenum - ok
14:07:06.0318 5936	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:07:06.0365 5936	swprv - ok
14:07:06.0567 5936	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:07:06.0583 5936	Symc8xx - ok
14:07:06.0864 5936	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:07:06.0879 5936	Sym_hi - ok
14:07:07.0145 5936	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:07:07.0160 5936	Sym_u3 - ok
14:07:07.0503 5936	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:07:07.0550 5936	SysMain - ok
14:07:07.0784 5936	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:07:07.0800 5936	TabletInputService - ok
14:07:08.0127 5936	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:07:08.0159 5936	TapiSrv - ok
14:07:08.0627 5936	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:07:08.0673 5936	TBS - ok
14:07:09.0500 5936	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:07:09.0547 5936	Tcpip - ok
14:07:10.0514 5936	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:07:10.0545 5936	Tcpip6 - ok
14:07:11.0232 5936	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:07:11.0247 5936	tcpipreg - ok
14:07:11.0637 5936	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:07:11.0684 5936	TDPIPE - ok
14:07:12.0417 5936	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:07:12.0449 5936	TDTCP - ok
14:07:12.0870 5936	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:07:12.0901 5936	tdx - ok
14:07:13.0572 5936	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:07:13.0587 5936	TermDD - ok
14:07:14.0087 5936	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:07:14.0180 5936	TermService - ok
14:07:14.0430 5936	TestHandler     (76468df7a7a92413a57c998de5c39290) C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
14:07:14.0445 5936	TestHandler - ok
14:07:14.0664 5936	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:07:14.0695 5936	Themes - ok
14:07:15.0194 5936	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:07:15.0241 5936	THREADORDER - ok
14:07:15.0600 5936	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:07:15.0647 5936	TrkWks - ok
14:07:16.0005 5936	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:07:16.0037 5936	TrustedInstaller - ok
14:07:16.0536 5936	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:07:16.0583 5936	tssecsrv - ok
14:07:16.0879 5936	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:07:16.0910 5936	tunmp - ok
14:07:17.0597 5936	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:07:17.0628 5936	tunnel - ok
14:07:18.0423 5936	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:07:18.0486 5936	uagp35 - ok
14:07:18.0876 5936	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:07:18.0907 5936	udfs - ok
14:07:19.0515 5936	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:07:19.0562 5936	UI0Detect - ok
14:07:20.0373 5936	uliagpkx        (6ff5ebc382441e8c8555750c17e17152) C:\Windows\system32\drivers\uliagpkx.sys
14:07:20.0389 5936	uliagpkx - ok
14:07:20.0623 5936	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:07:20.0639 5936	uliahci - ok
14:07:21.0122 5936	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:07:21.0138 5936	UlSata - ok
14:07:21.0621 5936	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:07:21.0637 5936	ulsata2 - ok
14:07:22.0417 5936	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:07:22.0464 5936	umbus - ok
14:07:22.0901 5936	UmRdpService    (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
14:07:22.0916 5936	UmRdpService - ok
14:07:23.0571 5936	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:07:23.0618 5936	upnphost - ok
14:07:24.0227 5936	upperdev        (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
14:07:24.0273 5936	upperdev - ok
14:07:24.0648 5936	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:07:24.0679 5936	usbccgp - ok
14:07:25.0241 5936	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:07:25.0319 5936	usbcir - ok
14:07:25.0724 5936	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:07:25.0755 5936	usbehci - ok
14:07:26.0442 5936	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:07:26.0473 5936	usbhub - ok
14:07:26.0847 5936	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:07:26.0879 5936	usbohci - ok
14:07:27.0659 5936	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:07:27.0690 5936	usbprint - ok
14:07:28.0329 5936	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:07:28.0361 5936	usbscan - ok
14:07:28.0673 5936	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
14:07:28.0704 5936	usbser - ok
14:07:29.0031 5936	UsbserFilt      (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
14:07:29.0078 5936	UsbserFilt - ok
14:07:29.0655 5936	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:07:29.0687 5936	USBSTOR - ok
14:07:30.0030 5936	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:07:30.0061 5936	usbuhci - ok
14:07:30.0669 5936	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:07:30.0701 5936	UxSms - ok
14:07:30.0981 5936	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:07:31.0028 5936	vds - ok
14:07:31.0184 5936	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:07:31.0231 5936	vga - ok
14:07:31.0683 5936	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:07:31.0730 5936	VgaSave - ok
14:07:32.0323 5936	viaagp          (d3314d5db878f62c6b51595f5ad902d9) C:\Windows\system32\drivers\viaagp.sys
14:07:32.0339 5936	viaagp - ok
14:07:32.0697 5936	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:07:32.0744 5936	ViaC7 - ok
14:07:33.0275 5936	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:07:33.0290 5936	viaide - ok
14:07:33.0696 5936	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:07:33.0711 5936	volmgr - ok
14:07:33.0977 5936	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:07:34.0008 5936	volmgrx - ok
14:07:34.0538 5936	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:07:34.0569 5936	volsnap - ok
14:07:34.0741 5936	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:07:34.0757 5936	vsmraid - ok
14:07:35.0193 5936	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:07:35.0303 5936	VSS - ok
14:07:35.0833 5936	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:07:35.0864 5936	W32Time - ok
14:07:36.0566 5936	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:07:36.0644 5936	WacomPen - ok
14:07:36.0894 5936	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:07:36.0925 5936	Wanarp - ok
14:07:36.0941 5936	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:07:36.0972 5936	Wanarpv6 - ok
14:07:37.0721 5936	wbengine        (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
14:07:37.0783 5936	wbengine - ok
14:07:38.0360 5936	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:07:38.0407 5936	wcncsvc - ok
14:07:38.0563 5936	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:07:38.0594 5936	WcsPlugInService - ok
14:07:38.0891 5936	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:07:38.0906 5936	Wd - ok
14:07:39.0405 5936	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:07:39.0468 5936	Wdf01000 - ok
14:07:39.0749 5936	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:07:39.0795 5936	WdiServiceHost - ok
14:07:39.0811 5936	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:07:39.0858 5936	WdiSystemHost - ok
14:07:40.0310 5936	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:07:40.0341 5936	WebClient - ok
14:07:40.0778 5936	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:07:40.0809 5936	Wecsvc - ok
14:07:40.0981 5936	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:07:41.0012 5936	wercplsupport - ok
14:07:41.0324 5936	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:07:41.0371 5936	WerSvc - ok
14:07:41.0605 5936	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:07:41.0636 5936	WinDefend - ok
14:07:41.0636 5936	WinHttpAutoProxySvc - ok
14:07:41.0839 5936	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:07:41.0886 5936	Winmgmt - ok
14:07:42.0011 5936	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:07:42.0057 5936	WinRM - ok
14:07:42.0120 5936	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:07:42.0182 5936	Wlansvc - ok
14:07:42.0245 5936	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:07:42.0276 5936	WmiAcpi - ok
14:07:42.0385 5936	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:07:42.0416 5936	wmiApSrv - ok
14:07:42.0619 5936	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:07:42.0666 5936	WMPNetworkSvc - ok
14:07:42.0744 5936	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:07:42.0775 5936	WPDBusEnum - ok
14:07:42.0915 5936	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:07:42.0947 5936	WPFFontCache_v0400 - ok
14:07:43.0149 5936	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:07:43.0196 5936	ws2ifsl - ok
14:07:43.0337 5936	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:07:43.0368 5936	wscsvc - ok
14:07:43.0586 5936	WSearch - ok
14:07:43.0945 5936	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:07:44.0039 5936	wuauserv - ok
14:07:44.0319 5936	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:07:44.0351 5936	WUDFRd - ok
14:07:44.0553 5936	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:07:44.0600 5936	wudfsvc - ok
14:07:44.0631 5936	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:07:45.0302 5936	\Device\Harddisk0\DR0 - ok
14:07:45.0318 5936	Boot (0x1200)   (bdc45d8d005a8a711f3b73a40a3ae8d2) \Device\Harddisk0\DR0\Partition0
14:07:45.0318 5936	\Device\Harddisk0\DR0\Partition0 - ok
14:07:45.0318 5936	============================================================
14:07:45.0318 5936	Scan finished
14:07:45.0318 5936	============================================================
14:07:45.0333 4488	Detected object count: 1
14:07:45.0333 4488	Actual detected object count: 1
14:08:07.0064 4488	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
14:08:07.0064 4488	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 02.04.2012, 14:24   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.62221.5 - Standard

TR/kazy.62221.5



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/kazy.62221.5
antivir, antivirenprogramm, anweisung, bereinigt, datensicherung, einspielen, erledigt, externer, festplatte, heutige, infos, konnte, nutze, platte, programm, quarantäne, schließe, security, shield, sicherung, spiele, spielen, systemwiederherstellung, tr/kazy, troja, trojaner, windows, würde




Ähnliche Themen: TR/kazy.62221.5


  1. TR/Kazy.423387
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (11)
  2. TR/Kazy.47772.1
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (1)
  3. Gen:Variant.Kazy.88735 (B) ; TR/Kazy.88735.3 ; Artemis!F1ED8568AD5F ; TROJ_GEN.RCBH1IM
    Log-Analyse und Auswertung - 01.11.2012 (1)
  4. Mehrere Viren - kazy.mekml1, kazy.20967, crypt.zpack.gen,... Win Vista
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (3)
  5. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  6. Kazy.mekml1 und TR/Kazy.22376.3
    Log-Analyse und Auswertung - 14.05.2011 (7)
  7. Kazy.mekml.1
    Log-Analyse und Auswertung - 09.05.2011 (19)
  8. TR/kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (5)
  9. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  10. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (37)
  11. Kazy.mekml.1
    Log-Analyse und Auswertung - 29.04.2011 (13)
  12. TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (10)
  13. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 28.04.2011 (1)
  14. TR/kazy.mekml.1
    Mülltonne - 26.04.2011 (0)
  15. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  16. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  17. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 21.04.2011 (3)

Zum Thema TR/kazy.62221.5 - Hallo, Beim heutigen Suchlauf hat Antivir TR/kazy.62221.5 gefunden. Anschließend in Quarantäne verschoben. Ist das damit erledigt oder muss ich sonst noch etwas tun? Zu dieser Form von Kazy konnte ich - TR/kazy.62221.5...
Archiv
Du betrachtest: TR/kazy.62221.5 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.